A Back Door?
What is a back door? Not long ago, we heard a lot in the media about one group needing a back door to the product of another group so we can all be kept safer. Yeah, this column is going to get a little bit technical, geeky. Sorry. But, I’ll try to make it educational and fun.
The one group–specifically Apple–is being pressured by other groups–the Federal Bureau of Investigation (FBI) and the Department of Justice (DoJ)–to allow back door access to a proprietary encryption system used by that first group. Apple designed the encryption system to provide customers (you) a reasonable expectation of security and privacy in their transactions and communications.
Certain events over the last couple of years brought to the surface the FBI’s inability to break the encryption and discover evidence in possible criminal investigation without going through destructive processes that may or may not compromise the physical evidence.
So, people in the FBI voiced their desire for Apple to provide law enforcement a back door to their encryption. Of course, law enforcement would prevent the unauthorized release of the back door. Right?
And, there is the rub.
Let’s examine this from a different angle. Door locks. We all have door locks, right? Front door. Back door. Side door. They all have locks. And, matched to those locks, we have keys with specific combinations of cuts in the little metal shaft. Sometimes we have a different key for each lock, sometimes a set of locks use the same key. You close a door, use the key to lock it and you’re good and secure. That’s the expectation.
The problem is there are ways to bypass the security of the lock and key. One method is lock-picking which requires specific tools, skills, and lots of practice. Another is the use of bump keys. When tapped, bump keys are specially cut keys designed to bounce a lock’s pins so the lock can be opened without having a correctly cut key. It does no damage and leaves no trace of the intrusion.
So, only locksmiths have these bump keys, right? The original concept was for use by locksmiths in the maintenance, disassembly, and repair of locks.
Well, that was the intention. Read that Wikipedia article.
Anyone with a few dollars and access to the Internet can buy any of the various bump keys for all the types of locks. It’s the same with lock picking tools (though the skills are much more difficult to acquire). To be honest, there is a whole field of work and study on breaking the physical locks we make. The purpose of this work is to make locks more effective, more secure.*
But, how secure do you feel now?
So, as technology advances, we have digital locks for our doors. We manage and control these locks through our household network and our smartphones. As we add more and more devices and functions controlled by our smartphones to our homes and lives, we become more dependent on their security. And, we are more threatened by any lapse in security.
A large part of the security provided by the new technology is the end-to-end encryption provided in the Apple smartphone operating system (iOS) and the other platforms in the Apple stable. End-to-end encryption means that from the smartphone to wherever the data is stored or managed, it is encrypted with a very strong algorithm. No point in the process exists where the data is un-encrypted by anyone. The only person with the key to encrypt and decrypt your data is you. Apple does not have the key and cannot see your data.
So, this is what sticks in the FBI and DoJ craw. Even with a court order, Apple cannot provide access to your data without your cooperation. Granted, the FBI could have solved much of their problem with Apple devices had they listened and worked cooperatively with Apple using legal means.
But, is the answer a back door?
Think about it. The FBI is asking Apple for the equivalent of a bump key into the Apple encryption system. To access information related to criminal investigations. Or, get access to our data using secret Foreign Intelligence Surveillance Act (FISA) court warrants. Of course, they won’t access our data illegally and only with probable cause.
And, law enforcement would keep that bump key–er, back door–out of the hands of criminals.
Right. That back door key would be one of the highest priority targets for criminals worldwide. As soon as it gets in the hands of criminals, game over.
So, just how secure would you feel with anyone having a back door key to Apple’s encryption?
If any of this confuses you at all, walk through it one or more times. The issues are real, but the article is an exercise in reframing.
Sometimes, as writers, we have to take an issue and reframe it into another context to get a clearer understanding of what the issue is, what it means, what impact it may have, and even see the truth of it. I brought my experience from information security and learning about lock picking and bump keys to reframe the issue of encryption back doors.
Does this help bring a clearer, better understanding to the issue? Maybe. But it is a great mental exercise and can help in bringing complex issues to a story in a realistic way. For example, build a scenario from the information above to craft a story around someone who just discovers that there is a back door to their device operating system, and criminals now have access to home security, bank accounts, and all manner of information. Talk about horror story material.
(* Yes, I’ve worked with bump keys and lock picking tools as part of my work and research in information security. Information security conferences often have demonstrations on picking locks and using bump keys.)