What The Intelligence Community Doesn't Get: Backdoor For 'The Good Guys' Is Always A Backdoor For The 'Bad Guys' As Well

from the get-with-the-program dept

Max Eddy, over at PC Mag, has a very interesting article about the experience of Nico Sell, of the company Wickr, talking about how an FBI agent casually approached her to ask if she'd install backdoors in her software allowing the FBI to retrieve information. As the article notes, this is how the FBI (much more so than the NSA) has acted towards many tech companies ever since attempts to mandate such backdoors by law failed (though, they're still trying). Some companies -- stupidly -- agree to this, while many do not. Those that do may think they're helping fight for "good," but the reality is different. They're opening up a huge liability on themselves, should the news of the backdoors ever get out, and at the same time, they're making their own product invariably weaker. As Sell pointed out to the FBI guy, she'd seen hackers piggyback on "lawful intercept" machines and learned:
"It was very clear that a backdoor for the good guys is always a backdoor for the bad guys."
Bruce Schneier, over at the Atlantic, recently made nearly the same point in talking about the massive costs of all of this NSA surveillance (as well as talking about the near total lack of benefits). There's the cost of running these programs that are massive. There is the fact that these programs will be abused (they always are). There are the costs of destroying trust in various tech businesses (especially from foreign users and customers). But just as important is the fact that the NSA, FBI and others in the intelligence community are flat out weakening our national security by installing backdoors that malicious users can and will find and exploit:
The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn't between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it's between a digital world that is vulnerable to all attackers, and one that is secure for all users.
As Schneier points out, to fix this, we need to recognize that security is more important than surveillance. The surveillance apologists always claim that their goal is security. If so, they have a funny way of showing it. The "solution" they've drummed up hasn't made us any more secure... it's made us less secure.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, encryption, fbi, nsa, security, vulnerabilities


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    mmm, 9 Jan 2014 @ 11:05am

    Re:

    So glad someone else wrote about this. I heard the whole interview and that was an astonishing example of the "harm" caused by the Snowden leaks. My initial reaction was to say (out loud to myself) that this actually seems like a BENEFIT, not a cost. It provides a list of exploits that can now be closed. I don't think that there's anyone in the "real" world (i.e., outside the intelligence world) that would assume having exploits in the wild is a GOOD thing. That's crazy.

    The fact that there are whole industries that have grown up around securing systems shows that people value fewer exploits to more exploits. Heck, Google offers rewards. We have industries that pay for audits and certifications and code reviews.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.