That’s the the software equivalent of the master keys that apartment supervisors use.
The British government is about to give its spy agencies the power to force technology companies to decrypt their customers’ protected data, marking the first move by a major Western power to mandate the use of so-called “backdoors” in commercial technology.
“Under the proposed new powers,” the Telegraph reports, “the spy agencies will be able to obtain a warrant from the Home Secretary that will oblige an internet companies [sic] to break down its encryption protection on a suspect and allow access to his or her communications.”
In order to comply with such an order, tech companies will need to build backdoors in their services’ encryption. Backdoors provide universal access to encrypted data, bypassing the encryption solutions that companies advertise. They are the software equivalent of the master keys that apartment supervisors use to access any unit in a building.
Security experts universally condemn the implementation of backdoors, calling them serious vulnerabilities in encrypted products and warning that they make tempting targets for hackers. A common refrain from the security and privacy communities is that, in the words of Sen. Ron Wyden (D-Ore.), “There’s no such thing as a magic door that can only be used by the good people for worthwhile reasons.”
“Backdoors and other government efforts to weaken encryption undermine the security of the Internet for everyone,” said Alex Abdo, a staff attorney at the American Civil Liberties Union. “Strong encryption is especially important for those most at risk of governmental suppression, such as journalists, dissidents, and human-rights activists. In an era of mass surveillance and crippling cyberattacks, strong encryption is more important than ever.”
Drew Mitnick, policy counsel at the international privacy group Access, agreed.
“The U.K. proposals to expand surveillance powers are an affront to the rights to privacy and expression and create entirely new risks to the security of everyday Internet users,” Mitnick said. “Requiring companies to build encryption backdoors makes users and the technology they depend on more vulnerable to malicious attacks. Law enforcement has many tools to compel the production of necessary information without weakening digital security or limiting fundamental rights.”
Backdoors are especially troubling to security researchers because their universal design magnifies the scope of a security breach. If a malicious actor were to acquire the master key to an encrypted product like the Android operating system, for example, he or she could access any Android device, no matter how the device’s owner had configured it.
In an accident of timing, the United Nations’ human-rights office released a report on the importance of encryption just hours after news about the U.K. backdoor mandate broke.
“Encryption and anonymity enable individuals to exercise their rights to freedom of opinion and expression in the digital age and, as such, deserve strong protection,” reads a summary of the report from the U.N. Office of the High Commissioner for Human Rights.
The Federal Bureau of Investigation, led by Director James Comey, has been pushing for American companies to adopt backdoors, arguing that criminals use commercially available encryption to shroud illicit activities ranging from sex trafficking to terrorism. Comey has warned that criminals are “going dark” by using encryption to put their communications beyond the reach of law enforcement.
Echoing those concerns, the Telegraph notes that British “security and intelligence agencies are concerned that encryption facilities around many online conversations are now so sophisticated they cannot get through to see what suspects are planning.”
The agencies in question are the domestic counterintelligence service MI5, the foreign intelligence agency MI6, and the hybrid intelligence/security agency Government Communications Headquarters, which was implicated in many operations disclosed by former National Security Agency contractor Edward Snowden.
The backdoor measure is part of broader surveillance legislation, called the Investigatory Powers Bill, that will soon be introduced in Parliament. The U.K.’s Conservative Party tried to pass the bill in the past, but the Liberal Democrats, who were part of a coalition government with the Conservatives, blocked it. Now that the Conservative Party is powerful enough to govern the U.K. without a coalition, it does not need the Liberals’ buy-in.
Illustration by Max Fleishman