The Backdoor Fallacy: explaining it slowly for governments

I should probably avoid this one, because a) everyone will be writing about it; and b) it makes me really, really cross; but I just can’t*.  I’m also going to restate the standard disclaimer that the opinions expressed here are mine, and may not represent those of my employer, Red Hat, Inc. (although I hope that they do).

Amber Rudd, UK Home Secretary, has embraced what I’m going to call the Backdoor Fallacy.  This is basically a security-by-obscurity belief that it’s necessary for encryption providers to provide the police and security services with a “hidden” method by which they can read all encrypted communications**.  The Home Secretary’s espousal of this popular position is a predictable reaction to the terrorist attack in London last week, but it won’t help.  I literally don’t know a single person with modicum of technical understanding who thinks this is a good idea.  Or remotely practicable.  Obviously, therefore, I’m not the only person who’s going to writing about this, but I thought it would be an interesting exercise to collect some of the reasons that this is monumentally bad idea in one short article, so let’s examine this fallacy from a few angles.

• It always fails – because a backdoor isn’t just a backdoor for authorised users: it’s a backdoor for anyone who can find it.  And keeping these sort of things hidden is difficult, because:
  • academic researchers look for them
  • criminals look for them
  • “unfriendly state actors” (governments we don’t like at the moment) look for them
  • previously friendly state actors (governments we used to like, but we don’t like so much anymore) look for them
  • police and security services mess up and leak them by accident
  • insiders within police and security services decide to leak them
  • source code gets leaked, giving clues to how they’re implemented -for those apps which aren’t Open Source in the first place
  • the people writing them don’t always get it right, and you end up with more holes than you expected***
  • techniques that seem safe now often seem laughably insecure in a few years’ time.

There is just no safe way to protect these backdoors.

• You can’t identify all the providers – today it’s Whatsapp.  And Facebook, and Twitter, and Instagram, and Tumblr, and …  But if I’d asked you for a list a year, or five years ago, what would that list have looked like?  And can you tell me what should be on the list for next week, or next year?  No, you can’t.  And I suspect you (as a learned reader of this blog) are a lot more clued up than the UK Home Office.

• You can’t convince all the providers – and that’s assuming that all of the providers are interested or can be convinced to care adequately to sign up anyway.

• You can’t hit all channels – even if you could identify all the providers, what about online gaming?  And email.  And ssh.  I mean, really.

• The obviousness issue – presumably, in order to make this work, governments need to publish a list of approved applications.  I suspect, just suspect that the sort of bad people who want to get around this will choose to use different apps, or different channels to the approved ones … but so will people who aren’t “bad people”, but just have legitimate reasons for encrypting their communications.

• The business problem – there are legitimate uses for encryption.  Many, many of them.  And they far outnumber the illegitimate uses.  So, if you’re a government, you have two options:
  1. you can convince all legitimate business, including banks, foreign corporations and human rights organisations and everyone who communicates with them to use your compromised, “backdoor-enhanced”***** encryption scheme.  Good luck with this: it’s not going to work.
  2. you can institute a simple, fast, unabuseable red-tape free process by which you hand out exemptions to “legitimate” businesses who you can trust to use non-compromised, backdoor-unenhanced encryption schemes.******

I’m guessing that we don’t expect either of these to fly.

• The “nothing to hide” sub-fallacy – “But if you have nothing to hide, then you have nothing to fear” argument.  Well, I may have nothing to hide from the current government.  But what about future governments?  Have the past 100 years of world history taught us nothing?  Hitler, Franco, Stalin, Perón, … the list goes on and on.  From “previously friendly state actors”?  And from the criminals who are the main reason most of us use encryption in the first place?  Puh-lease.

• The who-do-you-trust question – this leads on from the “police and security services mess up” sub-bullet above.  The fewer people to whom you give the backdoor details, the more hard work and expense there is in using that backdoor for your purposes.  So there’s an obvious move to reduce costs by spreading knowledge of the backdoor.  And governments tend towards any policy which reduces costs, so…  And, of course, the more spread the knowledge, the more likely it is it leak.

• Once it’s gone, it’s gone – and once it’s leaked, it’s leaked, whether by accident or intention (Chelsea Manning, Julian Assange, Edward Snowden, …).  You can’t put this genie back in the bottle.  The cost and complication of re-keying a communications channel for which the key has leaked is phenomenal.  I’m assuming that this is just a re-keying exercise, but if it’s a recoding exercise, it’s even harder.  And how do you enforce that only the new version is used, anyway?

• The jurisdiction issue – do all governments agree on the same key?  No?  Well, then I have to have different versions of all apps I might use, and choose the correct one for each country I travel in?  And ensure that neither I nor any businesses ever communicate across jurisdictional boundaries.  Or we could have multiple backdoors, each for a different jurisdiction?  Let’s introduce the phrase “combinatorial explosion” here, shall we?

Let’s work as an industry to disabuse governments of the idea that this is ever a good idea. And we also need to work them to come up with other techniques to help them catch criminals and stop terrorist attacks: let’s do that, too.

*believe me: I tried.  Not that hard, but I tried.

**they probably want all “at-rest” keys as well as all transport keys.  This is even more stupid.

***don’t get me wrong: this is going to happen anyway, but why add to the problem?

****inverted commas for irony, which I hope is obvious by this state in the proceedings

*****”I can’t even”, to borrow from popular parlance.  This is the UK government, after all.

Author: Mike Bursell

Long-time Open Source and Linux bod, distributed systems security, etc.. CEO of Profian. マイク・バーゼル： オープンソースとLinuxに長く従事。他にも分散セキュリティシステムなども手がける。現在Profianのチーフセキュリティアーキテクト View all posts by Mike Bursell