Most Cybersecurity Pros Skeptical of “Encryption Backdoors,” New Study Finds
Federal law enforcement agencies are pleading with software and device makers for cryptographic backdoors that will allow them to execute warrant searches on encrypted devices. But most cybersecurity experts believe backdoors will make us less safe.
For years, the cybersecurity community has argued back and forth on a fairly simple issue: should law enforcement have “encryption backdoors” that give them access to consumers’ digital devices?
Federal agencies continue to assure us that such backdoors would be secure and accessible only to legitimate agents with proper search warrants. Meanwhile, device manufacturers, software companies, and cybersecurity experts have argued that backdoors are inherently insecure and fundamentally incapable of giving law enforcement restricted access without creating a security gap for hackers to exploit.
A new survey conducted by the Washington Post’s “The Cybersecurity 202” found that an overwhelming 72% of cybersecurity experts believe that the FBI’s lack of encryption backdoors will not make the country less safe.
These results are interesting, and not for the reasons you might think. The fact is that cybersecurity experts are, in fact, very concerned about the security risks posed by the FBI’s inability to access the encrypted data of terrorists and dangerous criminals. But they’re considerably more concerned by the likelihood that cybercriminals could exploit those same encryption backdoors with ease.
The Case for Backdoors
Agencies like the FBI have been pressuring the U.S. Congress and device manufacturers to give them device-level backdoor access for years and years. Their reasoning is understandable — they want to be able to conduct warrant searches of devices in the possession of known criminals and terrorists. After the San Bernardino shooting in 2015, the FBI was unable to access the shooter’s encrypted iPhone data, making it impossible to learn the identity of his accomplices.
Shortly thereafter, the FBI took Apple to court, demanding that they provide backdoor access to the shooter’s phone. Apple declined, won the court case, and at least one terrorist likely walked free as a result. Thousands of similar instances (the FBI seized nearly 8,000 encrypted devices in 2017) could have produced case-breaking evidence if the Bureau had access to an encryption backdoor.
The Case Against Backdoors
The FBI doesn’t want to search everyone’s devices — just those devices that may contain information that could prevent crimes and save lives. The problem is that in order to gain that capability, they’d need to have backdoors installed on all devices, including those owned by law-abiding citizens. And there’s another group of people who desperately want these backdoors to be opened: cybercriminals looking to exfiltrate data, install malware, perpetrate DDOS attacks, and use any and all manner of sensitive information for illicit purposes.
The issue is often framed as one that pits privacy against security, and the primary ask is that citizens sacrifice one over the other. But some experts believe that encryption backdoors would have a negative effect on both privacy and security. Cryptographer Matt Blaze of the University of Pennsylvania argued that an FBI backdoor would “create far more crime than it would solve.”
A 72% majority of digital security experts surveyed by The Cybersecurity 202 agree. Jamie Winterton, Director of Strategy for Arizona State University’s Global Security Initiative, says the idea of a “golden key” that’s accessible only to the good guys is a myth. He believes an intentional backdoor would be far too easy for cybercriminals and foreign adversaries to exploit.
A New Era
Whichever position you choose to take on the matter, what’s clear is that we’ve entered a new era of extremely potent cybercrime. Both sides of the argument at least agree on that.
And it’s not just private citizens or government actors who are at risk. The enterprise is increasingly a favorite target for cybercriminals, which is why many are turning to certified wireless network experts like Turn-key Technologies (TTI) for help. With a highly-trained team of professionals on staff, we’ve been helping companies across the country counter cybersecurity threats for almost three decades.
Outsourcing your cyberdefense to a managed IT services provider like TTI can bolster your company’s cybersecurity defenses without diverting your in-house IT team’s attention away from their critical day-to-day functions.
You can quickly determine how vulnerable your network is by downloading and completing our free Business Wireless Network Vulnerability Checklist.