What The Intelligence Community Doesn't Get: Backdoor For 'The Good Guys' Is Always A Backdoor For The 'Bad Guys' As Well
from the get-with-the-program dept
Max Eddy, over at PC Mag, has a very interesting article about the experience of Nico Sell, of the company Wickr, talking about how an FBI agent casually approached her to ask if she'd install backdoors in her software allowing the FBI to retrieve information. As the article notes, this is how the FBI (much more so than the NSA) has acted towards many tech companies ever since attempts to mandate such backdoors by law failed (though, they're still trying). Some companies -- stupidly -- agree to this, while many do not. Those that do may think they're helping fight for "good," but the reality is different. They're opening up a huge liability on themselves, should the news of the backdoors ever get out, and at the same time, they're making their own product invariably weaker. As Sell pointed out to the FBI guy, she'd seen hackers piggyback on "lawful intercept" machines and learned:"It was very clear that a backdoor for the good guys is always a backdoor for the bad guys."Bruce Schneier, over at the Atlantic, recently made nearly the same point in talking about the massive costs of all of this NSA surveillance (as well as talking about the near total lack of benefits). There's the cost of running these programs that are massive. There is the fact that these programs will be abused (they always are). There are the costs of destroying trust in various tech businesses (especially from foreign users and customers). But just as important is the fact that the NSA, FBI and others in the intelligence community are flat out weakening our national security by installing backdoors that malicious users can and will find and exploit:
The more we choose to eavesdrop on the Internet and other communications technologies, the less we are secure from eavesdropping by others. Our choice isn't between a digital world where the NSA can eavesdrop and one where the NSA is prevented from eavesdropping; it's between a digital world that is vulnerable to all attackers, and one that is secure for all users.As Schneier points out, to fix this, we need to recognize that security is more important than surveillance. The surveillance apologists always claim that their goal is security. If so, they have a funny way of showing it. The "solution" they've drummed up hasn't made us any more secure... it's made us less secure.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, encryption, fbi, nsa, security, vulnerabilities
Reader Comments
Subscribe: RSS
View by: Time | Thread
Hey, Mike: "sunk (or fixed) costs" don't matter!
Google's tailoring to YOU can selectively substitute, omit, and lie. You can't trust anything on the net, neither what you see nor what you don't see!
06:18:56[h-325-2]
[ link to this | view in chronology ]
Re: Hey, Mike: "sunk (or fixed) costs" don't matter!
[ link to this | view in chronology ]
I turned on the radio today mid-interview with someone (so didn't catch who) defending the NSA and as usual saying Snowden's leaks had harmed the U.S. since now the NSA tech exploits (for instance, those on the "shopping" list) are known to foreign agents.
What the idiot failed to realize is that harm was done by the NSA, not Snowden. The NSA forgot its mission to safeguard American technology in introducing these exploits, and the fact that foreign agents might use them is *exactly* the NSA's fault. A tailored, warrant-driven program would have saved us all the headache of mismanaged and hobbled technology introducing vulnerabilities for the entire world to stumble upon.
[ link to this | view in chronology ]
Re:
The fact that there are whole industries that have grown up around securing systems shows that people value fewer exploits to more exploits. Heck, Google offers rewards. We have industries that pay for audits and certifications and code reviews.
[ link to this | view in chronology ]
Re: Re:
Eg, IT Security experts in '90s might set NSA strategy as...
1, if RSA comms 100% secure for all, baddies keep secrets from NSA
2, if NSA *must* find a way to read RSA secrets, then backdoor
3, if must abandon backdoor if/when discovered, keep it secret
4, if backdoor leaked, change "secret" strategy (secretly)
5, if RSA falls out of favour, see 4.
6, tech changes so quickly, NSA saves cost if merely "secure enough" or "secure for now"
Hence *backdoor* security-as-obscurity "can be" a calculated risk. Based on available financing. If NSA isnt a revenue generator able to sustain itself, or fill government coffers.
[ link to this | view in chronology ]
Really, hasn't the NSA heard that security through obscurity isn't actually security?
[ link to this | view in chronology ]
Re:
Of course not. Their whole business centers around obscurity.
I want to add, though, that not only is it not actually security, it's the exact opposite. "Security through obscurity" gives you the illusion of security without the reality of it. This puts you in a less secure position than if you didn't engage in any security at all, but know it.
[ link to this | view in chronology ]
Hey Mike...
[ link to this | view in chronology ]
Re: Hey Mike...
They're ALLL Bad Guys.
Good Guys went extinct decades ago.
[ link to this | view in chronology ]
Re: Re: Hey Mike...
[ link to this | view in chronology ]
Re: Re: Re: Hey Mike...
[ link to this | view in chronology ]
Re: Hey Mike...
[ link to this | view in chronology ]
Re: Hey Mike...
[ link to this | view in chronology ]
Re: Re: Hey Mike...
-
I would ask the NSA directly but I bet the answer would be:
Dear sir,
REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. REDACTED. Yours truly... NSA.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
too late
[ link to this | view in chronology ]
Re: too late
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Backdoors
There seems to a certain arrogance or more accurately stupidity by the NSA. No one is smart enough to look for any backdoors or security holes and definitely not smart to use them seems to be their belief. My assumption is the bad guys know about most of the insecurities and backdoors and are actively exploiting them.
[ link to this | view in chronology ]
Security is NOT NSA's goal - penetration is.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
What probably happened, is Cisco allowed the US Gov access to the firmware source-code for their routers. The US Gov probably told Cisco is was vital they have access Cisco's proprietary source code, for "national security" purposes.
Then the US Gov turns around and finds all kinds of bugs and exploits in Cisco's secrete proprietary coding, and exploits their products to hell and back.
Never trust hidden proprietary source code, especially if that company is handing over that hidden code over to governments like it's candy.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Bipartisanhip
[ link to this | view in chronology ]
Wait, there is more.
In security, always assume worst case scenario.
Mika Brzezinski's vigania exam (which Alexander stole from her OBGYN for his collect-it-all program) is not only available to a terrorist wannabe on a dilaup in Somalia.
Gentlemen who redirected brand new CIA drone straight to their driveway in Iran the other day, have it too!
[ link to this | view in chronology ]
I wonder if that is the goal
[ link to this | view in chronology ]
"It was very clear that a backdoor for the *bad* guys is always a backdoor for the bad guys."
Ftfy
[ link to this | view in chronology ]
NSA, Back-doors, Computers, Software, & Bitcoin
The World is Waking Up to the New World Order
https://www.youtube.com/watch?v=vRpi74qczos
[ link to this | view in chronology ]
Re: NSA, Back-doors, Computers, Software, & Bitcoin
...which they don't.
I think I don't understand what you're saying here. There appears to be a false dichotomy between the "network" and "individual computers." The "network" is just the means by which individual computers talk to each other. Talking about the network being safe while individual computers are compromised makes little sense to me.
But ignoring that, if the network is actually safe then it doesn't matter if individual computers are compromised because they can't phone home over the network.
[ link to this | view in chronology ]