NSA's Stealing Keys To Mobile Phone Encryption Shows Why Mandatory Backdoors To Encryption Is A Horrible Idea

from the let's-end-this-now dept

Over the last few months, ever since both Apple and Google announced plans to encrypt data on iOS and Android devices by default, there’s been a ridiculous amount of hand-wringing from the law enforcement community about requiring backdoors, golden keys and magic fairy dust that will allow law enforcement to decrypt the information on your phone… or children will die, even though they actually won’t.

And, of course, yesterday, the Intercept had its big story about how the NSA (with an assist from GCHQ) hacked its way to get access to the encryption keys used on SIM cards on basically all the mobile phones out there, giving those intelligence agencies easy (warrant-free!) access to conversations that most people thought had at least some encryption. These two stories may not seem to be directly connected (we’re talking about different kinds of encryption for different things), but in writing about the SIM card story, Julian Sanchez at Cato makes a really good point about why the Gemalto hack underscores why backdoors are a horrendously bad idea: they create a central point of attack to undermine all the security that people rely on.

Finally, this is one more demonstration that proposals to require telecommunications providers and device manufacturers to build law enforcement backdoors in their products are a terrible, terrible idea. As security experts have rightly insisted all along, requiring companies to keep a repository of keys to unlock those backdoors makes the key repository itself a prime target for the most sophisticated attackers?like NSA and GCHQ. It would be both arrogant and foolhardy in the extreme to suppose that only ?good? attackers will be successful in these efforts. 

It would be nice to see that the revelation of the NSA undermining one use of encryption led people to realize the stupidity of undermining other forms of encryption, but somehow, it seems likely that our law enforcement community won’t quite comprehend that message.

Filed Under: , , , , , , ,
Companies: apple, gemalto, google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA's Stealing Keys To Mobile Phone Encryption Shows Why Mandatory Backdoors To Encryption Is A Horrible Idea”

Subscribe: RSS Leave a comment
Anonymous Coward says:

You know who says “Give us what we want [encryption keys] or people [children] will die” and then take what they want anyway ? Terrorists.

I guess the “no negotiating with terrorists” policy has some secret interpretation, since every politician seem to be willing to give them what they want nowadays, even if they already have plenty of it…

Anonymous Coward says:

Hack everything...

I want the various spy agencies to step up their game. I want them to hack every little thing that can be hacked. I want the NSA to digitally conquer the world. I want every person on Earth to constantly feel watched; and GUILTY.

Maybe then the folks in charge will finally understand the scale of the problem they are themselves creating. Maybe…

Until then, why fight on the loosing side? Hurray for corrupt politicians and unchecked surveillance! To improve efficiency, we could combine all the various agencies into one massive Universal Spy Agency (aka: USA). USA! USA! USA!

Anonymous Coward says:

After reading the Intercept’s “The Great SIM Heist”. What I find most troubling is that if the US Gov has access to everyone’s private SIM keys. That probably means the FBI or US Marshals can issue remote commands to anyone’s cellphone using Stingray devices. Reflashing firmware and/or installing software on a targeted individual’s phone. Heck, they could even remotely execute commands by simply flying a Stingray equipped drone over someone’s house.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...