Microsoft Expertly Demonstrates Why Encryption Backdoors Are Terrible Ideas

1 minute read
| Editorial

Microsoft did long term privacy advocates a huge favor, even while it screwed over untold millions of customers. The company expertly demonstrated the foolhardy nature of backdoors even existing by accidentally leaking a so-called “golden key.” That key will allow anyone to bypass Microsoft’s Secure Boot protections, rendering them moot.

Golden Key Website

Golden Key Website

A “secure golden key” is precisely what the FBI is demanding Apple and other companies provide. The agency wants to be able to access encrypted systems—which are increasingly common place—in the pursuit of its law enforcement duties.

In addition to trying to get U.S. courts to force Apple to create software that bypasses its encryption, the FBI has argued companies like Apple could create a backdoor that only they have access to. This, we are assured, would be an excellent compromise that protects privacy and facilitates legitimate law enforcement needs.

Reality

The argument by encryption experts is that a backdoor available to one is available to all. Backdoors provide a target for authoritarian regimes and other foreign governments, as well as terrorists and other criminal organizations. Worse—and this argument has been understood for decades—even if a backdoor isn’t compromised, its legitimate owners can mishandle it, misuse it, or let it out.

Microsoft apparently decided it would play the patsy and demonstrate exactly that. Everyone who doesn’t own a Windows device “protected” by Secure Boot should thank the company. Everyone who does should get rid of it and buy something from Apple.

For technical details on the key and how it works, check out Ars Technica‘s excellent writeup. The keys were originally uncovered in March and published this week to what Ars called “a funky website.”

4
Leave a Reply

Please Login to comment
4 Comment threads
0 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
4 Comment authors
pricemi115wab95Paul Goodwingeoduck Recent comment authors

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
newest oldest most voted
Notify of
Mike Price
Member
Mike Price

Hey Bryan: Just getting back from vacation and catching up on all my podcasts. I was listening to TMO Daily Observations 2016-08-11 and windering if/when you will post a retraction/clarification to this. As I understand it, this was a very mis-reported issue and there was no key leaked/released…..actually there is no key at all. The issue is that in a recent version of Win10, the secure boot mechanism was enhanced, mostly if not exclusively, for developers to test new components to be eventually incorporated into the secure boot system. Unfortunately, however, due to the nature of secure boot, the enhancement… Read more »

wab95
Member
wab95

Bryan: This is huge. I’m disappointed but not surprised that this story has not gained more traction in mainstream media (that I’ve seen, at any rate), and attribute this to a combination of tech pundits not appreciating its gravity, and the unprecedentedly noisy distraction of the US campaign season commingled with the Olympics. Easy for a tech story like this, despite its glaring relevance to recent headline events, to be drowned out in this cacophony. Two things should happen at MS. First, they should sack whomever it was who suggested they make this golden key in the first place. Second,… Read more »

Paul Goodwin
Member
Paul Goodwin

Nobody was ever supposed to be able to get my cell phone number. If there’s an opening, someone will get in

geoduck
Member
geoduck

But the FBI will just answer “But that’s not relevant. Trust us, ours will be secure.”