How Do Encryption Backdoors Work in 2022? Privacy vs Surveillance
Governments the world over want messaging apps like WhatsApp to implement so-called encryption backdoors. However, what are these backdoors, and will they even be used as intended?
Chances are that if you’re reading this you have some kind of messaging app on your phone: WhatsApp, Viber, Telegram — they have all become household names. They’re free to use and have thus become ubiquitous. However, the security protocols that keep your messaging private are a thorn in the flesh of security services who want so-called encryption backdoors installed.
In short, an encryption backdoor is a way for an authorized person to bypass the security protocols of a system — any system. They’re used in all manner of software, but they’re usually named in a single breath with messaging apps, which is what this article will focus on too.
Key Takeaways:
- Governments the world over seem to dislike encryption, citing that some of society’s worst hide behind it. They claim so-called encryption backdoors would be a valuable weapon in the fight against these ills.
- In reality, most government surveillance seems aimed at drug traffickers, according to at least one study by Tutanota.
- The case against backdoors is a lot more solid, with plenty of examples of governments badly overreaching their surveillance powers.
On paper, a backdoor would enable law enforcement to access your secure communications when given enough cause to read what you and your contacts are talking about.
The reason given for government agencies to have this rather impressive power is to combat terrorism or child sexual abuse. However, there’s a lot of room for abuse of these rights and questions have arisen about the use of backdoors.
Simply put, an encryption backdoor lets you bypass any security measures on a system.
Encryption backdoors seem a good idea on paper, but the fact is that any weakness in a system can be exploited, including backdoors.
Backdoors are ideal for surveillance purposes, which is why many governments would like to see them in all encrypted communication software.
What Are Encryption Backdoors?
Let’s first look a little closer at how encryption backdoors work. When you send a message over WhatsApp or one of its alternatives, your message is encrypted and then sent to the receiver. Their WhatsApp client then decrypts the message and displays the message you sent. This process, called end-to-end encryption, happens lightning fast.
As the message travels, it could be intercepted by anybody lurking on the network, but thanks to the encryption they won’t be able to read what the message says; it will just be an unintelligible mess. This can take many forms, but usually is a jumble of numbers, letters and symbols. We talk about this a little more in our description of encryption if you’d like to know the details.
To either encrypt or decrypt a message, you need the encryption key. Without a key, you don’t have a lot of options to read a message. Your best bet at this point is using what’s called a brute-force attack, which is simply trying different possible keys until one works. As there are trillions of options, most brute force attacks could take billions of years to succeed.
Going in Through the Backdoor
There is another way of dealing with encrypted data, namely circumventing it entirely. An encryption backdoor is a built-in system that allows you to bypass the regular way of decrypting a message, usually by using some kind of master password.
A backdoor would have to be built into any app by the developer for this to work; it’s not like anybody else can build a backdoor into an app. It should also be noted that backdoors are often used in prototypes, but there are few, if any, programs that use them after launch.
To bypass encryption like this is an incredibly powerful ability. It allows you to read any messages on any network without needing to know any specific keys. Let’s be clear: An encrypted app with a backdoor is, by definition, no longer encrypted.
However, if you’re in the business of tracking down people and seeing what they’re up to, as most law enforcement agencies are, then an encryption backdoor is perfect. Users can send each other messages that are safe from anybody who is unauthorized on the network, while law enforcement can see what’s going on. From their perspective, it’s a perfect solution.
How Good Are the Good Guys?
Privacy advocates, on the other hand, don’t much like the idea of backdoors. While on paper it may seem like a good idea, in practice there are a lot of problems. Most of these stem from the fact that intrusion is undetectable when a backdoor is used, as well as plenty of real-world issues that would get in the way.
For one, while in most of the world law enforcement would need a warrant to access your messaging history, there’s nothing stopping them from accessing your apps to just take a look. What they find couldn’t be used in court, but they’d still find out what they wanted to know. Because these fishing expeditions would be untraceable, it would be very tempting for police to go on them, illegal or not.
We only need to look at the PRISM scandal for one example where government agencies pretty much did whatever they wanted. Had Edward Snowden not blown the whistle, they would have gleefully kept spying on people’s emails, webcams and other electronics. Giving the NSA (or whatever other alphabet agency) a backdoor just means they’ll spy even more, with or without a warrant.
Protecting Their Own Data
The other problem with giving secret agents exceptional access is that, well, they’re not very good at keeping secrets. This story by NBC News is just one of dozens where classified information was stolen by hackers from government servers. If spooks are given some kind of master code for a backdoor, you can bet that it’ll be stolen within months.
On top of these more practical concerns, there’s also the simple fact that people — all of us — have a fundamental right to privacy. Unless they’re sure you’re hiding something illegal or harmful, the police shouldn’t be allowed to get into your business. It’s as simple as that.
Encryption Protects the Guilty?
However, many governments seem to have a grudge against encryption. Despite the fact that backdoors don’t make much sense from a practical standpoint, countries ranging from the United States to the United Kingdom and Australia are pressuring tech companies to install backdoors. So far, technology companies have been able to fight back, but the pressure hasn’t let up.
Until a few years ago, terrorism was often quoted as the reason why the police should be able to gain access to your messages at any time. This was, of course, nonsense.
Many of the horrible attacks carried out over the years involved people known to the security services. They were still able to carry out attacks, and it’s doubtful that being able to read their WhatsApp messages would have helped.
In fact, most legal surveillance being conducted right now isn’t aimed at terrorists at all. Instead, according to research conducted by Tutanota, most wiretaps are aimed at narcotics traffickers.
Added to that is the fact that if police had power to monitor people’s texts, then terrorists and criminals would simply stop sending texts. A good example can be found in the fictional HBO series The Wire: once the drug dealers figured out the police were on to their phones, they simply dumped them.
However, this doesn’t seem to have deterred governments from campaigning against encryption. In the case of the U.K., they seem ready to open up a new front, namely against child sexual abuse.
The United Kingdom Starts a Crusade
In January 2022, Rolling Stone magazine blew the lid off a U.K. government initiative to take the fight against Facebook and their plans to encrypt Messenger chats. The threat in this case is child predators, who use Facebook Messenger to contact children.
It’s a horrible threat, to be sure, but it’s a little unclear how encryption is to blame. The U.K. government doesn’t seem to know either; rather than convince the public with a reasoned argument, it has instead opted for fear mongering.
Part of the planned campaign is an art installation that will have a child in one glass box and an adult in another. The two will be texting, but as time goes on, the glass will fog up more and more and become opaque. It’s supposed to give us the feeling of being locked out of this conversation.
The thing is, though, it’s not encryption locking us out. At any time the child’s guardians could take the phone out of their hand and see what’s up, or Facebook could make it so adults can’t send messages to kids. There are several ways to solve this issue, and encryption isn’t really the problem.
Final Thoughts: Encryption Backdoors
The upshot appears to be that when it comes to encryption, governments seem to like it as a scapegoat for all manner of ills. However, in the end, encryption protects us all more than it harms us and as such it’s counterproductive — if not downright dangerous — to get rid of it.
Not only do we have a right to privacy: By giving governments encryption backdoors we’re actually making our world less safe. Thankfully, though, there are services that can encrypt text messages, even if Facebook and WhatsApp are forced to adopt backdoors. Let’s hope it will be enough.
What do you think of encryption backdoors? Are they a necessary evil, or anathema to freedom? Do you think there are better ways to combat threats like terrorism and child sexual abuse? Let us know in the comments below and, as always, thank you for reading.
