Ever since FBI vs Apple two years ago, the debate over government access to encryption backdoors has been heating up. Government officials are ramping up the rhetoric, going so far as to declare that mobile encryption was an “urgent public issue.” The debate reached a comedic peak when British MPs who were pushing for government backdoors were seen to leave their own front doors open. It’s events like this that make us wonder how much we should trust government officials, who know very little about encryption, to mandate its use. Or, in the case of Russia, to take control and enforcement into their own hands. More on that later.
Not surprisingly, most security professionals think government backdoors are a “bad idea. "If governments can access an encrypted technology, then cyber criminals may not be that far away from doing the same. The cyber security press tend to agree, expressing a marked wariness of government backdoors. But it’s perhaps the audience that matters most to government officials that they should be most concerned about. Most of the consumers (i.e. voters) that Venafi surveyed were skeptical of government backdoors.
The escalation of government intrigue about encryption has sharpened the debate. In fact, some have even called it a war on encryption. At face value, the intent of governments’ may appear noble. Their nominal goal is to improve security for citizens. But in this fight between privacy and security, it’s all too easy to envision a result where citizens lose and governments sacrifice privacy for intelligence. In fact, intelligence may be too soft a word for the type of espionage that may be implied by the recent Russian government’s attempt to blog the messaging app Telegram.
On Friday, Russia’s communication agency, Roskomnadzor, asked courts to block access to Telegram. With more than 13 million users, Telegram is one of Russia’s most popular messaging apps. Russian officials escalated their response when creators of Telegram refused to provide encryption keys, or an equivalent backdoor that would allow the Russian state to monitor texts or calls using Telegram.
Roskomnadzor launched efforts to block Telegram on Monday, April 16. Cointelegraph, reports that the authority started blocking nearly 20 million Google and Amazon IP addresses. But as of April 17, “Russia’s Telegram users say that the app still works without applying any additional means of circumventing the block, such as proxy and VPN services.”
According to The Guardian, “Telegram is widely used by the Russian political establishment, and prominent politicians and officials have openly flouted or criticised the ban. Data from the app showed several Kremlin officials had continued to sign in on Tuesday evening, four days after a court ordered the service to be blocked over alleged terrorism concerns.”
My colleague at Venafi, Broderick Perelli-Harris, wrote an excellent opinion on the Russian attack on Telegram. I encourage you to read the full article in The Hill where Broderick hints at the altogether non-altruistic intent of such a move.
“End-to-end encryption on smartphones, tablets and laptops, where only the users have the encryption keys, effectively blocks state spying. In the post-modern world, whoever controls the keys and the certificates that secure communications holds all the cards. And Telegram’s real sin is that it gives that power to individual Russian citizens, not the Russian state.”
Broderick also warns that if a government gains access to encryption backdoors, then there is an increased risk of organized criminal groups, or even contacts within the state, also gaining access to private conversations.
Are you concerned about the implications of government backdoors? Read Broderick’s opinion in The Hill.