Encryption

Need Proof That Encryption Backdoors Lead to Hacking? It Happened to Our Own Government.

The National Security Agency arranged for security systems to be secretly compromised. Then the Chinese government allegedly found its way in.

|

Attorney General William Barr and FBI Director Christopher Wray frequently and insistently demand that social media platforms and messaging apps implement encryption backdoors that allow law enforcement to bypass user security in order to access communications. Cybersecurity experts and tech companies warn that such backdoors will inevitably compromise everybody's data and lead to hacking and intrusion by foreign governments.

It turns out the federal government already knows this because it has already happened…to the federal government. Reuters reports today that the National Security Agency (NSA), which historically has worked to have encryption backdoors secretly placed in computers by tech companies to ease foreign surveillance, saw a security system subsequently compromised, possibly by the Chinese government.

The company involved is California-based Juniper Networks, which agreed to install an encryption system component that the NSA could exploit and bypass. According to Reuters, in 2015, Juniper Networks discovered malicious code in some of its firewall products. Researchers later discovered that whoever introduced the code had turned the firewalls into their own spying tool.

While Reuters doesn't officially know who the customer was or who the hackers were, researchers told them that the client was likely a U.S. government agency. Do you recall when China was accused of hacking into the federal Office of Personnel Management (OPM) and stealing millions of records? That was also discovered in 2015, though it's not clear whether there's a relationship between these hacks.

The reason for the lack of clarity is due to NSA secrecy, according to Reuters. After the NSA got burned with its own backdoor, the agency told staffers for Sen. Ron Wyden (D–Ore.) it had put together a "lessons learned" report about what happened with new guidance on implementing backdoors. But, now the NSA says it can't find the report.

That the NSA had secretly been negotiating backdoors into some encryption systems was one of the details revealed by Edward Snowden in his whistleblowing. Wyden, a leading Democrat on the Senate Intelligence Committee (and advocate of preserving strong encryption and data privacy), has been trying to find out what sort of guidelines the NSA had developed, but he's been stonewalled.

Wyden grasps the potential threat of secret backdoors and warned Reuters, "Secret encryption back doors are a threat to national security and the safety of our families–it's only a matter of time before foreign hackers or criminals exploit them in ways that undermine American national security."

At the same time, the Justice Department is still relentlessly trying to make our encryption worse, and so have other governments, like the United Kingdom, Australia, Canada, New Zealand, India, and Japan. Earlier this month, national law enforcement leaders from all these countries signed a letter demanding that encryption be weakened, claiming that police need access to fight child sexual exploitation.

Privacy and technology experts have been warning all along that these demands would actually make everybody more vulnerable to crime for very little gain and would compromise everybody's privacy and data security.

From today's Reuters report, we now know that not only does the federal government understand the fatal flaws of encryption backdoors, but the government itself was likely a victim of hacking as a result of a backdoor. That makes it all the more shameful that people like Barr and other governments continue to demand them.