Encryption and Backdoors
This post by Matthew Green on the recently announced Juniper ScreenOS vulnerabilities ends with a few great paragraphs on why it all matters:
For the past several months I’ve been running around with various groups of technologists, doing everything I can to convince important people that the sky is falling. Or rather, that the sky will fall if they act on some of the very bad, terrible ideas that are currently bouncing around Washington – namely, that our encryption systems should come equipped with “back doors” intended to allow law enforcement and national security agencies to access our communications.
One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a back door intended for law enforcement could somehow become a backdoor for people who we don’t trust to read our messages. Normally when we talk about this, we’re concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.
The problem with cryptographic backdoors is not that they’re the only way that an attacker can break intro our cryptographic systems. It’s merely that they’re one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.
So hey, legislators: please don’t ruin the internet. The [hopefully] unintended consequences of outlawing encryption or backdooring it are absurd and would break some of the most important components that allow everday users to transact and communicate online.