NSA's Stealing Keys To Mobile Phone Encryption Shows Why Mandatory Backdoors To Encryption Is A Horrible Idea

from the let's-end-this-now dept

Over the last few months, ever since both Apple and Google announced plans to encrypt data on iOS and Android devices by default, there's been a ridiculous amount of hand-wringing from the law enforcement community about requiring backdoors, golden keys and magic fairy dust that will allow law enforcement to decrypt the information on your phone... or children will die, even though they actually won't.

And, of course, yesterday, the Intercept had its big story about how the NSA (with an assist from GCHQ) hacked its way to get access to the encryption keys used on SIM cards on basically all the mobile phones out there, giving those intelligence agencies easy (warrant-free!) access to conversations that most people thought had at least some encryption. These two stories may not seem to be directly connected (we're talking about different kinds of encryption for different things), but in writing about the SIM card story, Julian Sanchez at Cato makes a really good point about why the Gemalto hack underscores why backdoors are a horrendously bad idea: they create a central point of attack to undermine all the security that people rely on.
Finally, this is one more demonstration that proposals to require telecommunications providers and device manufacturers to build law enforcement backdoors in their products are a terrible, terrible idea. As security experts have rightly insisted all along, requiring companies to keep a repository of keys to unlock those backdoors makes the key repository itself a prime target for the most sophisticated attackers—like NSA and GCHQ. It would be both arrogant and foolhardy in the extreme to suppose that only “good” attackers will be successful in these efforts. 
It would be nice to see that the revelation of the NSA undermining one use of encryption led people to realize the stupidity of undermining other forms of encryption, but somehow, it seems likely that our law enforcement community won't quite comprehend that message.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: gchq, mandatory backdoors, mobile encryption, nsa, phone sims, repository, surveillance, target
Companies: apple, gemalto, google


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 20 Feb 2015 @ 12:40pm

    Oh they comprehend the message just fine, but don't care.
    The only thing that will change is their excuse.

    They want that data, no matter the means and will use any excuse to get it.

    reply to this | link to this | view in thread ]

  2. identicon
    Anonymous Coward, 20 Feb 2015 @ 12:41pm

    Proverb

    "The road to hell is paved with good intentions."


    What level are we on?

    reply to this | link to this | view in thread ]

  3. identicon
    Anonymous Coward, 20 Feb 2015 @ 12:58pm

    warrantless-free?

    I think you meant warrantless, or warrant-free, but not both.

    reply to this | link to this | view in thread ]

  4. icon
    Michael Ho (profile), 20 Feb 2015 @ 1:14pm

    Re: warrantless-free?

    Corrected. I picked warrant-free.

    reply to this | link to this | view in thread ]

  5. identicon
    Anonymous Coward, 20 Feb 2015 @ 1:31pm

    You know who says "Give us what we want [encryption keys] or people [children] will die" and then take what they want anyway ? Terrorists.

    I guess the "no negotiating with terrorists" policy has some secret interpretation, since every politician seem to be willing to give them what they want nowadays, even if they already have plenty of it...

    reply to this | link to this | view in thread ]

  6. identicon
    Anonymous Coward, 20 Feb 2015 @ 1:42pm

    Hack everything...

    I want the various spy agencies to step up their game. I want them to hack every little thing that can be hacked. I want the NSA to digitally conquer the world. I want every person on Earth to constantly feel watched; and GUILTY.

    Maybe then the folks in charge will finally understand the scale of the problem they are themselves creating. Maybe...

    Until then, why fight on the loosing side? Hurray for corrupt politicians and unchecked surveillance! To improve efficiency, we could combine all the various agencies into one massive Universal Spy Agency (aka: USA). USA! USA! USA!

    reply to this | link to this | view in thread ]

  7. identicon
    Anonymous Coward, 20 Feb 2015 @ 1:45pm

    Re: Proverb

    Unbought stuffed dogs.

    reply to this | link to this | view in thread ]

  8. identicon
    Anonymous Coward, 20 Feb 2015 @ 2:06pm

    Re: Hack everything...

    I'm going straight and choosing the NSA. I'm looking forward to it already. Gettin' by and looking ahead.

    reply to this | link to this | view in thread ]

  9. icon
    Alien Rebel (profile), 20 Feb 2015 @ 2:50pm

    Re: Proverb

    We missed our exit, keep an eye out for mile markers. I'm hoping we haven't passed Gleichschaltung yet.

    reply to this | link to this | view in thread ]

  10. identicon
    Anonymous Coward, 20 Feb 2015 @ 3:05pm

    Mike, are you a pedophile?



    sad that I have to explain that this is a joke

    reply to this | link to this | view in thread ]

  11. identicon
    Anonymous Coward, 20 Feb 2015 @ 4:43pm

    So why did the NSA not simply do a Lavabit Job on Gemalto, insisting that they give up the keys, because Terrorism!

    "We don't know which key applies to his phone, so give us All the keys."

    reply to this | link to this | view in thread ]

  12. identicon
    Anonymous Coward, 20 Feb 2015 @ 5:11pm

    Re:

    you haven't explained anything

    reply to this | link to this | view in thread ]

  13. identicon
    Anonymous Coward, 20 Feb 2015 @ 9:15pm

    Re:

    "We know someone in Chicago talked to a terrorist yesterday. We can't tell who, or if they are even still here. Therefore, we need every key to every house in Chicago. We also need to make sure no one knows we have their key, or else people will die."

    reply to this | link to this | view in thread ]

  14. identicon
    Anonymous Coward, 21 Feb 2015 @ 3:29am

    Of course those in power won't be able to resist abusing government mandated backdoors/frontdoors. Human history proves such restraint is impossible. Ignoring history leads to it's repeat.

    reply to this | link to this | view in thread ]

  15. identicon
    Anonymous Coward, 21 Feb 2015 @ 5:36am

    After reading the Intercept's "The Great SIM Heist". What I find most troubling is that if the US Gov has access to everyone's private SIM keys. That probably means the FBI or US Marshals can issue remote commands to anyone's cellphone using Stingray devices. Reflashing firmware and/or installing software on a targeted individual's phone. Heck, they could even remotely execute commands by simply flying a Stingray equipped drone over someone's house.

    reply to this | link to this | view in thread ]

  16. icon
    Slinky (profile), 21 Feb 2015 @ 5:55am

    Re: Proverb

    It seems that we're already there.. ;)

    reply to this | link to this | view in thread ]

  17. identicon
    Anonymous Coward, 22 Feb 2015 @ 11:23am

    Re: Hack everything...

    I want the NSA to digitally conquer the world

    It looks like the USA is way beihind...The US State Department can't kick hackers out of its networks.

    reply to this | link to this | view in thread ]

  18. icon
    GEMont (profile), 22 Feb 2015 @ 3:53pm

    Re:

    Well said.

    Its always nice to see that some members of the public are actually using logic to extrapolate the reality from the various disparate headlines, instead of just grabbing a recently crushed sacred cow and riding it to death.

    Kudos. :)

    ---

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Close

Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.