What it is: Backdoors to encryption provide a way to read encrypted data without knowing the password.
California, Florida, New York, and other states are proposing laws mandating the availability of encryption backdoors. This essentially highlights the dangers of passing laws on topics without fully understanding the consequences.
To better understand the encryption debate, you need to understand how encryption works. Encryption scrambles data so it can’t be read by anyone unless they know the password. Theoretically, all encryption is breakable but the standard technique for cracking encryption is called brute force. That means you exhaustively try every possible password until you happen to find the right one.
With weak encryption, computers can exhaustively search all possible passwords and eventually find the right one within a reasonable amount of time within hours, days, or months. With strong encryption, computers can still exhaustively search all possible passwords, but it may take millions of years. That effectively makes encryption unbreakable.
One early form of encryption was called the Data Encryption Standard (DES), which thwarted brute force attacks for decades. Then as PCs got more powerful, it became possible to brute force DES encryption. The first attempt to brute force DES encryption took 96 days. The next took 39 days. In 1998, the Electronic Foundation Frontier (EFF) created a computer called Deep Crack that broke DES encryption in 56 hours. An improved version of Deep Crack took only 22 hours.
So any form of encryption will eventually be broken by more advanced computers. The problem right now is that today’s strong encryption standards, such as the Advanced Encryption Standard (AES) cannot be cracked within a reasonable amount of time. It can still be cracked, but it might take thousands of years at least to do so.
That’s why governments want encryption backdoors that allow them to read encrypted data without knowing the password. Here’s the big problem with backdoors of any kind. If they exist, someone will always find it and find a way to exploit it. That essentially eliminates the purpose of encryption, which is to safeguard data.
So the encryption debate really boils down to whether people should have access to encryption or not. Encryption backdoors can keep data safe from most people, but it also provides a wide open hole to knowledgeable people (both good and bad) who can then read your data without your permission.
Encryption backdoors can help the police and other government authorities, but it also opens the possibility of government abuse of their authority and malicious hackers who will eventually find this backdoor and exploit it for their own purposes. That means encryption will be weaker and less secure for everybody.
For those who want encryption backdoors, it will make the job of law enforcement easier but it will make everyone’s data less secure.
For those who oppose encryption backdoors, it will make the job of law enforcement harder but it will make everyone’s data more secure.
So the debate really boils down to how much we trust government authorities and how much security we’re willing to give up. For people who don’t trust the government, encryption backdoors make no sense. For people who do trust the government (despite years of evidence proving they cannot always be trusted), encryption backdoors are worth the price of less security.
Do you trust the government? Ask the people living under dictatorships such as North Korea how much they trust their government. Now ask people living in the United States, such as Muslims or blacks, how much they trust the government. Native Americans have long been cheated by treaties that the US government blatantly broke because the Native Americans had no political power.
If you trust the government, tell everyone why and dispute the evidence from the past that shows when government authorities overstepped their boundaries. Then let us know why we should trust the government in the future.
To read more about the encryption backdoor debate, click here.