Russia’s lower legislative house, the Duma, recently passed a bill that requires messaging apps to provide a backdoor to the country’s secret service. The aim, of course, is to ultimately find a way around encryption.
According to multiple news sources, the bill was sponsored by a Senator who
said she is deeply concerned about closed chatrooms on messaging apps because as teenagers are being “brainwashed” by extremists into murdering police officers (ibtimes.co.uk).
In addition to encryption backdoors, the bill will also seek fines for people who won’t decrypt electronic communications when ordered… which is another way of implementing an encryption backdoor – it may not be in the form of digital code, but it works wonders for getting around encryption. Also in the list of such security-defeating wonders: wrenches, pipes, sticks, etc., any blunt instruments, really.
Individuals will be fined 3,000 to 5,000 rubles. Government officials who “stand in the way” will be fined 30,000 to 50,000 rubles. Companies could be fined up to 1 million rubles (about US$10,000). No word if this on a daily, weekly, annual, per incident, etc. basis.
Because the bill is tied to anti-terrorism policies, and not about encryption per se, there are also other aspects to the bill, such as:
- Using social media to incite violence (up to 7 years in prison).
- Not informing the authorities about crimes like terrorism (up to 1 year in prison).
- Keeping records of communications for 6 months or longer, depending on the business.
What Say Ye, the West?
Knowing Russia, chances are that the bill is not entirely relegated to combating terrorism. Accusations, domestic and foreign, have flown for many years about the state of politics, human rights, and privacy in Russia. And not without reason.
And seeing how Russia has newly arisen to be the bad boy of Europe, one cannot help but see the West’s chase for the same laws, for the same purported reasons, in an ironic manner. This has not been lost on people:
it will set the bar for the kind of government actually passes this kind of law, giving Americans and Britons who oppose backdoors a powerful rhetorical tool to use in the date. (boingboing.net)
But does it, really? In some ways, the US and the UK are already more than half-way there. The collection of digital data and communications; its data mining; the recent ruling that the government is allowed to hack citizens’ computers; indefinitely jailing people for forgetting their encrypted media’s password; etc.
Encryption Backdoor Poses Problems
Regardless, pursuing encryption backdoors will pose problems. Unlike Russia, the voice of the people counts for something in the US and the UK. It’s the reason why Republicans are in the Presidential election bind they are in now. It’s the reason why the UK is looking to exit the European Union.
So, when polls show that people are opposed to the creation of backdoors to encryption, the government tends to listen, no matter how many bills are floated on the issue (but one could say there can be some mixed results).
Even more important than the people’s voice, experts in the cryptographic arena are pretty adamant that a backdoor is a terrible, terrible, TERRIBLE idea. They explain in no uncertain terms why it’s a bad idea, and why “secure backdoors” are not possible – in real life or even in theory. Their government counterparts, on the other hand, who claim not to be experts themselves, are certain that it can be done. Although they don’t know how.
Heck, here’s one such government dude who says that encryption outside the US is “theoretical”:
In addition to the above clip, there is also a very cringe-worthy rebuttal at techdirt.com:
- Only 1 out of 9 top encryption products would be affected by US regulations on encryption backdoors.
- There are 865 encryption products from 55 different countries.
None of these are theoretical products nor are they theoretical countries.
Backdoors for Others but Not for Ourselves
Coming back to the Russia, I’d say it’s quite telling that the law targets anyone and everyone but the government. Are government encryption solutions to have backdoors? Nope. Are apps targeted that would be used by government officials for official government business targeted by the laws? Nope.
If encryption backdoors can be built-in without compromising the overall security of encryption, then why is it that governments don’t direct these same laws to themselves? After all, who knows when a second or third Snowden situation may arise, where a government worker uses a non-backdoored encryption solution in their whistleblower activities? Arguably, such instances have more of a devastating effect than the inability to break into a low-level drug-dealer’s iPhone. Why backdoors for the latter but not for the former?
Undoubtedly, indirect proof that encryption backdoors pose a bigger problem than what government officials are willing to admit.
Related Articles and Sites: