Several governments want to put back doors into encryption systems. The goal is to be able to provide safety by being able to read messages sent by “terrorists”. They promise to safeguard the back doors so that only they can use them. They also promise not misuse the access.

Lots of folks don’t believe them. Lots of folks know that an encryption system with a backdoor is inherently insecure. Lots of folks know that a backdoor can be used by the bad guys as well as the good guys. Lots of folks are trying to convince the public this is important. Lots of folks are doing this by providing reasoned logical arguments and education. This is the wrong approach.

The public has made it clear that fears about safety trump everything, even the truth. The public doesn’t like reasoned logic and education. The public has shown a shockingly low opinion of the need for privacy. The public is pretty much convinced only the “guilty” have anything to “hide,” or that they are so unimportant as to ever be a target of a government, a bad guy or a back door attack.

To convince the public, we need bigger “guns.” We need Puff Daddy.

“It’s All About The Benjamins”

Puff Daddy

I believe there are two money-based arguments to make.

To the public I say:

Imagine that there are only two kinds of safes in the world:

Safe Type 1

Only the owner has the key to this safe. The key has, so far, not been able to be duplicated. The only way for someone to open the safe is with the key.

Safe Type 2

This safe has the same type of key as Safe Type 1, however, on the back of the safe is another door with a numeric keypad. The government has a code to open the safe without anyone’s knowledge. They claim no one else can know the code or guess it. They have no legal obligation to tell anyone they opened the safe or if they added or removed anything.1

It doesn’t matter which safe is good enough for you, my question is “Which safe do you trust enough to insure?”

Imagine that you’re an insurance company and you insure valuables against theft. If things go missing from a safe, you have to pay to replace them unless you can prove that the owner took them or that they weren’t stolen (i.e. they were taken by a third party legally). Will you provide insurance on Safe Type 1? Safe Type 2?

As for me, I won’t insure Safe Type 2. The government can remove everything in a completely undetectable way and never have to admit it. If someone steals the government’s code they can do the same thing and the government has no reason to admit to the theft. This means that I will potentially pay a lot of claims for things that weren’t actually “stolen” except through a fault in the safe. A fault I can avoid all risk of by refusing to insure Safe Type 2.

With Safe Type 1, unless someone has figured out how to duplicate the key I know the contents were taken by the owner. Case closed, no payout. If the key is able to be duplicated there is a tiny window of opportunity for theft while all the safes are re-cored with new locks and keys.1

Even if this approach to the conversation works, it probably isn’t enough to end this debate quickly. We need a second set of big guns, lobbyists. Therefore, argument number 2:

To financial industry lobbying groups I say:

My credit card agreement gives me effectively 100% protection from fraudulent charges. To have this freedom from liability I only need to abide by this condition:

“[I] must take reasonable steps to prevent the unauthorized use of [my] Card, Access Checks and Account.”

Capital One

Credit card companies should fully understand that mandatory encryption back doors mean that SSL and other encryption tools used in the pipeline to process in-person, telephone, and internet card transactions are inherently insecure. This opens them up for virtually unlimited liability.

This liability could be avoided by adding more verification steps. However, if credit cards require even more verification, people will simply stop using them.2 People are fundamentally lazy and don’t want the extra hassle.

Another way to avoid liability is to make it the card holder’s problem by making it unreasonable to have faith in a system with a known back door. Obviously this is a non-starter. Therefore the merchants would have to be made liable. This is also a non-starter.

The only real solution is for the industry to keep the back door from happening in the first place.

When lobbying groups are threatened they fix the laws. In this case we all win.

Image: Public Domain from US Mint via Wikipedia

Note: This post was edited for grammar, typos and phrasing. A full history is available in the git repository.

  1. Yes, this is a simplification of what a back-door is, but I believe it will suffice for this purpose.  2

  2. Don’t forget why the U.S. has chip-and-signature cards and not chip-and-pin cards. “U.S. bank executives said they are choosing the signature version so customers won’t be burdened at the checkout line to remember a new four-digit code.” - Additionally, there is no US Bank implementing 3-D Secure for domestic transactions that I am aware of. I read, but cannot find the link, that US Banks had dismissed SMS verifications as “flaky” despite them being highly reliable in many other parts of the world.