Backdoors? The FBI ain’t got no backdoors! The FBI don’t need no stinkin’ backdoors!

Encryption. In today’s world, it is a vital part of privacy and security, and should be a part of protecting our communications, our passwords, our location, and everything else we can share online.

In recent years, the Federal Bureau of Investigation (FBI), and other law enforcement partners in the U.S. and internationally, have come under fire from privacy advocates and security leaders for perceived attempts to diminish security by asking for encryption to be weakened or compromised so that law enforcement can gain easier access to possible criminal or terrorist activity. Notably, in recent Congressional testimony, not once but twice in two days before the House and Senate, FBI Director Christopher Wray clearly argued against having backdoors. More on that in a moment. Let’s start with what encryption is.

To start, encryption is an often heard term but one that may leave some uncertain of exactly what it means. To define that, let us use Cloudflare’s definition:

Encryption is a way of scrambling data so that only authorized parties can understand the information. In technical terms, it is the process of converting human-readable plaintext to incomprehensible text, also known as ciphertext. In simpler terms, encryption takes readable data and alters it so that it appears random. Encryption requires the use of a cryptographic key: a set of mathematical values that both the sender and the recipient of an encrypted message agree on.

Cloudflare, What is encryption?

Encryption keeps data private between sender and recipient and denies others from snooping into whatever you may be sharing, whether its your location, your device’s IP address, your text message, your email, your passwords, etc. When possible, encryption should always be used. But this causes a challenge for law enforcement. If they’re conducting an investigation and can’t access the data, then they’re essentially blind and criminals and terrorists could use encrypted communications to conceal their communications from law enforcement’s curious eyes.

Using encrypted platforms isn’t only for criminals! Text communications like Signal, or email such as ProtonMail, or use of a VPN such as ProtonVPN, protect all individuals’ communications and, in some parts of the world especially, are absolutely critical to protect the privacy of citizens from their governments. But even in Western democracies, privacy is important, as is the use of encrypted communications. That is part of the reason why ProtonMail recently received a bit of criticism after sharing information about a climate activist with the French police. Even if a platform provides secure, protected communications, they may be required by law to share information when properly and legally requested by authorities. The ProtonMail example is a good one and more can be read in these two posts:

The FBI and other government partners have called for greater access to encrypted communications for years.

Privacy advocates and security professionals have pushed back, often loudly, against this as ideas about potential backdoors bring on a variety of concerns – including violations of civil rights and the potential that deliberate compromises (“backdoor access) – would certainly create opportunities for criminals and hostile nations to access what should be protected private data.

As citizens and organizations protest potential backdoors and access to encrypted data, many would likely agree that proper legal requests and Constitution-respecting procedures are appropriate and necessary. To that end, Director Wray’s recent remarks are encouraging. On 21 and 22 Sep, Director Wray repeated:

We are not asking for, and do not want, any “backdoor,” that is, for encryption to be weakened or compromised so that it can be defeated from the outside by law enforcement or anyone else. 

FBI Director Christopher Wray

That is encouraging to see. While the FBI does need to be explicit about what they do want, respecting privacy and the need to protect data is a good start. As the FBI works with Congress to achieve its goals, privacy champions such as the Electronic Frontier Foundation (EFF) and reason, will continue to pushback on perceived over-reach to protect the privacy rights and safety of Americans.

And not only privacy advocates, but security professionals have also argued against backdoors as inherently dangerous.

Cybersecurity people have been generally outspoken that backdoors are bad. When governments or intelligence agencies suggest that a phone, cryptography tool, or product have a backdoor installed, both blue and red teams agree that it’s a very bad idea.

Greg Young

After Apple’s chief executive Tim Cook’s claims that “any backdoor is a backdoor for everyone”, the Information Technology Industry Council, which represents 62 of the largest technology companies worldwide, said: “Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety.”

via The Guardian, link above.

These debates are an important part of a free society and healthy as our country, and our world, continue to work through changing technologies, security concerns, and the rights of of the people, as part of the delicate balance between security and privacy. In the meanwhile, consider using platforms that will protect your communications and keep your private information private.

Note One. The title of this post is a variation of an oft quoted line made famous in Mel Brooks’ Blazing Saddles: “Badges? We don’t need no stinkin’ badges!” The longer background on that quote can be read on Wikipedia.

Note Two. The image by OpenClipart-Vectors from Pixabay.