Research

Government Eavesdropping and Onsite Backdoors

Written by Reflare Research Team | May 4, 2021 4:27:00 PM

In the name of ‘national security’, there continues to be repeated calls for tech organisations to build backdoors into their systems to enable government access. The overarching concern is that corporations use of backdoors will undermine and weaken encryption methods, and there are already efforts to break into web-based encryption protocols, with businesses and regular people being the target.

First Published 16th December 2015  |  Latest Refresh 4th May 2021

Big brother plays nosey neighbour.

4 min read  |  Reflare Research Team

Drivers of Behaviour

In the mid-2010s, terrorist attacks in France and the US led to several debates regarding cryptography, privacy, and government eavesdropping and backdoors. Post-Snowden, it was unlikely that any laws allowing government eavesdropping would pass. However, other ominous efforts to encroach on public privacy were (and still are) a concern, especially cryptographic backdoors within popular social media such as Facebook.

Context

For anyone who doesn’t understand the significance of onsite backdoor access from the government, consider that anything you post whether threatening or just innocuous banter would be read by government officials freely and without any court order. New laws surrounding cryptographic backdoors give government agencies access to even secure communication, which makes any efforts to block eavesdropping useless. 

Social media aren’t the only companies fighting government access. Apple famously replied to a court order stating that it could not unlock iPhones running iOS 8 or higher. This came after the government demanded the company unlock an iPhone seized during a drug case.

It's the Law?

Even more concerning is the push toward banning encryption altogether. The push is backed by government officials who claim that allowing encrypted communication allows criminals and terrorists to communicate securely. These officials claim that they should be able to retrieve decrypted messages and photos. Consider you are making a banking transaction with encrypted communication. The government would be able to read this information regardless of security.

New laws were proposed after it was announced that terrorists used encrypted communication to avoid government detection. Unfortunately, the concept of catching terrorists using these techniques is flawed, because terrorists can add a layer of their own protection knowing that they are under surveillance.

 

Easier to say when you have a US$2T market cap and a tech team of thousands.

Where Will Ultimate Responsibility Land?

As civilians have watched this Government Vs. Big Tech ‘encryption tug-of-war’ play out in the public domain over recent years, many individuals have begun adopting more sophisticated encrypted communications into their everyday life. This behaviour may not necessarily be driven because they feel they have something to hide. However, there are significant social trends where individuals are now acting on valid concerns about just how far governments will reach into their data.

This “only the sceptical survive” mentality across the wider society continues to increase the civilian adoption of more sophisticated encryption methods. This in turn makes genuine government surveillance initiatives more challenging. To deal with this, governments continue to ratchet up the pressure on tech organisations to play along with their backdoor requests. As more backdoors are created, the opportunity for others to exploit these same weaknesses increase.
 
While this is a heated debate, especially among security professionals, it is unlikely that encryption will be completely outlawed. Banking systems would need to be completely redesigned, security standards such as HIPAA and PCI would no longer be legal, and any security guidelines would be rendered obsolete.
 
Additionally, while deliberations continue, we’ve seen an uptick in attacks on government networks. Although it’s likely that a ban on encryption will not succeed today, the future of legalising cryptographic backdoors remains a concern. With such laws allowing this type of access, privacy for consumers will take a huge hit.

As this plays out in political arenas, organisations must still proactively stay on top of all the other ever-evolving issues that directly affect data privacy. To help learn how to mitigate risks of specific attacks and data leaks before they hit, review our research briefs on the following related topics.