Opinion: Software “backdoors” a risk to corporate security

Opinion: Software “backdoors” a risk to corporate security

Proposals by the American, British and Chinese governments mandating the installment of “backdoors” in encryption software threaten to undermine the security of the internet and expose consumers and corporations to greater security risks.

Arguing for the protection national security, governments are moving towards requiring that companies who produce encryption software create backdoors to allow intelligence agencies to monitor communications.

In the United States both the FBI and the NSA have led the charge to require companies like Apple and Google to give them the ability to access their software through such channels.

British Prime Minister David Cameron, citing the possibility that this may be used by terrorists plotting attacks, has proposed banning popular instant messaging programs such as Whatsapp that encrypt communications between their users.

China’s government is on the verge of enacting new sweeping anti-terror legislation that would require all technology companies operating within its borders to submit to audits of the source code used to create their software and allow constant monitoring of how it is used.

Backdoors are a threat to corporate security

While the creation of backdoors in encryption standards certainly pose a threat to individual privacy, they will also degrade the security of everyone using the software.

This is because, as numerous cybersecurity experts and IT executives  have noted, the same backdoors utilized by government officials could also be employed by malicious hackers to gain access to sensitive information. Backdoors create a built-in vulnerability that weakens the strength of the software in which it exists. This vulnerability could then be exploited for illicit purposes.

The degrading of security, which backdoors fosters, would then create more risks for end users. Furthermore, the existence of backdoors would increase the potential for the mass leakage of financial and other personal data. With exposure of credit card information already an occurrence far too frequent, online security should be heightened, not lowered.

US trying to have it both ways

US President Barack Obama has been strident in his criticism of China’s efforts to require that American companies build backdoors into their encryption to operate within its borders. China has responded by accusing the United States of hypocrisy.

Indeed on this point the Chinese government is correct. The United States criticizes China’s proposals while at the same time pursuing similar policies. The same charges of bureaucratic overreach and violation of liberty and security that President Obama levied against China could also be directed against the NSA and the FBI.

Given the threat they pose to both security and privacy, backdoors are a poor policy choice in light of current political realities. Governments already have an extensive range of counter-terror powers that they can employ. Undermining the security of everyone who uses the internet or a cellphone seems simply unnecessary.

Rather than confronting the technology sector and seeking to force its acquiescence, government should work with industry to develop a new framework that protects the security of individuals and their data. Otherwise the vast potential offered by contemporary communication technologies may be fatally undercut.

About Author

Matthew Morgan

Matthew is an adjunct lecturer in political science at the State University of New York Cortland and a PhD candidate from York University in Toronto. His research focuses on the intersections between political economy and security studies. His work has appeared in the Studies in Political Economy, the Stanford Journal of East Asian Studies, and Millennium amongst others.