(Image source)
There are people who argue that backdoors in hardware and software, that allows the government to access data bypassing the standard passwords are a good thing. Those are governments, they argue, I want to use passwords to protect myself from bad guys, but I also want the government to be able to break the devices of bad guys.
Yes. Right. The problem is the devices you use and those used by “bad guys” are the same devices. It would be nice if every drug dealer would go exclusively with Motorola Moto G6 phones, but that doesn’t happen for some reason. So if there’s a backdoor, it affects all people – both good and bad.
Now let’s imagine we allowed backdoors widespread. We have them in software like Windows and iOS and hardware like laptops, modems, phones, microchips and so on. But the keys are controlled by the manufacturers and NSA. So far so good, criminals are caught, everyone’s happy.
Then one day some future Edward Snowden leaks the backdoor that allows bypassing ATA password on Dell laptops.
Or maybe it’s stolen through a security hole.
Or some employee carelessly left his computer unlocked.
Or have chosen a poor password.
Or trusted someone who was good at social engineering.
Or maybe it already exists
Oops…
So the backdoor makes its way to the hacker community and to some not so good people. Then those people use this backdoor to unlock a stolen laptop of some Microsoft official. Now they have access to the backdoor to Windows Server. They use it to hack into the server infrastructure of Huawei. There they learn backdoors to Huawei modems, routers, and phones. And so on.
This whole thing can spiral out of control pretty fast. Once one part of the system is compromised you can generate cascade effect that will get you access to everything. This is known as the Single point of failure and among people wearing T-Shirts saying “rm -rf /*
is awesome” is widely considered as a very bad thing.
And now to make matters worse think about how fast the IoT device number grows. Having backdoors in there may allow people to very literally do some nasty physical things to other people while staying invisible and very far away. And if there’s one thing everyone desired since being introduced to the magic of the Internet it is to punch that sucker through the monitor.
Now, of course, this is some dramatical simplification. And also after learning about the leak Dell can issue a security patch that changes encryption and makes it useless, but still, there will be some window of opportunity.
Imagine a key master in your town got drunk and left the key to his house in the bar. You took it and entered his home, where you found the key from his office. Now you got to his office and lo and behold, you see hanging on the wall the keys from every building in your town each one being carefully labeled.
Do you want to live in a town like this?