It has been a year since the Apple vs. FBI case in which the FBI requested Apple create a backdoor into smartphones, and like clockwork, now the UK home secretary, Amy Rudd, is requesting backdoors into end-to-end encryption services used in Facebook’s texting app, WhatsApp. At this juncture, we can all agree that the issue is finding the right balance between data privacy and national security.
I tend to side with data privacy advocates on these types of conflicts, but I do firmly agree that government agencies have the right to access the data of a known or suspected terrorist. The issue has never been whether governments should have access to a criminal’s data, but in what manner should they be able to access that data.
The big question is, should governments have overreaching powers that allow them to access anyone’s data from any service or device?
Maybe. However, there are a few reasons why creating backdoors into encryption services is counter productive to what intelligence agencies are trying to achieve.
1 – Government Leaks Are An Issue
Intelligence agencies say they want to keep the backdoors to themselves, but the amount of data that is leaked on a yearly basis shows that government agencies can be careless. The recent WikiLeaks about NSA hacking tools is worth considering. If the NSA had the backdoor to iPhones, it is likely, so would the bad guys.
How can you trust intelligence agencies with a backdoor when they’ve shown time and time again that their tactics will be leaked? That's not to say that intelligence agencies want leaks to happen in the first place, but they don't have the best track record.
Even if the backdoors aren’t leaked, hackers can still find these vulnerabilities. By the time it’s realized that criminals have the backdoor, the damage has already been done.
2 – Encryption Backdoors Don't Help Counter Terrorism
If the US or UK government wants a terrorist’s data after the fact, then they should be given ownership of the account by WhatsApp via a court order, rather than jeopardizing the data security of millions of other people by creating backdoors.
By gaining a backdoor, the government can potentially snoop on everyone who uses an encryption product, rather than those who would use it to commit crime. Any criminal that does their due diligence will no longer use that product.
Security Consultant, Troy Hunt, told BBC News, "The encryption debate always rages after a terror incident, regardless of how effective backdoors would have been."
"Even if, say, the UK was to ban encryption or mandate weaknesses be built into WhatsApp and iMessage, those with nefarious intent would simply obtain encryption products from other sources.”
3 – It’s Bad for Business
It’s not really fair to the business community if governments get access to any data they see fit. Businesses want to take pride in the security of their products and services, and these forced measures strip credibility away from businesses and can cause a potential PR disaster.
Even worst, when you compromise one service, users will flock to another. In the case of the WhatsApp vs. the UK, it's likely WhatsApp ends up losing its userbase, hence hurting its value.
At the end of the day, the intelligence agencies already have a lot of power when it comes to accessing private data. Breaking end-to-end encryption with unnecessary backdoors does nothing to help protect citizens, but inadvertently helps criminals and hurts business.