"Back Doors for Good Guys Means Back Doors for Bad Guys"--Unpacking Another Claim

By Herb Lin
Tuesday, December 22, 2015, 1:54 PM

Tim Cook deserves huge amounts of credit for saying in plain language what the opponents of back doors are saying. In another article, this time in Computerworld, Cook is quoted as saying that

"But the reality is if you put a back door in, that back door's for everybody, for good guys and bad guys."

Much of the debate over back doors in encryption is couched in exactly such terms, but the claim as stated doesn’t do justice to an important point that is often overlooked. In particular, there are LOTS of different bad guys out there. Even accepting the claim that “bad guys will get access to the back door” (I’ve addressed this claim in a previous post, arguing that they will take longer to get such access and during the time needed to get access, the data in question ARE secure), it is not necessarily true that EVERY bad guy will get access to the back door all at once. Moreover, not every piece of encrypted data will suddenly be revealed.

What *is* true is that owners of encrypted data will no longer be confident that their data are secure when one bad guy gains access—if George’s encrypted data was compromised by the Elbonians yesterday, maybe mine will be today. For many people, the two conditions are psychologically equivalent—the possibility that my data may be insecure is the same as the actuality of it being published in the open. But these psychologically equivalent states do refer to different states of reality.

The last paragraph breaks down in one instance—namely when one associates law enforcement (or their bigger brothers (pun intended) national security authorities) with the bad guys. If you make that association, what is billed as “access to encryption only by the good guys” by definition turns into bad guy access.

I know a number of people—and I count some of them as friends and/or technically well-informed individuals—who make this association. I know about this association because when pressed, they cite documented and undeniable instances of government abuse and violation of individuals’ and organizations’ civil rights. I regard their sentiments as being well within the scope of reasonable debate about this issue, even if I have a different perspective than they do.

What their sentiments do underscore is a fundamental question underneath all of the technical and policy debate over encryption—does government count as a good guy or a bad guy in this debate? And once that question is answered for the United States, what about the governments of 194 other independent states in the world?