1. Software Backdoors and their
Ethical Implications
Adam Chiaravalle
CPSC 3610, Dr. Claire McCullough
2. Outline
1. What is a backdoor?
2. Why should we care?
3. Who wants what?
4. The case for backdoors
5. The case against backdoors
6. Ethical viewpoints
3. What is a backdoor?
4 Placed intentionally by developer or by malware2
4 An intentional security flaw to allow certain groups
unauthorized access to data
4 A way to bypass encryption or authentication3
4 Backdoors into consumer technology
4 Backdoors into major tech servers
3
https://cdt.org/insight/issue-brief-a-backdoor-to-encryption-for-
government-surveillance/
2
https://www.youtube.com/watch?v=T3VfcH0GpLg
4. "...refers to a secret portal that hackers
and intelligence agencies use to gain illicit
access."
-Wired26
26
https://www.wired.com/2014/12/hacker-lexicon-backdoor/
5. Like a TSA lock that allows
agents to open your
suitcase and replace the lock
without notice.
They hold a set of keys that
work for all TSA-approved
locks.4
4
https://freedom-to-tinker.com/2016/02/22/
an-analogy-to-understand-the-fbis-request-
of-apple/
Image: https://www.pexels.com/photo/close-up-
of-keys-333837/
7. Clipper Chip
4 US Government introduced
"Clipper chip" in 1993 and
discontinued in 1996
4 For encrypting voice
communication, but with a
crypto key in government hands
4 Troubling because would allow
government to listen in on
secure calls7
7
(Content and Image): http://
www.cryptomuseum.com/crypto/usa/
clipper.htm
8. San Bernardino
Case
4 Crucial information on locked iPhone
4 FBI asked Apple to make unsecured OS
4 FBI could connect and brute force exploit
backdoor
4 Troubling because huge precedent if created8
4 Apple very publicly declined11
11
http://www.npr.org/sections/thetwo-way/
2016/02/24/468016377/apple-ceo-tim-cook-
back-door-to-iphones-would-be-software-
equivalent-of-cancer
8
https://www.washingtonpost.com/world/
national-security/us-wants-apple-to-help-
unlock-iphone-used-by-san-bernardino-
shooter/2016/02/16/69b903ee-
d4d9-11e5-9823-02b905009f99_story.html
9. "...Building a version of iOS that bypasses
security in this way would undeniably create
a backdoor. And while the government may
argue that its use would be limited to this
case, there is no way to guarantee such
control."
- Tim Cook 12
12
http://www.apple.com/customer-letter/
10. "...We build secure products to keep your
information safe...
But that’s wholly different than requiring
companies to enable hacking of customer
devices & data. Could be a troubling
precedent"
- Sundar Pichai13
13
https://twitter.com/sundarpichai/status/700104383762026496, https://
twitter.com/sundarpichai/status/700104433183502336
11. Precedent
"...no smartphone lies beyond the reach of a
judicial search warrant.".4,6
-Cyrus Vance Jr.
6
http://www.nytimes.com/roomfordebate/2016/02/18/crimes-iphones-and-
encryption/no-smartphone-lies-beyond-the-reach-of-a-judicial-search-
warrant
4
https://freedom-to-tinker.com/2016/02/22/an-analogy-to-understand-the-
fbis-request-of-apple/
Image: https://www.pexels.com/photo/close-up-of-keys-333837/
12. NSA Backdoors
& PRISM
4 Documents released by Snowden in 2013
4 Allows mass, indiscriminate internet data
collection in cooperation with Facebook,
Google, Apple, Microsoft, more
4 Collects VoIP calls, cloud files, emails, more
4 Troubling because data of innocent
individuals gathered9
Image Source10
Next slide image source9
9
http://www.theverge.com/2013/7/17/4517480/
nsa-spying-prism-surveillance-cheat-sheet
10
https://www.youtube.com/watch?
v=V9_PjdU3Mpo
17. It is an easy way to gather data
4 One of the easiest ways to gather information on
terrorist or other criminal organizations is through
backdoors or data monitoring29
"'I, sitting at my desk,' said Snowden, could 'wiretap
anyone, from you or your accountant, to a federal
judge to even the president, if I had a personal email.'”29
- The Intercept, Edward Snowden
29
https://theintercept.com/2015/07/01/nsas-google-worlds-private-
communications/
18. Backdoors are inexpensive
comparatively
4 Marc Thiessen says in a column for
Washington Post that there are 3
ways to get information on potential
terrorism suspects. 16
1. Interrogation (EO 13491)15
2. Infiltration (expensive)
3. Digital Surveillance16
Image Source14
14
www.nsa.gov
16
http://www.theblaze.com/news/2013/06/10/
here-is-the-pro-nsa-surveillance-argument/
15
http://www.presidency.ucsb.edu/ws/
index.php?pid=85669
19. Some polls show
that Americans find
some NSA
surveillance
acceptable
4 In 2013 poll, 62% of Americans said
more important to investigate threats
than preventing intrusions of privacy25
Image source25
25
https://www.washingtonpost.com/politics/
public-reaction-to-nsa-monitoring/
2013/06/10/90dd1e60-d207-11e2-
a73e-826d299ff459_graphic.html
21. Encryption does not necessitate
surveillance or indicate guilt
4 Encryption is used to secure social media, financial
applications, medical records and much more. If there is a
backdoor to our systems, we lose privacy to these as well3
4 Founding fathers were huge proponents of encryption and
even created cyphers to hide messages from the British17
17
http://www.realcleartechnology.com/articles/2016/01/13/
encryptionvitaltothefoundingfathersvitaltomodernamerica1270-2.html
3
https://cdt.org/insight/issue-brief-a-backdoor-to-encryption-for-
government-surveillance/
22. The backdoors could be used by
malicious groups18
4 Backdoor security flaws may actually enable crime
4 Puts businesses at risk
4 Puts our country at risk of exploit from other
foreign countries3
3
https://cdt.org/insight/issue-brief-a-backdoor-to-encryption-for-
government-surveillance/
18
https://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-
the-risk-of-government-backdoors/
23. Backdoor requirements may stifle
new entrepreneurship
4 Barrier to entry is too high, discourages
encryption to begin with3
3
https://cdt.org/insight/issue-brief-a-backdoor-to-encryption-for-
government-surveillance/
24. Not significant evidence that NSA
backdoors have stopped attacks19
"...the utter lack of evidence that a terrorist attack has ever been prevented because
searching the NSA database was faster than other investigative tactics - I have serious
doubts about the efficacy of the metadata collection program..."
-Richard J. Leon, Senior Judge US District Court for DC
4 NSA director Keith Alexander at a security conference in 2013 stated in a presentation
“54 ATTACKS THWARTED”
4 He later agreed that not all were plots and only 13 were connected to the United States20
20
https://www.propublica.org/article/claim-on-attacks-thwarted-by-nsa-
spreads-despite-lack-of-evidence
19
https://www.propublica.org/documents/item/902454-judge-leon-
ruling#document/p62
25. Tools that exist will be used, maybe
against you
4 Just because it's not being used against you right now, that
doesn't mean it can't be used in new unimagined ways against you
in the future
4 Foreign countries without free speech could monitor citizens10
4 US has funded projects to allow activists to communicate securely
4 IoT devices with backdoors21
21
https://www.aclu.org/blog/speak-freely/7-reasons-government-backdoor-
iphone-would-be-catastrophic
10
https://www.youtube.com/watch?v=V9_PjdU3Mpo
27. Ethical Egoism
4 From the consumer perspective:
Keep as much information private as possible.
Preference towards no back doors to keep
data out of the wrong hands. Image source24
4 From the tech company perspective:
They want to keep as many customers as
possible in the long term, so they should do
their best to comply with the consumer long
term.
4 From the government perspective:
Law enforcement's long term goal is to keep
citizens safe, but they see backdoors as a
gateway to this
24
http://www.pewresearch.org/fact-tank/
2015/05/29/what-americans-think-about-nsa-
surveillance-national-security-and-privacy/
28. Kantianism
Under the second categorical imperative
foundation, we must not use others as means to an
end. Extenuating circumstances don't make a
difference. We must not deceive; it is a perfect duty.
22
The NSA gathers mass data on groups of people
that have no suspected link of criminal activity.9
9
http://www.theverge.com/2013/7/17/4517480/nsa-spying-prism-surveillance-
cheat-sheet
22
Lecture 2.2.2017, Dr. Claire McCullough
29. My Ethical Viewpoint
4 Just because it's not being used against you
right now, that doesn't mean it can't be used in
new unimagined ways against you in the future
4 French authorities placed activists planning to
participate in a peaceful rally under house
arrest. They cited new anti-terror laws.10,23
23
https://www.theguardian.com/environment/2015/nov/27/paris-climate-
activists-put-under-house-arrest-using-emergency-laws
10
https://www.youtube.com/watch?v=V9_PjdU3Mpo