Crypto Backdoors are Good – Except When The Other Side Has Them
Attorney General Barr and FBI Director Wray have been lobbying strongly for companies such as Facebook and Google to add backdoors to their cryptography so that they can eavesdrop on conversations when they need to.
But there are problems with backdoors to encryption.
Mostly, you cannot control who uses them.
Case in point Huawei. The U.S. says that Huawei has a backdoor into their telephone gear. One which, I might add, the U.S. requires them, by law, to put there – so this is not the first crypto backdoor rodeo.
But now the U.S. says that Huawei is using that backdoor that we made them install. Probably on behalf of the Chinese government.
It is not clear to me why the U.S. thinks that if we make Google or Facebook or some other company install a crypto backdoor that we will be the only ones that use it. That puts companies in a bind when some non-friendly government makes them decrypt conversations that might get people killed.
All this is just a lead in to today’s post.
There is a Swiss company, Crypto AG, that built encryption hardware for governments. Apparently the crypto was pretty strong. And the company, being neutral, sold it to countries that the U.S. was friendly to. And not friendly to.
So how could we break the crypto?
Secretly, the CIA, in partnership with West German Intelligence, bought the company. This enabled them to do, well, whatever they might want to do. Such as sabotaging the software so that Germany and the U.S., as well as some other governments could read other governments supposedly secure communications. Ones that were protected by systems that they paid Crypto AG a lot of money to secure.
Talk about supply chain risk. Holy cow.
Crypto AG sold their systems to as many as 120 countries, so, for the CIA, it was a target rich environment. They knew what agencies in which governments were using their systems and had installed backdoors to allow them to decrypt those supposedly secure messages.
In this case, it was the good guys who had the master key, but they were read the messages of our allies in addition to our adversaries.
If they didn’t sell their systems to the good guys, the bad guys would get suspicious.
But this is kind of how the spy business works. Sometimes collateral damage is OK.
But this is also the problem with crypto backdoors. Once you have them, it is hard to control how they are used. Source: Washington Post