Dark Light

The common refrain for people advancing the cause that says that encryption should have government back-doors is that only people with something to hide need to encrypt their work. If you have nothing to hide, then you have nothing to fear.

Quite apart from that not being true in the general case, in the specific case it’s bad too, and this is why:

The following things use the same kinds of encryption that the government wants to put back doors into:

* Every website you put your credit card number in to.
* Your online bank access
* The communication between the website you put your credit card number in to and your credit card company.
* Your connection to your email
* The ability for home-workers to log in to their company’s network (VPN)

Companies are legally obliged to keep their company secrets secured, workers are contractually obliged (and in some cases also legally) to keep those secrets to the best of their ability.

These measures would grant the government the ability to read – as they flow through the wire – the items above, and even if you believe the government should be allowed to do this, there’s a wider issue.

Governments have, so far, not demonstrated the ability to keep their own documents secure, which would include the details of back-doors into secure systems, and once widely-used standards to encrypt communication are blown open. Even if somehow governments managed to perfect their own security, the known existence of a back-door would encourage the high number of highly intelligent people that have the required technical skills to try and find it, either for intellectual curiosity, or in order to read your data. Basically, it means that the encryption we rely on every day to make our lives easier and be able to do things over the internet, advancements that make things like personal banking and shopping possible for disabled, busy or just lazy people; suddenly become a lot more risky.

Computer security’s taken a bashing in the last year. Several deep investigations into the publically developed libraries that underpin a lot of internet security have resulted in a number of very public and news-friendly panics, and undermined confidence in them in general (To which the response is: Bugs being found – and fixed – is good. I’m happy that smarter people than me can see the code I rely on, and will publicly say if there’s a problem with it, rather than hope nobody notices), but the fact that ISIS, Apple, Google and other reprobates can encrypt their data so that it can’t be recovered in sub-decade timescales means that your credit card data can be stored safely, that your bank is able to offer your balance to your phone, and that companies – maybe yours – can let you VPN in and work from home once in a while; and crippling it is a very high price to pay.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts