Government Backdoors Threat to Security?

Government Backdoors Threat to Security?

Digital encryption has always been known as the best way to keep data from being read by parties who aren’t supposed to be reading the data.  Encryption allows data to be sent over less secure pathways since even if it is intercepted it is useless to the perpetrator.  However, as shown by the Washington Times (2015), some in the U.S. Federal Government and others around the world think that the current encryption standards are a threat to law enforcement like the Federal Bureau of Investigation (FBI) and spying agencies such as the National Security Agency (NSA) and the Central Intelligence Agency (CIA).  Many in the Cryptography and Cyber Security sectors disagree, as well a privacy advocates.

In the mid 70’s, the National Institute of Standards and Technology (NIST); a subordinate organization of the Department of Commerce responsible for creating standards (as the name implies) for a variety of topics, created the Federal Information Processing Standards (FIPS) . In 1994, the FIPS-185 document was the first known encryption standard the government created with a backdoor that supposedly was not available to anyone else to anyone else.  However, cyber security experts at the time disagreed and recently this year introduced recommendations to eliminate the standard altogether.

The real question here is, are we safer with backdoors in our data encryption?  A MIT  report penned by 15 of the leading cryptographers in the world stated that “exceptional” (per New York Times, 2015) access would be detrimental and “such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend.”  If the government thinks that a backdoor would not become a vulnerability that others with lesser intent would not be able to exploit, then they are not quite living in reality.

A good example of this would be anyone who locked the doors to the house when they left, but then leave a key under the doormat or potted plant.  It’s universally known that a burglar with any sort of experience will quickly check those places before forcing his way in.  In the same logic, if the NSA, FBI or any other government entity places a backdoor to an encryption algorithm, it will almost certainly be easier to exploit than the algorithm itself.  If we give those in power exceptional access, then you might as well leave the key
under the doormat.

Given the blunders in federal cyber security over the past years, it is a reasonable deduction that one of four scenarios occur should legislation pass requiring such backdoors:

  1. Someone breaches the federal government and discovers the backdoor
  2. Someone (in a Snowden or Manning-esque manner) leaks the programs
  3. A researcher or hacker discovers the backdoors and goes public with it
  4. Although improbably, everyone that wants encryption moves to the “Dark Web”

References

MIT
New York Times
Washington Times

Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

 

Enter your email address:

Delivered by FeedBurner





Contact Us


Subscribe to our mailing list

* indicates required







About Matthew Eliason

Matthew Eliason was born in Houston, Texas.  Upon graduating from high school, he joined the Navy.  His first tour was as an Information Systems Technician of a 130 client DOD network where he developed the documentation and maintenance procedures from 2007-2012.  In 2012, he transferred shore duty where he serves as a system and security administrator.

He graduates with a Bachelor’s of Science in Information Technology from American Military University in November of 2015. He holds the CompTIA Security+ certification and has extensive experience in DOD Information Assurance (IA) and Cyber Security compliance and procedures.  He enjoys golf, hiking, watching football in his spare time.