CHAPTER 4: TECHNOLOGY
(ARTHUR) processing” - PTD is reported to be a group based at GCHQ.67 As part of
a programme called EDGEHILL, it was said that GCHQ hoped to break the encryption
codes of 15 major internet companies and 300 VPNs by 2015.68
4.51.
The response of Office of the Director of National Intelligence to publication of these
documents was that it should not be surprising that security and intelligence agencies
seek ways to counteract encryption. Bruce Schneier commented: “Cryptography
forms the basis for online trust. By deliberately undermining online security in a shortsighted effort to eavesdrop the NSA is undermining the very fabric of the internet”.69
Back doors and front doors
4.52.
The reference to “design changes” at 4.50 above appears to denote “back doors”,
which have been defined as access points that enable “the creator of software or
hardware (to) access data without the knowledge or consent of the user”.70 There may
be said to be a back door if anyone other than the communicating parties and service
providers has access to a communication.
4.53.
The term “front door” was described by the Director of the FBI, James Comey, as a
door which is “built transparently” so that “the chances of a vulnerability being unseen
are much lower” than with a back door.71 The Director of the NSA, Mike Rogers, stated
during an address on 23 February 2015 that the term back door sounds “kind of
shady”72 and suggested the creation of a legal framework whereby access via a “front
door” would provide access to a communication on possession of a warrant. A door
is however a door, and the difference between front and back generally relates to the
acknowledgment of its existence rather than to any technical distinction.
4.54.
The technology industry tends to be opposed to the idea of any kind of door because
the additional code that has to be written in to create the door increases the risk of
improper access to the system, and thus consumer confidence in their products.73 In
the words of two encryption experts:
“[A] ‘back door’ … increases the ‘attack surface’ of the system, providing new
points of leverage that a nefarious attacker can exploit. It amounts to creating
a system with a built-in flaw. … If companies like Apple, Google, Microsoft, and
Cisco (just to name a few) are somehow forced to include governmentally
mandated flaws in their products, these flawed systems become part of our
67
68
69
70
71
72
73
Ibid.
“Revealed: how US and UK spy agencies defeat internet privacy and security”, The Guardian, 6
September 2013.
Ibid.
S. K. Pell, “Jonesing for a Privacy Mandate, Getting a Doctrine Fix-Doctrine to Follow”, (2013) North
Carolina Journal of Law and Technology, Vol. 14, Issue 2, (“Jonesing for Privacy”) p. 532.
In a webcast by the Brookings Institution, “Going Dark: Are Technology, Privacy and Public Safety on a
Collision Course”, 14 October 2014: https://www.youtube.com/watch?v=Dkbh5fJoFhc.
“NSA director defends plan to maintain ‘backdoors into technology companies”, The Guardian, 23
February 2015.
Alex Stamos, Yahoo’s Chief Security Officer was reported in the Washington Post as comparing the
building of back doors to “drilling a hole in a windshield”: “Clinton is looking for a middle ground on
encryption that experts say doesn’t exist”, the Washington Post, 25 February 2015.
62