Hide Techdirt is off for the long weekend! We'll be back with our regular posts tomorrow.

What The Intelligence Community Doesn't Get: Backdoor For 'The Good Guys' Is Always A Backdoor For The 'Bad Guys' As Well

from the get-with-the-program dept

Max Eddy, over at PC Mag, has a very interesting article about the experience of Nico Sell, of the company Wickr, talking about how an FBI agent casually approached her to ask if she’d install backdoors in her software allowing the FBI to retrieve information. As the article notes, this is how the FBI (much more so than the NSA) has acted towards many tech companies ever since attempts to mandate such backdoors by law failed (though, they’re still trying). Some companies — stupidly — agree to this, while many do not. Those that do may think they’re helping fight for “good,” but the reality is different. They’re opening up a huge liability on themselves, should the news of the backdoors ever get out, and at the same time, they’re making their own product invariably weaker. As Sell pointed out to the FBI guy, she’d seen hackers piggyback on “lawful intercept” machines and learned:

“It was very clear that a backdoor for the good guys is always a backdoor for the bad guys.”

Bruce Schneier, over at the Atlantic, recently made nearly the same point in talking about the massive costs of all of this NSA surveillance (as well as talking about the near total lack of benefits). There’s the cost of running these programs that are massive. There is the fact that these programs will be abused (they always are). There are the costs of destroying trust in various tech businesses (especially from foreign users and customers). But just as important is the fact that the NSA, FBI and others in the intelligence community are flat out weakening our national security by installing backdoors that malicious users can and will find and exploit:

The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn’t between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it’s between a digital world that is vulnerable to all attackers, and one that is secure for all users.

As Schneier points out, to fix this, we need to recognize that security is more important than surveillance. The surveillance apologists always claim that their goal is security. If so, they have a funny way of showing it. The “solution” they’ve drummed up hasn’t made us any more secure… it’s made us less secure.

Filed Under: , , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “What The Intelligence Community Doesn't Get: Backdoor For 'The Good Guys' Is Always A Backdoor For The 'Bad Guys' As Well”

Subscribe: RSS Leave a comment
30 Comments
out_of_the_blue says:

Hey, Mike: "sunk (or fixed) costs" don't matter!

They don’t care about costs in money or our freedom. Especially not when the resources are skimmed off the very people under the tyranny. That’s part of the inherent evil of gov’t.


Google’s tailoring to YOU can selectively substitute, omit, and lie. You can’t trust anything on the net, neither what you see nor what you don’t see!

06:18:56[h-325-2]

Me says:

This is a good point, Mike.

I turned on the radio today mid-interview with someone (so didn’t catch who) defending the NSA and as usual saying Snowden’s leaks had harmed the U.S. since now the NSA tech exploits (for instance, those on the “shopping” list) are known to foreign agents.

What the idiot failed to realize is that harm was done by the NSA, not Snowden. The NSA forgot its mission to safeguard American technology in introducing these exploits, and the fact that foreign agents might use them is *exactly* the NSA’s fault. A tailored, warrant-driven program would have saved us all the headache of mismanaged and hobbled technology introducing vulnerabilities for the entire world to stumble upon.

mmm says:

Re: Re:

So glad someone else wrote about this. I heard the whole interview and that was an astonishing example of the “harm” caused by the Snowden leaks. My initial reaction was to say (out loud to myself) that this actually seems like a BENEFIT, not a cost. It provides a list of exploits that can now be closed. I don’t think that there’s anyone in the “real” world (i.e., outside the intelligence world) that would assume having exploits in the wild is a GOOD thing. That’s crazy.

The fact that there are whole industries that have grown up around securing systems shows that people value fewer exploits to more exploits. Heck, Google offers rewards. We have industries that pay for audits and certifications and code reviews.

Anonymous Coward says:

Re: Re: Re:

NSA are too gagged to confess to you their “secret” strategy.

Eg, IT Security experts in ’90s might set NSA strategy as…
1, if RSA comms 100% secure for all, baddies keep secrets from NSA
2, if NSA must find a way to read RSA secrets, then backdoor
3, if must abandon backdoor if/when discovered, keep it secret
4, if backdoor leaked, change “secret” strategy (secretly)
5, if RSA falls out of favour, see 4.
6, tech changes so quickly, NSA saves cost if merely “secure enough” or “secure for now”

Hence backdoor security-as-obscurity “can be” a calculated risk. Based on available financing. If NSA isnt a revenue generator able to sustain itself, or fill government coffers.

John Fenderson (profile) says:

Re: Re:

Really, hasn’t the NSA heard that security through obscurity isn’t actually security?

Of course not. Their whole business centers around obscurity.

I want to add, though, that not only is it not actually security, it’s the exact opposite. “Security through obscurity” gives you the illusion of security without the reality of it. This puts you in a less secure position than if you didn’t engage in any security at all, but know it.

weneedhelp (profile) says:

Re: Re: Hey Mike...

I asked Mike for his opinion as a discussion point here on HIS blog.

I would ask the NSA directly but I bet the answer would be:
Dear sir,
REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. Yours truly… NSA.

Anonymous Coward says:

Sadly, I already know of companies having to remove older developer boxes (Dell 1950s and 2950s) due to known compromises now. The costs will add up, and eventually it will effect jobs right here in the US. I guess the only good thing is that these servers are from 2007 and delegated as test boxes now. I’m wondering if business isn’t going to be going to another provider though besides HP or Dell which were named in the reports.

madasahatter (profile) says:

Backdoors

The problem is the NSA has forgotten that backdoors can be discovered and used by the bad guys. But the bad guys will not tell anyone they have discovered the backdoor. So we are left with a situation were no one can say how long some bad guy has been snooping via the backdoor.

There seems to a certain arrogance or more accurately stupidity by the NSA. No one is smart enough to look for any backdoors or security holes and definitely not smart to use them seems to be their belief. My assumption is the bad guys know about most of the insecurities and backdoors and are actively exploiting them.

Anonymous Coward says:

Look what happened to Cisco. All their products have backdoors in them. I doubt the NSA reverse engineered all of Cisco’s binary blobbed firmware, in order to create those backdoors in their routers.

What probably happened, is Cisco allowed the US Gov access to the firmware source-code for their routers. The US Gov probably told Cisco is was vital they have access Cisco’s proprietary source code, for “national security” purposes.

Then the US Gov turns around and finds all kinds of bugs and exploits in Cisco’s secrete proprietary coding, and exploits their products to hell and back.

Never trust hidden proprietary source code, especially if that company is handing over that hidden code over to governments like it’s candy.

Linux fella here says:

“What The Intelligence Community Doesn’t Get: Backdoor For ‘The Good Guys’ Is Always A Backdoor For The ‘Bad Guys’ As Well”

Wait, there is more.

In security, always assume worst case scenario.

Mika Brzezinski’s vigania exam (which Alexander stole from her OBGYN for his collect-it-all program) is not only available to a terrorist wannabe on a dilaup in Somalia.

Gentlemen who redirected brand new CIA drone straight to their driveway in Iran the other day, have it too!

Anon says:

NSA, Back-doors, Computers, Software, & Bitcoin

Bitcoin isn’t safe, either, if the NSA has a built-in “back-door” to every computer. Sure the network may be safe, but individual computers, are not. Plus, bitcoin is no different than FIAT currency – it’s value isn’t intrinsic, but only perceived.

The World is Waking Up to the New World Order
https://www.youtube.com/watch?v=vRpi74qczos

John Fenderson (profile) says:

Re: NSA, Back-doors, Computers, Software, & Bitcoin

if the NSA has a built-in “back-door” to every computer

…which they don’t.

Sure the network may be safe, but individual computers, are not

I think I don’t understand what you’re saying here. There appears to be a false dichotomy between the “network” and “individual computers.” The “network” is just the means by which individual computers talk to each other. Talking about the network being safe while individual computers are compromised makes little sense to me.

But ignoring that, if the network is actually safe then it doesn’t matter if individual computers are compromised because they can’t phone home over the network.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...