The discussion of backdoors in encrypted services once again makes the rounds after reports revealed that the UK government is seeking to force Apple to open the ICLOUD End -to -end device (E2E). Employees are said to lean on Apple to create a “backdoor” in the service that would allow government agencies to access The Clear data.
The United Kingdom has had sweeping powers to limit the use of strong encryption by technology operations since a 2016 update to 2016 surveillance powers. According to the report from the Washington PostUK officials have used the Law on Research (IPA) to put demand on Apple-seeking “blanket” access to data that the iCloud Advanced Data Protection (ADP) has been designed to protect against third-party access, including Apple itself.
Apple’s ADP ADP technical architecture is designed in such a way that even the technical giant does not have encryption-harass keys to the use of end-to-end encryption (E2E)-allowing Apple to promise to have “zero knowledge” of Given its users.
A backdoor is a term that usually develops to describe a secret vulnerability inserted into the code to bypass or undermine security measures in order to allow third parties. In the case of iCloud, the order allows UK intelligence agents or law enforcement to gain access to encrypted users’ data.
While the UK government usually refuses to confirm or refuse reports of notifications issued under the IPA, security experts have warned that such a secret order could have global consequences if the iPhone manufacturer is forced to weaken its protection Security it offers to all users, including those outside the United Kingdom.
Once the software is vulnerable, there is a risk of being exploited by other types of factors, they say hackers and other bad actors who want to access bad purposes – such as identity theft or to obtain and sell sensitive data or even for ransomware development.
This can explain why the dominant phrase used around government efforts to access E2EE is this visual removal of a backdoor. asking for a vulnerability be intentionally Added to the code makes the compromise simpler.
To use an example: when it comes to natural doors – in buildings, walls or the like – it is never guaranteed that only the property owner or the main owner will have exclusive use of this entry point.
Once there is an opening, it creates an access capability – one could get a copy of the key, for example, or even force their way, breaking the door down.
The bottom line: There is no perfect selective door that exists to let only one particular person pass. If one can enter, it logically follows that someone else may be able to use the door too much.
The same access risk is valid for the vulnerabilities added to the software (or, indeed, the material).
The meaning of Nobus (“No one except us”) Backdoors has been floating from security services in the past. This particular type of backdoor is usually based on an evaluation of their technical abilities to take advantage of a particular vulnerability that is superior to all others-vomitedly a more secure backdoor that can only be approached exclusively by their own factors.
But by nature, technology and ability are a mobile achievement. The evaluation of the technical potential of unknown others is also almost accurate science. The concept of “Nobus” is in already questionable cases. Any third -party access creates the risk of opening fresh bodies to attack, such as social engineering techniques aimed at targeting the individual by “authorized” access.
It is not surprising that many security experts reject Nobus as a fundamentally wrong idea. Simply put, every access creates a danger. Therefore, the push for backdoors is opposed to strong security.
However, regardless of these clear and current security concerns, governments continue to push for backdoors. That is why we continue to talk about them.
The term “backdoor” also suggests that such requests can be illegal, not public-as backdoors are not entry points that offer the public. In the case of Apple iCloud, a request for encryption compromise made under the UK IPA – through a “technical ability” or TCN – cannot be legally revealed by the recipient. The intention of the law is that any such backdoors is secret from design. (The details of a TCN in the press is a mechanism for circumventing an information block, but it is important to note that Apple has not yet made any public comment on these reports.)
According to the Rights Group Electronic Frontier FoundationThe term “backdoor” dates back to the 1980s, when the backdoor (and “Trapdoor”) were used to refer to secret accounts and/or passwords created to allow an unknown access to a system. But over the years, the word has been used to highlight a wide range of efforts to degrade, bypass or endanger the safety of data activated data.
While the backdoors are back in the news, thanks to the United Kingdom going after Apple’s encrypted backups, it is important to know that data access requirements date from decades.
Back in the 1990s, for example, the US National Security Service (NSA) developed encrypted material for the processing of voice and data messages that had a backdoor baked in it – aiming to allow security services to prevent encrypted communications. The “clipper chip”, as it was known, used a basic mesage system – which means that a encryption key was created and stored by government agencies to facilitate access to encrypted data if the state authorities wanted.
NSA’s attempt to hit chips with baked backdoors failed from lack of adoption after security and privacy reaction. Although the clipper chip is credited with the help of cryptologists’ efforts to develop and spread strong encryption software in an effort to ensure data against excessive defense of the government.
The clipper chip is also a good example where an attempt to impose access to the system was publicly. It is worth noting that backdoors should not always be secret. (In the United Kingdom’s ICloud case, government agents clearly wanted to access without Apple users.)
Add to this, governments often develop emotional propaganda around the requirements for access to data to an offer to comply and/or to exert pressure on the service providers – such as arguing that access to E2EE is essential to combat abuse children or terrorism, or prevent another sad crime.
Backdoors can have a way of returning to bite their creators, however. For example, the hackers supported by China were behind the compromise of federal phone systems last fall-obviously accessing US Telcos and ISP users thanks to a 30-year federal law that had been ordered access to access Backdoor (although, though, although, in this case, non-e2ee data), underlining the dangers intentional rugs in systems.
Governments should also be worried about foreign backdoors that are a danger to their own citizens and national security.
There have been multiple cases of Chinese material and software that are suspected of hosting backdoors over the years. Concerns about the potential risks of backdoor have led to some countries, including the United Kingdom, to take measures to abolish or limit the use of Chinese technology products, such as components used in critical telecommunications infrastructure in recent years. Backdoors fears can also be a powerful motivation.
