Discussion in 'Article Discussion' started by bit-tech, 24 Jul 2019.
As I keep saying every time this comes up:-
"One LEA's backdoor will quickly become EVERY 1337 h4xx0r's catflap!"
Encryption with a backdoor defeats the point of encryption. Although it's not like governments ever make any mistakes with data.
We should sue them for copyright infringement, clearly the UK suggested it first (after having stolen the idea from the Chinese)
I was thinking about the issues with threat response this would cause.
Imagine the scenario when (not if) these backdoor's are leaked.
"Oh no!" says our large company "Quick we need to shut off access before all our (and other peoples) data is skimmed".
"HoLD oN A miNuTe!" says the Government.
"According to law, you are required to give us access at ALL times otherwise you will be prosecuted! I mean, you could be hiding something!"
So, the company has to wait for the wheels of bureaucracy to turn and agreements to be made before they can remove access and give the Government an alternate access pathway.
Meanwhile, 1337 h4xx0r (thanks IanW) has been downloading Terabytes worth of personal identifiable information.
In another scenario, how would government access be positively identified?
You are literally adding a 'man in the middle' which enables a great number of additional points of failure in the system.
If someone is smart enough to get hold of this 'Tool' or 'Login Information', then they are also smart enough to make it appear that the use of these backdoor's is legitimate.
If Government agencies are not smart enough to come up with their own tools or backdoor's for open-source encryption systems, why does anyone think they are smart enough to secure their own 'man in the middle' access from attackers.
Its like someone taking a driving test and concluding,
"Its not my fault I failed, the standards are just too high. You should make an exception for me, I'm not going to hurt anyone"
Is that a safe driver?
They don't even have to be smart, they just have to work at the company that created the beckdoor.
Tinfoil hat stuff?
Nah, it has already happened:
Going on some past data breaches it would probably be months before anyone found out they had leaked.
Governments are even more lax with their data than savvy users out in the wild. How on earth are we supposed to trust them that these backdoors won't be leaked to neer-do-wells? (or just found by coders?)
If it can be abused by people, it WILL BE ABUSED by people. Simple.
Also if you're a ne'er do well... do you go to the effot of finding/making a hole in the security, or make a bee-line for the flimsy door you know [now] exists and attempt to kick it in.
Dodgy piece of **** known for acting against public interest does something not in the publics interest.
I miss the good ol' days when we pilloried the soviets for spying on their citizens and talked about the sacred importance of individual privacy.
If big business is being fined for losing customers data, and the US wants access to all data ... what happens when the inevitable happens and the backdoors are discovered?
If the government promised to be tough on crime then the person responsible will become Education Secretary.
It'll be okay. It will be illegal for non-government entities to access the backdoors, so safety is assured!
Besides, as the attorney general points out, they can steal your data through software bugs anyways, so this isn't worse.
(The sarcasm here is dripping so much I'm standing in a puddle of it.)
Separate names with a comma.