Legal backdoors that only serve the good guys don’t exist. A serious cybersecurity incident in the United States, which involves Chinese hackers, is a terrible demonstration of this risk.
This is a topic that comes up from time to time in cybersecurity. To better combat Internet crime, police organizations and politicians sometimes call for “legal backdoors”. This request targets, for example, instant messaging services which use end-to-end encryption, in order to access discussions.
However, these backdoors, also called hidden doors, are very frowned upon. Cyber experts often repeat that weakening the security architecture of an application or system will not only benefit the “good guys”. It could also benefit the “bad guys”, if they end up discovering said opening.
A serious hack in the United States, and linked to China
What is a backdoor?
A backdoor is an alternative access to a system. It can be installed by a criminal, after a cyberattack. The tool can then be used to install other programs, steal information or spy, without victims knowing.
This reality just came to light at the beginning of October, in an affair that concerns the United States. In its October 5 edition, the Wall Street Journal revealed that American listening systems were hacked linked to China. A large number of American Internet Service Providers (ISPs) are affected.
« For months, hackers may have had access to network infrastructure used to cooperate with U.S. legal requests for communications dataaccording to the newspaper, which represents a major risk to national security “. The situation is described as “ potentially catastrophic ».
In this case, summarizes John Scott-Railton, senior cybersecurity researcher at the renowned Citizen Lab, hackers linked to China were able to carry out this operation by compromising the interception portals provided for by American legislation. These systems are used in court-authorized wiretap requests.
For John Scott-Railton, this is the most blatant demonstration of the concern posed by this type of interception in the name of security. “ Remember this the next time a government requires encryption backdoors “, he warns. Same story with Meredith Whittaker, the president of the foundation which takes care of the Signal application.
« Perfect illustration: it’s impossible to build a backdoor that only the good guys can use “, she declares. The opportunity for her to recall that work in this direction exists in Europe with controversial legislation nicknamed ChatControl, which consists of forcing messaging applications to scan private conversations.
« When the entire technical community says that the European Union’s ChatControl legislation and other similar measures pose serious threats to cybersecurity, this is not an exaggeration “, she added. The fact remains that this ChatControl, which was countered for a while, is still in the pipeline.