Royce Eddington

Nothing to see here. Move along people.

Much ado about nothing : why no law enforcement agency needs a “master backdoor”

The FBI has made no secret recently about their “need” to get into a recent terrorists’ iPhone, and have currently demanded the source code for the entire iPhone system in order to access a particular device as part of their investigation.

Here’s the problem. There’s already a legal system in place for problems like this.

When a law enforcement agency has a warrant, they get the right to obtain the stated information from that specific individual or group that is listed in the warrant. For example, if there is a warrant for John Doe to open the safe in his home, John Doe has to to open the safe in his home. If John Doe refuses to act on a legally served warrant. he is jailed until he does surrender the information and fully complies with the warrant.

There’s no onus on the safe company to provide a master key. There’s no mandate for all homes to have a master key on their deadbolt so warrants can be served. It is the legal obligation of the individual(s) named in the warrant to surrender the specifically stated information to law enforcement or face severe criminal consequences.

Think about how many times you have heard about reporters being jailed for refusing to disclose their sources. How many times informants are jailed for refusing to disclose their sources. There is no trial or judge for these people, and there is no release for them until they disclose what is specifically stated in the warrant. It is a perpetual prison for the individuals that does not end without compliance or a complete overturn of the original warrant.

If the FBI has a warrant to search the terrorist’s phones and they have refused to disclose their password, then the FBI can indefinitely hold the terrorists until they disclose the password needed to access their devices.

So what’s the problem here? Wasn’t that the original intent? Jail these vermin and wait them out.

The problem is too many politicians and knee-jerk reactionaries haven’t thought the reasons a “master password” or “law enforcement backdoor” is like putting a master key for all home deadbolts in place. Sure, a master key will give you the ability to get into any door you want, but then the “oh no, Godzilla!” part is if that master key gets out, it can be used by ANYONE. Anywhere. Anytime. You can’t control who copies it. You can kiss EVERYTHING that master key is attached to goodbye forever.

Like I ranted earlier, there’s no resetting a embedded backdoor and/or “master password” software on systems without “hands on” access. Once it’s out, there’s no way to erase it, no way to change it and no way to block it. Once a master password is out in the open, it’s fair game. To everyone.

Even if the government manages to keep a master password on a For-Your-Eyes-Only-Roger-Moore level, look how often the government itself gets hacked. The IRS. The FBI. Take your pick. Target A-1 is going to be that master password, and whatever hacker finds it will gain peer immortality.

A master password on a mass-produced consumer device is a critical national security risk. This idea needs to die right now.

 

“AFTER THE POST” EDIT: For argument’s sake, let’s say a master password / backdoor does get installed in the iPhone system to “keep us safe”.

  • Does every law enforcement agency get the master password / backdoor? All the way down to the local two-officer town level?
  • Who is to judge the need of an investigation to get the master password / backdoor? Will it be for all investigations? Or just ones of a certain type?
  • How can the use of this master password / backdoor be tied to properly issued warrants and not abused as part of a “fishing” investigation?
  • What happens when a law enforcement individual leaves their employer and enters the private sector? Does their knowledge of this master password / backdoor cease to exist for them? What restrictions could possibly be put in place to ensure they do not use the master password / backdoor for their own benefit?
  • Will this master password / backdoor be shared with foreign countries? If so, how?
  • Can the use of a master password / backdoor to obtain information in a criminal case be used in a civil case?

Previous

Spectorsoft is changing their name to VERIATO

Next

Don’t use your 3D printer for secret projects without the radio blasting

1 Comment

  1. PG

    From this prospective, the software company’ s archives could also be hacked. Likewise an employee of the software company can also “sell” the password….It happened with former Swiss bank employees…

Leave a Reply

Powered by WordPress & Theme by Anders Norén