UPDATE: Interesting question: Right now, the government has the benefit of secrecy when they spy on our internet traffic with laws like the U.S. Patriot Act. If they want to be able to decrypt your messages and the app doesn’t have a back door, they would have to come to you and ask for your key, which you may or may not give them, but the authorities are no longer able to conduct their spying clandestinely. I assume their first tactic would be to threaten the software vendor. If, for example, the vendor and the attackers are from some country like Russia, China or Iran, my guess is that this tactic would not work out very well – nor would they want to reveal to those countries who they are spying on.
I further assume that their second tactic would be to hack into the vendor’s development or production environments and insert their own back doors with who knows what ramifications to the vendor.
According to Infosecisland, British Prime Minister David Cameron said that the Brits would pursue banning encrypted messaging apps if the providers did not give them a back door to get around the crypto.
Two apps that they want to ban are Snapchat and Whatsapp.
The U.S. Department of Defense testified before the House Armed Services Committee recently and said that they too were concerned.
The FBI has been asking for several years for laws that require encrypted apps to have a passkey for them, but up until now, Congress has not been in the mood to give them that.
In the 1990s, there was a strong move towards something called the Clipper chip, which would have given them that exact back door. That would work if encryption was performed in hardware, but today, it is usually performed in software.
Many European politicians are demanding that companies like Google and Facebook spy on their users even more than they do now, but, so far, they have refused as best we know.
Besides the obvious problem of getting a jihadist who is committed to blowing up your entire country to follow a law that says he or she should only use software that has a back door, there are more than a few other problems with this plan.
If Cameron is reelected in May, he said that he would:
- Ban encrypted online communications without back doors (that is a lot more than snapchat and whatsapp)
- Require ISPs and telecom companies to archive huge quantities of customer data for long periods of time
The ISPs have long complained that the government wants them to keep all this stuff, but the government does not want to pay for all that storage (Whatsapp alone, generates 25 billion messages a day, for example).
Exactly how, for example, they plan to force an app developer in say, Hungary or better yet, China, to give them the keys to his crypto is not clear.
This would probably be a good time to remember than Ben Franklin quote: