Article Image

Reading an article discussing providing back-door access to encryption standards for Government monitoring use made me think ... exactly what does this protect us against?

If this becomes law the days of open and free software are very limited. Why? Well, if you require a back-door into encryption standards you are also insisting that the encryption standard on any device is fixed to prevent the user installing an encryption standard that doesn't have this back-door. Thus, the firmware or Operating System on the device becomes closed-source and, even worse, the user is unable to change it. You can forget about the days of Cyanogen Mod, rooting your iPhone or modifying BIOS/UEFI to your hearts content.

Furthermore the world is seeing a new source of DDOS attack - from "smart devices" connected to the internet. If the firmware in these devices becomes entirely fixed (and this notion supported by law) then these devices are now no longer the property of the person that owns them as that person has no ability to control them. As demonstrated by these DDOS attacks the software running on these "smart devices" can be vulnerable. At this point the only person with the power to manipulate the firmware on the device is not the owner, but the hacker.

Encryption back-doors - security for who?

Blog Logo

Jamie


Published

Image

Jamie Akers

Lego Geek, QA Engineer and Tech Enthusiast

Back to Overview