Pando

Organizations remind Obama that government 'backdoors' are a terrible idea

By Nathaniel Mott , written on May 19, 2015

From The News Desk

A group of tech companies have written a letter to President Obama urging him not to approve legislation requiring them to add "backdoors" to their products.

See, the government has been frustrated about the increasing use of encryption following the revelation of mass surveillance programs that monitor basically anyone who uses the Internet. So it wants companies to include "backdoors" in their products, effectively providing it with unfettered access to consumer data.

There's a major problem with that proposal: the United States government probably won't be the only entity capable of gathering data via these backdoors. You can't weaken a product's security for one group and expect others not to force -- or, as might be the case, legislate -- their way through that same hole.

That issue is at the crux of the letter sent to Obama. As its authors, which includes advocacy groups, tech companies, and cryptographic experts, explain:

Encryption thereby protects us from innumerable criminal and national security threats. This protection would be undermined by the mandatory insertion of any new vulnerabilities into encrypted devices and services. Whether you call them 'front doors' or 'back doors', introducing intentional vulnerabilities into secure products for the government’s use will make those products less secure against other attackers. Every computer security expert that has spoken publicly on this issue agrees on this point, including the government’s own experts.
The government disagrees. A National Security Agency review panel said in 2013 that it's "unaware of any vulnerability created by the US Government in generally available commercial software that puts users at risk of criminal hackers or foreign governments decrypting their data." That's probably false.

And there's evidence that government policies can have ramifications long after most people have forgotten about them. Just look at the FREAK bug that was re-discovered earlier this year. This bug undermined many people's security, and it was caused by -- yep,  you guessed it -- an ill-advised government policy.

Forcing tech companies to include backdoors in their products is a bad idea. That isn't even conjecture at this point -- FREAK made it an undeniable fact. Tech companies know this. Cryptography experts know this. Hell, even some politicians, like Sen. Ron Wyden, have come out against government backdoors.

This open letter probably won't be enough to convince government officials that backdoors are a bad idea. But it's clear every organization that signed the letter, and many that didn't, will continue to argue against a policy that will likely do far more harm than good.

[illustration by Brad Jonas]