One of the things that we at Secure Group like to emphasize the most is that there are no backdoors to access our products. Why is this such a big deal? The short answer is that backdoored encryption algorithms are compromised by definition, as they feature a weakness that is known to a third party – which defeats the purpose of encryption by default. The long answer is below.
Encryption is meant to protect information by scrambling plaintext data or messages to a state of apparent nonsense, called ciphertext. If the data gets stolen from a device by someone, or a message is intercepted by an eavesdropper, they would be of no use to them unless decrypted. To do this, one needs the password or key that was used to encrypt the information in the first place.
In modern cryptography, the keys are long sets of seemingly random numbers and characters. The length of the key alone protects the locked data from brute force attacks – a trial-and-error method of guessing the key until it finally works. Theoretically, it should take contemporary computers hundreds of thousands of years to break a 1024-bit key. And the keys serious encryption providers use are 2048 or 4096-bit.
What are encryption backdoors?
Encryption backdoors are design flaws that have been deliberately put in encryption algorithms so that a third party could rather easily generate a decryption key. This is not exactly a master key to all data encrypted via a particular algorithm – rather a way to significantly speed up brute force break-ins to periods that make practical sense like months, days or hours. One way to categorize the types of backdoors is by whether they are “explicit” – ones of whose existence everyone is aware; and “implicit” – that are known only to a select group of people, usually the ones that designed them.
Obviously, if you’re looking for security, you’d stay away from anything that you know is backdoored. So this leaves you implicit backdoors to worry about. And they are trickier because the algorithms they are in offer encryption that actually does work perfectly and is practically unbreakable, unless one is aware of the carefully obscured flaw in it.
This serves the dual purposes that spy organizations like the US National Security Agency (NSA) have. On one hand, they are meant to ensure the security of the USA’s computer systems by providing encryption standards that are strong enough to keep foreign adversaries away from sensitive information. On the other, the NSA has a mission to spy on criminal and terrorist cells in order to prevent their actions. And to do the latter, it needs a way to break the same strong encryption standards.
Why are backdoors a problem?
Neither you, nor we want terrorist plots to be successful. Then what is the problem with law enforcement using backdoors to spy on bad guys? Even if they spy on the occasional innocent guy, there’d be no consequences for the latter, right? There are two main reasons there is a problem with backdoors.
One is about principle. Privacy is a right – fundamental enough to be protected by the US Constitution. And would you be ok, for example, with your neighborhood policeman having a key to everyone’s house, you know, just in case? Them having a key to the information on your computer or smartphone is the same.
The other reason is practical. As Apple CEO Tim Cook pointed out, a backdoor for the “good guys” is also a backdoor that is there for the “bad guys” to use. There is no guarantee implicit backdoors could remain hidden forever. If there is a design flaw in an algorithm, it is pretty much open season for everyone to find it. The likes of the NSA are worried that this could be done by some foreign intelligence agency – such organizations are the ones that have the resources to find a hidden backdoor. But it just might as well be criminals.
And you don’t want your neighborhood burglar to have a key for your house, do you? Exactly! This is why we have designed Secure Phone so it features no backdoors – even for us. If we wanted to eavesdrop on your communications or access your phone, we wouldn’t be able to. And neither would be anyone.