Why Building security backdoors into software is a bad idea

This should be obvious, but on the surface, to reasonable people, this seems reasonable. If bad people are doing bad things and the police can get enough evidence to approach a court, they can get a wire-tapping order, which will allow them to intercept any communications in the mail, or telephone that will allow them to gather evidence against the criminals.

TLDR; the basic idea is flawed and it puts individuals at risk.

This seems like an invasive but reasonable approach to protect public safety, and why software should be different? Why should there not be a master key that opens the encryption locks that criminals are using to conduct their nefarious activities? It is just those pesky software companies preventing the police from protecting us from criminals, who want to do us harm. We should make them change and allow the police to view these hidden communications. This seems reasonable, at least until you think about it.

This basic premise assumes that the ones controlling the master key or even the company that makes the software are infallible, there could never be any bugs, and there could never be anyone in those organisations who could be bribed or coerced to reveal the key, an overworked, stressed, or sleep-deprived individual could never mishandle it. This is building an intentional flaw in a defence, like the infamous drain in Helms Deep from the Lord of the Rings.

and that ended well for the men of Rohan.

This also assumes that the organisation that wants the protection can instruct the organisation that makes the software to make this weakness, and that criminals would not just use something else. True the government could restrict sales of the software to disallow the sale of software without the backdoor in force, but again this assumes that criminals are only going to use software that is legal within that region, because of course criminals are well known for following the law. The basic idea is flawed and it puts individuals at risk.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.