It started a long time ago. People and governments have always wanted to have means for conversing in private and exchange secure messages. And when you see government officials gathering to discuss how to spy on your online communications, you see nothing new.
The problem is that in the digital age you cannot spy on all communications all the time; if you try to, you end up creating a paranoid society and even more paranoid state without actually solving the problem you want to resolve.
How Do Countries Want to Control Online Encryption?
You have probably heard of intelligence alliances like the Five Eyes group of countries, which comprises of the United States, the United Kingdom, Canada, Australia, and New Zealand.
Software developers and online providers, especially ones working with VPN and instant messaging services, are well aware of the Five Eyes’ concerted attempts to breach the encryption of online services provided to both individuals and entities around the globe.
What the members of that group, and many other governments around the world want, is to establish their right to have undeniable access to otherwise private information. They usually cite fighting crime and terrorism as the main reason to request such access.
Governments argue that VPN service providers and companies like Apple, Google, Microsoft or Viber, all of which provide encrypted messaging services, should enable law enforcement to access their communication platforms and create tools to decrypt private messages.
Why Are Backdoors Useless?
The above claims by the state bodies seem noble on the surface but they are utterly pointless from the point of view of both cybersecurity and crime prevention. Why’s that?
Any criminal or conspirator will use only a public communication channel as long as long as they are sure it can transmit a message that bears meaning only to its intended recipient. That applies to both encrypted communications and to public posts exchanged in the form of open, unencrypted text that is there for anyone to read.
Reading a message does not automatically mean you understand what it says – especially, if it’s specifically intended to hide its true meaning.
The average Joe and Jane do not need their communications encrypted because of conspiracy – they simply need privacy.
On the other hand, someone who does want to exchange ill-intended messages will do it with or without the existence of encrypted public channels.
I do not even need a VPN software to hide my location if my message “How are you today?” bears a hidden meaning only to the intended recipient and me. It is as simple as that, so having backdoors to sniff on communication platforms, be they encrypted or not, is mostly useless.
Why Are Backdoors Dangerous?
The uselessness of backdoors does not mean that having access to private messages or having the means to unlock a personal device is a thing we should take lightly.
The contrary is true; backdoors and access to encrypted private messages are primary tools for establishing the rule of state bodies instead of the rule of law. These, of course, are two very different things.
After all, governments do not consist of some superhuman unbiased and non-corruptible law protectors – they are made up of people.
The greatest danger arising from the desire of states to install software backdoors is that in the end, they want to violate the fundamental right of both individuals and businesses to exchange private messages. That is why Apple refused to decrypt a suspect’s smartphone when asked to do so by the FBI – saying that it creates a dangerous precedent.
Moreover, if government agencies get access to backdoors and data decryption tools, they would be unable to protect the data they would obtain from you.
We witness successful takedowns of government websites on a regular basis. Even supposedly secure government databases are sometimes hacked and sensitive data leaked into the dark web.
The problem is that these demands for installing backdoors in communication software and providing access to encryption protocols and algorithms come from people who do not understand the underlying technology.
Yet they still want the big government to oversee every communication that is now protected by VPNs, instant messengers, and social media channels. That is both technically impossible and dangerous from a security and privacy point of view.
How would your government protect your sensitive business information if it cannot secure its own data?
How will your government guarantee that your private data will not end up in the hands of a malicious actor, be it a government official or a competitor?
These are all tough questions to answer, and we see no reasonable arguments in favor of a solution where all your communications will be compromised from the very start by backdoors or access to encryption algorithms you use.