This paper argues that the use of backdoors in software is inherently counterproductive and leads to invasion of privacy, either by federal or state governments or by intrusive hackers. The essay outlines encryption’s nature, pointing out that a software backdoor is a secret means of ignoring data authentication. Several examples of known backdoors known to terrorists, criminals, and governments alike are highlighted. Arguments in favor and opposing backdoors are provided, where the Apple Computer, Inc. v. FBI controversy is discussed. Finally, the balancing of harms test as proposed by John Stuart Mill is introduced, where the article concludes that when balancing the opposing positions, the scale tips toward data encryption because an innocent party would suffer the most harm from the existence of a software backdoor.
Academic Editor: Shailendra Dwivedi, OUHSC 975 NE 10th Street BRC-1407 Oklahoma City OK 73104.
Checked for plagiarism: Yes
Review by: Single-blind
Copyright © 2021 Donald L. Buresh, Ph.D., J.D., LL.M.
The authors have declared that no competing interests exist.
Introduction to Encryption
In cryptography, encryption is a mechanism whereby a message or information is encoded to access the data, and unauthorized parties cannot obtain the data.1 Encryption does not prevent an individual from accessing data, but it does stop persons from getting the data’s content.2 With encryption, data is encrypted using a cipher.3 Typically, an encryption scheme employs a pseudo-random encryption key that is created by a pre-specified algorithm.4 Although it is logically possible to decrypt data without a key, it requires considerable technical skill that is usually beyond most people’s grasp.5
Encryption keys can either be symmetric or asymmetric.6 When an encryption key is symmetric, the same key is used to encrypt and decrypt data.7 When an encryption key is asymmetric, one key is used to encode information, and another key is employed to decode data.8 The key used to encrypt data is a public key. It is available for everyone to use, whereas the key applied to decrypt information is called a private key, and only specific individuals possess this key.9 Diffie and Hellman first developed asymmetric keys in 1976.10 A popular asymmetric encryption methodology is Pretty Good Privacy (“PGP”) which Phil Zimmermann created in 1991.11 In 2010, the method was purchased by Symantec Corp. which updates PGP periodically.12
Encryption has existed for thousands of years. Julius Caesar employed a rotating cylinder to form a simple substitution cipher.13 George Washington suggested using so-called “invisible ink” when communicating with his staff.14 During World War II, the Germans created an enigma machine that produced a polyalphabetic substitution cipher that changed daily.15 In 2007, the Computer Security Institute reported that 71 percent of firms employed encryption for some of their data transmissions, while 53 percent of companies surveyed encrypted their data held in storage.16
Cyber-criminals have developed sophisticated attacks in response to encryption, encompassing cryptographic attacks, stolen ciphertext attacks, encryption key attacks, corporate insider attacks, data corruption attacks, data destruction attacks, and ransomware attacks.17 Defenses include data fragmentation and active defense data protection technologies such as moving or mutating ciphertext, thereby ensuring that it is somewhat challenging to identify, steal, corrupt, or destroy.18
One of the essential features of encryption is that it can be used to protect data in transit. Examples include data being transferred over the Internet, mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices, and even bank automatic teller machines.19 Data in transit can be intercepted, but it is pretty challenging to determine the data’s content when it is encrypted.20
Even though data are encrypted, additional techniques are needed to verify whether a message is authentic.21 For example, digital signatures are used to ensure a message’s authenticity through a message authentication code (“MAC”).22 The issue is that a single system design error can be exploited in a successful attack.23 Furthermore, it sometimes happens that unencrypted information can be obtained without decrypting the data.24 The process employs software known as a Trojan after how Odysseus and the Greeks defeated the City of Troy in Homer’s epic poem, The Illiad.25 Data tampering can be avoided by employing digital signatures along with encryption.26
What is a Backdoor?
A backdoor is precisely what the word means. It is a secret method of ignoring data authentication or encryption so that the content of information can be accessed clandestinely.27 A backdoor can be part of a computer program; it can be a separate program or specific hardware.28 One legitimate type of backdoor is where a manufacturer includes a mechanism in its software or device that allows the company to restore user passwords.29 A default password can also serve as a backdoor provided that a user does not alter the password.30
Petersen and Turn first addressed computer subversion in a 1967 American Federation of Information Processing Societies (“AFIPS”) Conference paper.31 The authors talked about a collection of active infiltration attacks that employed “trap door” entry points into a computer system, sidestepping security and allowing seemingly carte blanche to assess data.32 Because of the beginning of public encryption keys, the term “trap door” yielded to the term “backdoor,” particularly in J.P. Anderson and D.J. Edwards’s work in 1979.33
In a computer system where a user logs into a computer, a backdoor could be construed as a hard-coded username and password.34 One application where this kind of backdoor has existed for years is telephone communication software.35 A traditional backdoor is symmetric, where anyone that discovers the backdoor can use it. In contrast, an asymmetric backdoor was pioneered by Young and Yung and can only be accessed by an individual who embeds the backdoor in a computer system.36 It is computationally intractable to find an asymmetric backdoor using a black-box query.37 This type of attack is known as kleptography, and it can be implemented in hardware and software.38 A different kind of backdoor uses a compiler and a set of object-code library routines containing the back door.39 The backdoor becomes part of a program when it is compiled using the object-code library to form an executable program and was alluded to Thompson when he gave his Turing Award speech in 1984.40
When a backdoor is open, it is somewhat difficult to close. One way to counter an attack using a backdoor is to rebuild the system from scratch, creating the executable code by employing a different compiler.41 In practice, this procedure is rarely done by end users due to their lack of computing sophistication.42 Better to create a clean system no matter how annoying this process may seem to be.43
Examples of Backdoors
There are a variety of known backdoors. The United States federal government has proposed that vendors create hardware backdoors so that law enforcement can access the computers and cell phones of known terrorists and other criminals.44 These backdoors include:
The Clipper Chip – This was a device designed by the National Security Agency (“NSA”) that employed a specialized chip known as Skipjack that would give law enforcement access to all encrypted data communications. The chip was introduced in 1993. It was promoted by the government as a voluntary plan but was not well received due to ideological reasons;45
The Clipper Chip II
This was a modification of the Clipper Chip, where it was suggested that the chip employ a 56-bit DES encryption methodology. However, in 1996, the chip failed to win business support because it was felt that 56-bit DES encryption was too weak to stop would-be hackers from successfully attacking devices that contained the chip;46 and
Key Management Infrastructure or Clipper III
This methodology focused on key management infrastructure which was based on the presumption that all public keys would possess a duly authorized certificate. This backdoor met with the same criticism that was levied at Clipper Chip II. Primarily, the proposed 56-bit DES encryption was too weak to ensure the security of an encryption key.47
1. Back Orifice – This backdoor was created in 1998 by the Cult of the Dead Cow. It permitted Windows computers to be remotely controlled over a network;48
2. The Dual_EC_DRBG is a cryptographically secure pseudo-random number generator with a kleptographic private key backdoor that was deliberately put into the NSA’s software. This fact was publically announced in 2013;49
4. Borland Interbase versions 4.0 through 6.0 maintained a hard-coded backdoor that Borland software developers created. The server source code contained a compiled-in backdoor account (i.e., username: “politically” and password: “correct”) that was accessible over a network connection;51 and
5. Juniper Networks contained a backdoor inserted in 2008 to the ScreenOS firmware from versions 6.2.0r15 to 6.2.0r18 and from versions 6.3.0r12 to 6.3.0r20. The backdoor provided a user with administrative privilege.52
Arguments Favoring and Opposing Backdoors
The first subsection discusses the government’s arguments for installing backdoors, whereas the second subsection talks about why the industry opposes backdoors. The government’s statements are based on public safety issues. The industry urges that backdoors are either logically impossible or nullify existing security measures.
Arguments Favoring Backdoors
The arguments by the government in favor of technology companies implementing hardware or software backdoors are practical rather than ideological.53 The government argues that the federal government needs backdoors into these machines because it will make America safer by allowing law enforcement to easily capture and prosecute terrorists and other cybercriminals.54 The government claims will not enhance the ability to thwart the encryption algorithm. There would be a minimal impact on cybersecurity.55
The argument has some merit when the various nation-states are asymmetrically employing cyber-attacks.56 In other words, militarily weaker states are using cyber espionage techniques to gather the information that could be used to help even the economic or military playing field.57 In particular, NSA director Michael Rogers observed that: “if you look at the topology of the attack from North Korea against Sony Pictures Entertainment, it literally bounced all over the world before it got to California.”58 The implication was that if there were technological backdoors both in hardware and software, Sony Pictures together with the government would have substantially mitigated the effect of the attack.59 According to Rogers, the United States government is playing catch-up regarding cybersecurity.60
Furthermore, Christopher Wray, the current director of the Federal Bureau of Investigation (“FBI”), pointed out that at the International Conference on Cyber Security that was held in New York City in 2018 that in 2017, the FBI seized 7,775 devices that it was unable to unlock because of encryption.61 Wray claimed that this was a significant public safety issue because the cases dealt with human trafficking, counterterrorism, organized crime, and child exploitation.62 What Wray desired is encryption that is secure from the outside world but is available only for law enforcement to exploit.63
Arguments Opposing Backdoors
According to Pfefferkorn, a severe problem with the government’s request is that the desired government’s technical requirements are either unclear or unknown.64 In both public speeches and interviews, both then Deputy Attorney General Rodney Rosenstein and the FBI
Director Christopher Wray has requested technological changes in electronic devices that would facilitate improved law enforcement. Rosenstein has suggested that: “manufacturers could manage the exceptional-access decryption key the same way they manage the key used to sign software updates.65” Wray has indicated that electronic devices should provide data security along with lawful access.66 The problem with both of these proposals is that they are pretty vague. Both Rosenstein and Wray were echoing their desire to gain access to electronic devices without the necessity of first obtaining a warrant. Both individuals were recommending that the key to the backdoor be held in safekeeping until law enforcement wanted to access the content of a device.67
Pferrerkorn offered the following four arguments why Rosenstein’s and Wray’s requests do not make good sense.68 First, there are too many law enforcement agencies that would request the backdoor encryption keys for mobile devices.69 Demands for backdoor encryption keys could be made several times in a day.70 In other words, the backdoor encryption would no longer be secure because too many law enforcement people would know what it was.71 The risk of loss could well be catastrophic.72 Second, cyber attackers would probably be able to obtain the key by spear-phishing and whaling.73 Third, the market share of cell phone sales, both in the United States and throughout the world, would decline because security could not be guaranteed.74 Finally, Pfefferkorn aptly pointed out that if the content of a communication is encrypted, law enforcement would have to break the content-encryption code to understand the content of the information on a computer or a mobile device.75
Then there is the issue of metadata. In Carpenter, the Court opined that the government violated Carpenter’s Fourth Amendment rights in obtaining cell phone metadata without a warrant.76Before Carpenter, the government could get cellphone metadata by merely asking for it from the cell phone provider, stating that the data was needed for an investigation. The ruling in Carpenter was relatively narrow because it did not opine on whether the cellphone user or the cellphone provider owned the metadata.77 Strangely, the cellphone user’s property rights were not discussed in the majority opinion even though property rights formed the basis of the Sixth Circuit judgment.78 The good news from Carpenter is contained Justice Gorsuch’s dissent, where he stated that cell phone metadata is the property of cell phone owners.79 His objection is insightful because if cell phone owners have a reasonable expectation of privacy, it is a small step to allowing individuals to control the data about themselves that others can see on the Internet. Currently, based on the sheer volume of metadata, law enforcement can quickly obtain and then infer the content of the data based solely on location metadata.80
Issues with Backdoors and Encryption
First, the government does not need backdoor technology because it already has the technology to break into computers and mobile devices. Second, when conducting a balancing of the harms test81 and applying Mill’s principles contained in On Liberty,82 it is apparent that backdoors do more harm than good.
Counter Example to the Government’s Argument
The government’s arguments in favor of backdoors are seemingly unpersuasive. Consider the Apple Computer v. FBI controversy of 2015-16. On December 2, 2015, Syed Rizwan Farook and Tashfeen Malik killed 14 people and injured 22 others while attacking a San Bernardino County Department of Public Health Christmas party and training event.83 Four hours later, they were both killed by the police in a shootout.84
On February 9, 2016, the FBI revealed that it could not unlock Farook’s iPhone 5C cell phone.85 The FBI asked the National Security Agency (“NSA”) to hack the phone, but the NSA could not do it.86 The FBI then asked Apple to create a new version of the cell phone’s iOS operating system installed on the phone, disabling its security features. Apple refused because of its pro-security policies. The FBI then asked a federal court to require Apple to implement the operating system’s change under the All Writs Assistance Act of 1789, not a warrant nor a subpoena. Apple opposed the order, stating that no government agency had ever issued such a subpoena.87Apple was given until February 26, 2016, to comply with the court order.88
On February 19, 2016, the Department of Justice (“DOJ”) filed a new motion in federal court to compel Apple to comply with the February 9, 2016 court order.89 Because Farook was a San Bernardino County employee, the FBI asked the County to reset Farook’s iCloud password so that the data could be obtained directly from the cloud; however, this procedure prevented the cell phone from copying recent data to the cloud.90
On March 28, 2016, the DOJ made it known that it had unlocked Farook’s iPhone, and the suit against Apple was withdrawn.91 In September 2016, the Associated Press, Vice Media, and Gannet Publishing filed a Freedom of Information Act (“FOIA”) lawsuit against the FBI, demanding that the government agency divulge the organization’s name that had hacked Farook’s iPhone.92 On September 30, 2017, a federal court granted the FBI’s motion for summary judgment, citing that the name of the company and the amount of money to the firm were national security secrets, thereby making the issue moot and no longer ripe for adjudication.93
Based on this example, it is evident that the FBI does not need a backdoor to open up a cell phone.
The Balancing of the Harms
According to John Stuart Mill in his essay on Liberty, an individual has the freedom to think and to emote, including the freedom of speech.94 A person also has the freedom to follow one’s tastes (including immoral tastes) provided that no harm comes to others.95 Thirdly, people have the freedom to unite with others, provided that the individuals are adults, there is no compulsion, and no harm comes to others.96 These three principles promote encryption in communication because a person to think, emote, and speak without fear of governmental interference. Suppose electronic devices have backdoors where the government can intercept messages. In that case, there is the distinct possibility that people will be afraid to speak their minds to other for fear of governmental retribution.
Mill’s objections to government intrusion promote encryption by private companies.97 The reason is that with encryption private firms will protect their customers’ data because the consequence of not protecting the data is an almost immediate loss of business and profits.98 Even if the government is better qualified to defend its citizens, Mill would argue that private organizations should protect customer data because, in the long-run, the profit motive will yield better results than government outcomes.99 Furthermore, the fact that a backdoor encryption key has the potential to encourage an over-reaching and over-powering government, Mill would argue that backdoors should be avoided.100
Consider the balancing of the harms test.101 As the custodian of public safety, the government argues that it has a responsibility to protect American citizens.102The harm to the average American is nebulous because very few individuals are exposed to terrorist attacks.103 In contrast, the existence of a backdoor in a computer operating system or a cell phone almost assures cybercriminals will breach that personal information.104 Thus, employing the balancing of the harms test, the harm to individuals is far more significant than the vague threats to public safety.
Finally, encryption and private keys are much more often than not concerned with private communications among citizens that have nothing to do with law enforcement.105 Also, according to Mill, most actions by individuals do not prejudice the interest of others.106 This means that for the innocent people who would be subjected to government intrusion into their privacy, a backdoor encryption key is a detriment, mainly if cyber-attackers were to discover the key and then use that knowledge for nefarious ends.107 If one considers Mill’s philosophy on liberty and government interference, it becomes readily apparent that Mill would be against backdoor encryption keys. In short, when employing a balancing of the harms test,108 in my opinion, Mill would be against backdoor encryption keys because an innocent individual is a party that would suffer the most harm from the existence of a backdoor.
Therefore, on practical grounds, the government does not need backdoor encryption keys. The Apple Computer v. FBI example demonstrates this conclusion. On ideological and philosophical foundations, as espoused by Mill, there is no good reason for private industry to appease the government by giving it a backdoor encryption key that cyber-attackers would readily discover in short order.
So why does the Justice Department insist that electronics manufacturers insert a backdoor into their products? The answer could be as simple as dollars and cents. The government does not want to pay a consultant or an employee to unlock a mobile device virtually on demand. It seems that the government wants instant access to a mobile device without expending any effort. There could be a nefarious reason that only a conspiracy theorist would imagine. It could be any one of the above reasons or even some other reason. Who knows? But one thing is for sure, the federal government knows.