Backdoor, security and privacy, there is the right balance? Experts say

Security against privacy, is it possible to enjoy both at once? And if not, as they seem to demonstrate the measures that we applied again and again in our society, what is more important for citizens? This is the question again and again opens delicate debates for years.

In one of the last chapters of this debate we have seen how the FBI case against Apple has been the trigger for another derivative question: Are the really necessary rear doors? Should security forces have indiscriminate access to these devices when needed, as claimed by the FBI? It is what we have tried to elucidate with several experts in the field of computer security.

Backdoor, security and privacy
Image Source: Google Image

The fallacy of privacy-security discussion

For security experts Bruce Schneier as this dichotomy is false. This analyst takes time talking about the commitments we have to go assuming gradually on privacy and security, and spent long ago a specific reflection to this debate:

Security and privacy are not opposite ends of a rocker; you do not have to accept less than one to get the other. Imagine a door lock, a burglar alarm and a fence. Imagine weapons, anti-counterfeiting banknotes and that silly ban on liquids at airports. Security affects privacy only when it is based on identity, and there are limitations to this type of approach.

Schneier, who added that the debate “is not about security vs. privacy, but about freedom vs. control”, threw in that reflection of 7 years – as valid then as today- substantial data made it clear that security today is more important than privacy.

Safety is vital for survival. Privacy is unique to humans, but is a social necessity. It is vital to personal dignity, family life, for society-what makes us human but not so uni-vocally for survival.

That is not an empty reflection: the Maslow pyramid reflects the hierarchy of human needs that is confirmed again and again by surveys. Schneier in that article referred to a survey (no longer available) in which 51% of the participants had chosen security over privacy, while the latter was only chosen by 29% of respondents. These data are reinforced with surveys like last year published the Washington Post: 2 out of 3 people positioned themselves in favor of security over privacy.

Other analysts in this area pose another reflection somewhat different. Sheldon Richman, The Future of Freedom Foundation, explained how this debate and these commitments should not exist in the way governments rise. In a free market, he says, a person discover what the perfect balance for him, and not that situation would arise because “the information would be voluntarily disclosed by each person under mutually acceptable terms.”

You may also like to read another article on iMindsoft: What advice would you give to someone starting out programming after more than 5 years doing?

However various governments pose the opposite: they are those who raise this balance without that we can decide what the right balance for us. That, says Richman, is an intrusion that is done without consent or without our knowledge “and hope no one say that vote or continue living in the United States constitutes consent to the invasion of privacy,” he adds.

To speak in depth the question of the rear doors we wanted to contact several experts on computer security in our country. Our guests on this occasion were Roman Ramirez (@patowc), which among other things is the creator and organizer of the event security Rooted CON, Chema Alonso (@chemaalonso), a security expert and, among other things, author of the blog A computer in the evil side, and César Lorenzana, a captain in the Cybercrime Unit of the Guardia Civil (@GDTGuardiaCivil).

“If you mess backdoors, metes insecurity for everyone,” – says Roman Ramirez

Ramirez began making a striking analogy: “the state forces can not pursue a Lamborghini with 600” explained when talking about how these security forces should have tools to fight cybercrime, “but that does not mean that we all have to go on a 600,” he added.

This expert made it clear that the rear doors were not the solution to the problem because as I said, “if you put backdoors, metes insecurity for everyone,” and added that once the Trojan horse was on our devices,” the chungos Ukrainians would take two months rape.”

Ramirez also wanted to make clear that certain comparisons were absurd: that someone who has killed another person or moved tons of drugs be prosecuted for using encryption was absurd. One thing is to give tools and exceptional security forces powers in exceptional cases, he told us, and quite another to “give them an infinite power”. The trigger for this debate was the case between Apple and the FBI, and that his reflection was as follows:

I think Apple’s position is correct for the following: It is irrelevant as such the case itself. The important thing is what the FBI wanted to get: a lever to ensure that all technology manufacturers give them carte blanche. They give tool that would not have to pass under judicial control and could use when you give the win.

For this expert debate over whether there should backdoors or was not nonexistent. Such systems did not make sense, and what he had to do was provide tools to the security forces to combat cybercrime. Always under the supervision of a judge, and always bearing in mind that by giving these tools, security forces must act consistently “for a guy can carry a gun he has to fulfill his part of the contract,” he said.

“You must set the balance between freedoms and rights,” – says Chema Alonso

Chema Alonso has long been talking about this issue both as a lecturer and as part of their professional and informative work on his blog. In fact when you start the conversation reminded us that there are three articles published on this subject (the first, the second and the third) and that was a good way to enter its position before this debate.

If you read those entries will understand in depth the arguments of this expert, who explained how “no specific universal right dedicated to privacy”. Each country has its own legislation and gives his tools to his government and security forces of that country to combat all types of crime. Alonso explained that “the law in the US is yours, and when I go to the US have your law enforcement, and when a multinational comes to my country must comply with the laws of my country”.

Alonso what happened between the FBI and Apple has had a very different background than they have wanted to communicate those responsible for the agency and the company. Neither the FBI wanted only unlock that iPhone 5C Terrorist San Bernardino, or Apple wanted only to protect the privacy of all its users.

Can Apple unlock the phone and help the FBI without generating a back door? Yes, you can. Apple has 100% chances to access the phone. If anyone thinks that no, sorry. Security is based on the trusted chain in the code signing, and that signature is Apple. The company could have helped, of course.

But of course, what was called the FBI was actually the master key of which has been spoken. “I like Chema Alonso not wants the FBI have a master key. For I am serving the law, and these rights, I choose democratically (government and European Parliament),” he explained. In fact the difference in the protection of freedoms and rights was not a company like Apple, “which is a board of directors that decides not Cook, but more action is. The guarantor of my rights is not Apple, is the government”.

You may also like to read another article on iMindsoft: Opera includes a free VPN in your browser

What is puzzling to Alonso is that this debate has raised much controversy when in fact there forensic every day worldwide analysis. “Privacy is broken every day because a judge premium the right to privacy and the right of other people to seek justice” highlighted the security expert.

With everything and with that, his opinion was as strong as that of Ramirez, the rear doors are meaningless. In fact he explained as “for shoplifting or illegitimate sick leave, is not proportional to the breakdown of the privacy of crime. But there are crimes in which the tool itself must be applied”.

“A master key that would fall trusted system mounted on the Internet,” – said Cesar Lorenzana

Cesar Lorenzana began reviewing the case of Apple and the FBI that sparked controversy, and made it clear that in his opinion “neither is telling the whole truth”. As is finished checking, the FBI did not need help to decipher the famous Apple iPhone 5C, which made buying an exploit with which they could access the data.

For him, yes, Apple does not have a master key decryption, and having it is absurd to ask for it because the company is going to deny it. However, that does not exempt them from working if justice demands. “Apple advantage and campaign privacy is much to say that they are champions of privacy does have to help in specific situations”.

In that debate on privacy, freedom and security Lorenzana was clear that citizens should be clear that the tools that can be used for combating crimes make some governments and agencies have more resources than others. “The United States can violate many things, but not the technology,” but what citizens can do is protest if the tools available to law enforcement agencies are not sufficient to stop or prevent certain crimes.

But again his opinion was clear: the existence of a master key would be absurd, since the whole system would fall trusted mounted on internet. As there is a master key to enter any house if you need to really get a judge approves it and the security forces entrant- just cannot be one for electronic devices. In fact if there were companies like Apple would face a real nightmare in management at the time of transferring it.

Those who work in this area think alike: I want my information safe. If I force a particular vendor to create a backdoor, who tells me he will not use it against me? That’s not going anywhere. We must find an alternative path. A balance.

For this expert freedom and security are compatible, “but there must be procedures to violate someone’s freedom to protect the safety of many others.” We also wondered about the state of computer security in our country. Do we have anything to envy to other countries or governments in this matter?

Leave a Comment