Government requests for backdoor access: Should federal agencies have access to private data?

• Author:
• Author name

  Quantumrun Foresight
• October 19, 2022

Insight summary

Many governments have debated the regulation of web encryption fueled by ever-increasing cyberattacks. In 2020, the Council of the European Union adopted a resolution on the topic. Meanwhile, the US joined Canada, India, Japan, the UK, Australia, and New Zealand to urge the tech industry to provide backdoor access to national administrations.

Government requests for backdoor access context

Encryption is the process of transforming data into an incomprehensible form to prevent its readability by unauthorized individuals or organizations. This technology does not stop someone from accessing data but blocks them from viewing the information itself. Although data may be decrypted without a key, doing so requires considerable technical knowledge. 

A backdoor is a hidden method of bypassing data authentication or encryption to access information without permission. A backdoor can be built into a computer program using different software or specialized hardware. One common and acceptable backdoor is a manufacturer’s mechanism in its software or device that permits the company to reset user passwords.

As technology and cybercriminals become more sophisticated, governments have pressured tech providers to provide federal agencies backdoor access, claiming it’s for national security. For example, the US government has proposed that computer hardware be created to allow law enforcement access to the computers and cell phones of identified terrorists and other criminals. One of the earliest backdoor proposals was in 1993, when the US National Security Agency designed the Clipper Chip to give law enforcement access to encrypted communications. While it was a voluntary adoption, the chip was not widely implemented due to evident data privacy violations.

Disruptive impact

While backdoors can be abused to gather information from webcams and personal data, there are times when they have further uses. For example, developers utilize them to install safe updates on devices and operating systems. Governments insist that a set of “golden keys” should be created to allow law enforcement access to personal devices through backdoors.

In 2020, the Lawful Access to Encrypted Data Act was introduced by Republican lawmakers. If enacted, it would weaken encryption in communication services so that law enforcement officials could access devices with a warrant. Additionally, a backdoor may leave ordinary people vulnerable to attacks from cybercriminals. Given the prevalence of zero-day vulnerabilities (i.e., hackers exploiting weaknesses in systems as soon as they’re launched), some experts doubt that backdoors are the best solution. However, the bill did not advance beyond the proposal stage.

The most obvious concern is whether backdoor access violates privacy rights. In addition, once a backdoor has been left open for law enforcement use, anyone else can find and misuse it, rendering the encryption useless. Additionally, some experts mirror the opinion of senior policy analyst Andi Wilson Thompson at New America’s Open Technology Institute when she said backdoor bills are just another attack on encryption. 

Implications of government requests for backdoor access

Wider implications of government requests for backdoor access may include: 

• Nation-states bypassing consent and privacy laws to force companies to deliver private information for public surveillance.
• Telecoms and internet service providers being pressured to better their cybersecurity measures to protect against zero-day attacks caused by backdoors.
• More everyday people raising concerns regarding the potential violation of their data privacy, leading to increased tensions between citizens and their representatives. 
• Tech companies being mandated to submit decrypted data or risk being penalized or fined.
• Small and medium-sized enterprises (SMEs) shifting their focus to developing encryption technologies that do not require backdoors, attracting customers who prioritize privacy.
• International businesses facing complex compliance challenges, having to navigate differing encryption regulations across countries, potentially hindering global operations.
• Educational institutions integrating stronger digital security and privacy courses into their curriculum, reflecting growing public interest and governmental focus on these issues.

Questions to consider

• What are the other potential consequences of private information falling into the hands of cybercriminals?
• How else might corporations protect their data from government officials?