This article written by the CEO of Carbonite, a business that backs up more than 1.5 million businesses worldwide, would have to give up their encryption technology if the legislation proposed by Senators Burr and Feinstein is passed. The legislation they are proposing makes companies provide a “backdoor” to their encryption if a judge deems it necessary. Ali explains that if cyber criminals were to discover these backdoors that it would be like “…building a home with state-of-the-art alarm systems, but then cutting off the power to them.” Ali also says that it would essentially undermine years of progress by engineers in encryption technologies back tracking their progress and making systems ultimately more vulnerable. The government needs to strongly think about cyber security as a whole and see how something like this could plague both the internet and the US economy.
Article: https://hbr.org/2016/09/backdoor-government-decryption-hurts-my-business-and-yours
Jason A Lindsley says
I agree with the position of the Carbonite CEO. This quote from the article really sums up how I feel about this topic:
“I respect the motivation of Senators Burr and Feinstein to protect national security. I agree that national governments should boost their efforts to curb cybercriminal activity. However, I fear the Burr-Feinstein proposal could have just the opposite effect. The broad-reaching approach has the potential to make life easier for cybercriminals and to undermine the very economic prosperity the legislators seek to maintain.”
There are no safe “back doors.” A secret entrance, is still an entrance that could provide intruders, criminals, and unauthorized individuals access to private and confidential information.
Josh Zenker says
I agree with Jason. The Senators’ motivations seem to be coming from the right place, but their approach is misguided. The Harvard Business Review article doesn’t get into the technical reasons for why giving the government a back door into encryption algorithms is a terrible idea, but it’s worth understanding at least on a surface level.
In short, there are many in the government who like to describe these back doors as though they were a key capable of opening only a specific lock. However, encryption does not work like a physical lock and key. If you create a back door for a particular encryption algorithm, you have essentially created a skeleton key for every “lock” which uses that algorithm.
Countless man hours have been spent developing better, stronger encryption algorithms. It would be a catastrophic mistake to undermine that work by intentionally building flaws into our encryption. If there is one lesson to be learned in cyber security, it is that any weapon you create can be used against you.
Shain R. Amzovski says
The Carbonite CEO makes many good points in this article. ” I fear the Burr-Feinstein proposal could have just the opposite effect. The broad-reaching approach has the potential to make life easier for cybercriminals and to undermine the very economic prosperity the legislators seek to maintain.” I agree with Jason. There are no safe “backdoors” if a hole exists, cybercriminals will find a way in.
Wade Mackey says
One thing to keep in mind is that the US government already has this power. Don’t recall the official name, but the process is called “blind subpoena”. Effectively, the feds get a copy of the data and a copy of the vendor keys and the vender is under a gag order forbidding them from notifying the target person or company. This is one of the main issues with some companies that are looking at cloud solutions. So far the only protection seems to be double encyption where the person or company that owns the data uses a separate key to re-encrypt the data inside the cloud providers encryption.
Wade