The FBI OpenBSD 'back door' and other encryption conspiracies
The philosophical flaw of security back doors is that they are usually pretty easy to spot. There are also much easier ways to defeat encryption which has rendered the back door idea moot. Intriguing to read, then, the sensational claims...
Intriguing to read, then, the sensational claims that the FBI ‘back-doored’ the IPSEC stack used to open VPNs in OpenBSD, made in an email from government contractor Gregory Perry to lead OpenBSD developer Theo de Raadt.
“This is also why several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments,” says Perry in the email, adding some oil to the flaming fires of conspiracy about what gets bought and what doesn’t in government.
The claim is being downplayed, as it should be without corroboration or harder evidence, but the notion that the US government puts back doors in security systems is far from new.
Only three years ago, Bruce Schneier raised the small matter of whether the NSA had introduced a backdoor deep inside the mathematics that underpins the government-sanctioned random number generators (RNGs) used to create encryption keys.
At the time, encryption legend Phil Zimmermann (the man behind PGP, which the US government hated in the 1990s for democratising encryption) made a good point about the controversy. The people who engineer encryption technology from the mathematics stage to the implementation in chips and software know what they are doing. They are hard to fool for long and when they find out the back door will be useless.
Less dramatic but on the same theme was the fanciful claim in 2009 that the NSA was out to crack Skype’s encryption without anyone knowing, and would pay billions to anyone who could do the job without being discovered.
Perhaps the best known example was a US Government initiative during the Clinton administration to force anyone implementing encryption to lodge keys using an escrow system integrated into every device, the infamous ‘Clipper chip’.
The potential for official abuse was obvious and Clipper was dropped by 1996. Nowadays, the idea of implementing encryption with a government backdoor would seen as laughable but you can see why they tried. Someone saw the potential for encryption to shut out the authorities.
The biggest argument against back doors today is that they are not needed. Far better to leave the encryption alone and intercept the data in plain text form, as can be done using covert Trojans. This technique has been used by police forces around Europe in recent years, and is pretty cheap to carry out. It also comes with the defence of plausible deniability.
Back doors elicit fear and mistrust and fuel conspiracy-mongers. But the way into today’s systems is clearly through the front entrance not the back.