A Discussion of Surveillance Backdoors: Effectiveness, Collateral Damage, and Ethics A Discussion of Surveillance Backdoors: Effectiveness, Collateral Damage, and Ethics

After more than a decade of relative quite the crypto-wars are heating up again. Terrorist attacks Paris1 and San Bernardino2 are being used by politicians as well as intelligence and law enforcement agencies to call for weakening security systems to aid surveillance and forensic analysis to fight terrorism. A number of different strategies are being proposed. These include banning default encryption – such as the encryption found on iOS and Android; building backdoors into cryptographic protocols to allow government access in “exceptional” circumstances; software backdoors – such as “forced” data backup systems; and finally, stockpiling and using 0-day vulnerabilities instead of patching them. All of these strategies extend the power of intelligence and law enforcement agencies. At the same time the rise of hacking/attack related security events is leading to a call for improved information security across the board. Thousands of critical software vulnerabilities (CVEs) are found every year, and estimates indicate that the cost of data breaches will exceed $2 trillion by 20193. These threats have not been confined to corporate networks; most worrying are the recent addition of attacks against cyber-physical systems and critical infrastructure. The first well known example is the Stuxnet virus discovered in 2010 which attacked and destroyed Iranian centrifuges in the Nantaz Uranium enrichment facilities4. A more recent example is the use of the BlackEnergy malware to breach the computer systems of the Ukrainian power system and then subsequently hack the SCADA control units causing a power-outage for around 80.000 Ukrainians in December 20155. While these attacks are the most spectacular there are a whole range of serious incidents. Attacks against our banking system – such as those recently levied against the NASDAQ stock exchange6 or babyphones7 show that virtually no area is safe. The debates around both these problem domains are heating up, however, they are often being discussed as separate issues. This is unfortunate, as on a technical level they are linked and should be discussed together. In this article we propose that the debate be framed in the context of collateral damage to help guide the decision making process.