This means that any back door discovered in devices more than a year or two old is likely to remain, putting their users at risk of compromise for as long as they use them. Their odds of getting updates from most phone manufacturers are even worse because they have no financial incentive to do so. Android market share in April 2016, based on connection to Google Play Store. Even now, about a third of Android devices are using a version older than 4.4, released in October 2013, meaning Google is no longer patching them. Think about how few mobile phone companies provide regular updates beyond a year or two. Back doors are discovered on a regular basis, and once out, they can be difficult or impossible to fix. Whichever would be implemented, it represents a massive, unacceptable risk to the safety and privacy of millions of people.
Every time someone comes up with an idea of how to do it differently, it turns out to be one or both of the above, and often with other fatal flaws, as well. Some of the world’s most experienced and brilliant cryptographers have weighed in on this again and again for more than two decades. There are literally no other ways to do it.
Such legislation would be catastrophic to the US people by greatly eroding privacy rights, by bringing about a risk of vast economic damage to the US, and by putting at risk the lives of people around the globe.įrom a technical perspective, there are only two ways to do this: adding a back door to the code allowing access to those who know how to use it, or adding a master decryption key of some sort that the user cannot change.
That’s not how it would necessarily work in the real world, though. Dianne Feinstein (D-CA), would require virtually any device manufacturer or provider of services that uses encryption to provide a way for the information to be decrypted, ostensibly upon presentation of a warrant. The Compliance with Court Orders Act of 2016, currently cosponsored by Sen. A bill floating around Congress and getting input from the White House would essentially outlaw effective encryption implementations, opening hundreds of millions of people to malicious exploitation from governments and thieves.