Terrorism – No Time for Backdoors

René Pfeiffer/ November 18, 2015/ Communication, Discussion, High Entropy, Security

Every successful project needs proper planning and a good project management. You know this from your business life, probably. Projects can’t be done without tools for communication. We all use these day by day. Email, telephone, collaboration platforms, social media, instant messengers, and more software is readily available. Access to communication tools has spread. Exchanging messages has also evolved a lot since the 1990s. Given the diversity of the Internet, messages are now encrypted (hopefully). It is a very basic defence against any third parties, or Eve, both being unable to eavesdrop on the conversation. Especially when you do business and talk money, encryption is your closest friend. Why else would you meet indoors and control the access of persons to your office space? Why not discuss business internals while riding public transport? Some people do, but usually you do not.

Working encryption has no backdoors, no known weaknesses, and no maintenance hatch to bypass the algorithm, the keys, or any internals. In an ideal world only the communication partners can decrypt and therefore access the content of a conversation. This property is called end-to-end encryption. Every communication system lacking these basic features is not intended for secure communication. Period. There is nothing to discuss. Either you want secure communication or you don’t. There is no middle ground.

So what about access to encrypted communication, and therefore data, for law enforcement and intelligence services? Should there be exceptions? No. Crypto still is one of the building blocks of security, IT or otherwise. Once you start removing bricks from the foundation, your house will collapse. Your data, your messages, both will be buried alive by rubble.

There is another way. Consider a terrorist attack as a project. All projects are driven by deadlines. Thus terrorist attacks need a crucial ingredient to work: devices to keep track of time. Don’t allow clocks, wrist watches, stop watches, hour glasses, and similar devices. Any device capable of keeping track of time must not display it correctly. Ban the publication of timetables for train stations and airports. Add random time periods to decrease the accuracy to a resolution of a few hours. We must not allow hardware and software to display seconds or minutes any more. Keep it safe.

It’s a small price to pay for the desperately needed extra security, don’t you think?

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.