Government and law enforcement back doors

2020-02-18

in Geek stuff, Internet matters, Rants, Science, Security

One computer security concern is that various insiders — including hardware and software manufacturers, and governments which may compel them to comply — will build back doors into their products to allow the security to be compromised.

Doing this is a terrible idea. A back door put in for government surveillance or police use is also vulnerable to use for any purpose by anyone who discovers it. There’s no way to create strong encryption and security against everyone except the government, so building in back doors means deliberately spreading insecure systems throughout your society. When you deliberately design your systems to be vulnerable to one attacker (however well-motivated and regulated) you inevitably create an attack vector for an unauthorized person. You also face vulnerability if the mechanism of the backdoor is reverse engineered by unregulated agents, like criminal groups or foreign governments. With the degree of espionage focused in high-tech industry, it’s hard to imagine that any government could keep their back door strictly for their own use when well-resourced and determined opponents would also achieve many objectives through access.

The latest high-profile example of such a back door is the revelation that Swiss cryptography firm Crypto AG was secretly owned by the CIA. There have been numerous recent news stories, but the same information was reported in 1995. The National Security Archive has some further context.

Related:

{ 7 comments… read them below or add one }

. February 19, 2020 at 5:37 pm

CIA controlled global encryption company for decades, says report

Swiss government orders inquiry after revelations Crypto AG was owned and operated by US and German intelligence

. February 19, 2020 at 5:38 pm

Revealed: CIA had window into abuses by South American dictatorships thanks to rigged encryption machines

Whether there were opportunities to act, and failures to do so, are among the difficult questions raised by the revelations

. February 19, 2020 at 8:11 pm
. February 19, 2020 at 8:18 pm
. February 21, 2020 at 6:39 pm
. March 7, 2020 at 1:27 pm
. March 9, 2020 at 3:36 pm

Ernst Blofeld, head of Spectre, a global criminal syndicate—a man in need of secret communications—would doubtless also have been wise to Crypto AG, a Swiss company that rose to dominate the global market for cipher machines after the second world war. By the 1990s it was apparent that the firm was in bed with the National Security Agency (NSA), America’s eavesdroppers. The truth, it turns out, was even more remarkable. From 1970 to the 2000s, at least, Crypto AG was wholly owned by the CIA and, until 1993, the BND, Germany’s spy agency, according to the Washington Post. “It was the intelligence coup of the century,” crowed a cia report. “Foreign governments were paying good money…for the privilege of having their most secret communications read.”

The history of intelligence is littered with such front companies, used to collect intelligence or carry out covert skulduggery. “Active Measures: The Secret History of Disinformation and Political Warfare”, a forthcoming book by Thomas Rid, describes how the cia seed-funded and controlled a printing house in Berlin in the 1950s to spread propaganda in the Soviet bloc. It published political pamphlets and news magazines, forged and real, as well as a lonely-hearts newsletter, a women’s magazine, and even publications devoted to astrology and jazz. It was one of many publishing houses and publications around the world that were covertly subsidised by the cia and KGB to spread influence.

Leave a Comment

Previous post:

Next post: