Why encryption backdoors spell the death of privacy

What does privacy mean to you? It is not about secrecy, far from it. Privacy is all about control — personal control over the use and disclosure of your personal information. If you want to give it away, be my guest, as long as you make the decision to do so. Someone else may have custody and control over your information (the government or a private sector company), but it doesn’t belong to them — it belongs to you, the data subject, to whom the information relates.

In the online world that rul­es our lives, protection of our data is vital to having any sem­b­lance of privacy, and encrypt­ion of that data is the essential ingredient to preserving our pr­i­vacy. Encryption or coding of one’s data renders the data in­accessible to anyone who doesn’t possess the key to de­c­ode it. Strong, end-to-end encr­y­ption is the ultimate protect­ion of one’s data since it is p­r­o­t­ected from the source to the intended recipient, with no possible interception along the way.

Today, many governments around the world are starting to pressure companies to use en­cryption algorithms with what is called a “backdoor”, that is, where “the State” can have total access to our perso­nal and proprietary informat­ion. In effect, this would ex­p­and the surveillance state be­y­ond anything imaginable today. But beware, surveillance and the threat of aggression are in fact two sides of the same coin that governments use as a means of control.

In many cases, the threat of aggression alone will lead to self-censorship by citizens and has been demonstrated to be a highly effective method of controlling societies. That is why States in modern times engage in surveillance — collecting as much information about citi­z­ens as possible, using rationale such as the fight against terrorism, criminals, and now aga­i­nst disease. But enabling some bureaucrat to gain access to your personal health data co­uld later cause irr­e­p­arable harm. It has never been tr­uer that the road to hell is paved with good intentions.

Backdoors to en­cryption algo­r­ith­ms are not only foolish from a tec­h­nical perspective, but will also lead to the demise of privacy, and ultimately freedom, innovation, and prosperity for society. Just as the disc­overy of penicillin served to save mankind from the ravages of bacterial diseases, encrypt­ion will save us from the rava­ges of authoritarian governm­ent control. In the 21st century, governments control us increa­s­ingly using information, but in­formation is also the lifeblood of our economy. Good encryption denies the State unauthorised access, while still allowing individuals and organisations to function in an information age.

This is not a new occurrence. Dating back to the 1990s, the first backdoor of note was called The Clipper Chip, creat­ed by the US National Security Agency (NSA). It was intended to secure online exchanges but came with a “backdoor” that was intended to allow law en­f­o­rcement to decode online tra­n­smissions, regardless of their encrypted status. I was serving in my role as Privacy Comm­i­s­sioner of Ontario, Canada, at the time, and I recall how the Clip­per Chip was debated at length globally, for well over a year, as to its merits or lack thereof. The overwhelming conclusion reached was that crypto backdoors should not be allowed — Full Stop! The idea of creating backdoors was cate­gorically rejected as a complete and totally unacceptable reach into protected co­m­munications that were encryp­t­ed, end-to-end.

In the words of Jerry Berman, ex­ecutive director of the Electronic Fr­o­ntier Foundat­i­on at the time, the legitimate concer­ns of stripping people of their freedoms by listening in on th­e­ir communications or decr­y­pting electronic messages can­not be overstated: “The idea that the government holds the keys to all of our locks before anyone has even been accused of committing a crime, doesn’t parse with the public.” In short, taking away one’s freedom by decrypting private communications is too great a price to pay for law enforcement to gain access to our personal information without probable cause.

Unfortunately, the attempt to embed crypto backdoors into our online communicat­ions didn’t end with the Clipper Chip. This has continued over the years. In 2015, 15 of the world’s leading cryptographers and data scientists wrote a pa­p­er entitled “Keys Under Door­mats,” to reach the public at large. Just as one might place a key to the front door under one’s doormat, to assist one’s child to enter their home if they lost their key, it would also enable thieves to gain entry into one’s home! This is precisely what a backdoor would do, enabling the “bad guys” to gain access to one’s online communications.

From Australia, and now in India, crypto backdoors are raising their ugly head again, this time under the guise of “traceability” in India. On Feb­ruary 25, 2021, the Indian Min­istry of Electronics and Infor­mation Technology introduced a new class of intermediaries, required to enable identification of the first originator of the message in the country. As the Internet Freedom Foundation in India noted, this new rule, which is mandatory for intermediaries such as Signal, Whats­App, Telegram, etc, “introduces the requirement of traceability which could break end-to-end encryption”. The global creep of invasive surveillance once again signifies the mounting erosion of our privacy, with the goal of breaking end-to-end encryption via crypto backdoors.

Privacy forms the foundation of our freedom. If we wish to preserve free and open soci­eties, then we must preserve the privacy and security of our online communications. End-to-end encryption does just that, allowing us to freely communicate with whomever we wish, without concern that our communications will be accessed by unauthorised third parties. We must insist upon communications being strongly protected and say NO to crypto backdoors.

The writer is Executive Director at Global Privacy & Security by Des­ign Centre and former Infor­mat­ion and Privacy Commissioner for Ontario, Canada