Encryption Backdoor
An Encryption Backdoor is the concept of building in an alternative method of accessing data, allowing an unauthorized user to bypass security precautions and undermine the intended purpose of data encryption. Encryption is a form of Information Security where information is manipulated via algorithms, preventing sensitive information from being read if intercepted by an unauthorized recipient. Successful encryption will involve a pseudo-random and complex key possessed by the intended recipient of the information, allowing them to read it. An encryption backdoor has the implications of creating a master key, capable of being replicated to breach a variety of encrypted devices.
Contents
History of Encryption
The first documented display of written encryption was utilized in Egyptian hieroglyphs dating back to 1900 BC. Since then, populations around the world have used various means of altering messages to protect invaluable information from being deciphered. [1] In 1977, the United States adopted the Data Encryption Standard, a 56-bit key algorithm IBM developed, later modified by the National Security Agency. [2] DES was later replaced by the superior 168-bit key Advanced Encryption Standard, approved in 2001 by the United States government for classified information. [3]
Cases
Bernstein v. US Department of Justice
As a Ph.D. candidate, Professor Daniel J. Bernstein developed “Snuffle” an encryption algorithm at the University of California at Berkeley. [4] In 1993, Bernstein confronted the existing government export mandates on encryption software by suing the State Department. The existing policy, dating back to the Clinton Administration, considered distribution of encryption schemes to be a punishable criminal act without government sanction, resulting in up to $1 million in fines and 10 years in prison. [5]Bernstein argued the policy greatly hinders in person collaboration, violating his First Amendment rights and interfering with his cryptography and computer security research. In 1997, Judge Marilyn Hall Patel concluded that source code is protected speech, therefore “the encryption regulations are an unconstitutional prior restraint in violation of the first Amendment.” [6]
Apple iPhone Case
Apple Inc. is among the world's largest information technology companies, developing and designing consumer electronics, software and online services. After the San Bernardino terrorist attack, Apple was asked to assist the FBI in ongoing investigations of the shooter's iPhone, recovered by the FBI. [7] Apple released a statement on February 16, 2016 explaining the implications of creating a court ordered specialized iOS operating system that would threaten current security of iPhone users around the world. Apple argues the implications of creating a backdoor to their operating system poses the threat of duplication and undermines the security features currently in place. The order also raises the issue of an unprecedented government request for user information and weakened privacy and data security. [8]
See also
References
- ↑ SANS Institute InfoSec Reading Room: History of Encryption https://www.sans.org/reading-room/whitepapers/vpns/history-encryption-730
- ↑ Tech News World: A Brief History of Encryption http://www.technewsworld.com/story/70437.html
- ↑ National Institute of Standards and Technology: NIST Withdraws Outdated Data Encryption Standard http://www.nist.gov/itl/fips/060205_des.cfm
- ↑ Electronic Frontier Foundation: Bernstein v. US Department of Justice https://www.eff.org/cases/bernstein-v-us-dept-justice
- ↑ Electronic Frontier Foundation: Court Declares Crypto Restrictions Unconstitutional https://www.eff.org/press/archives/2008/04/21-37
- ↑ Electronic Frontier Foundation: Mathematician Challenges U.S. Lid on Encryption Software https://www.eff.org/press/archives/2008/04/21-44
- ↑ http://www.apple.com/customer-letter/answers/
- ↑ http://www.apple.com/customer-letter/