The former Director of the US National Security Agency (NSA) and US Central Intelligence Agency (CIA) Michael Hayden has pushed back against US Attorney General (AG) William Barr’s call for tech companies to create encryption backdoors by saying that Americans shouldn’t have to accept the associated security risks.
Barr made his controversial comments about encryption backdoors yesterday during a speech where he reportedly said Americans should accept the security risks of encryption backdoors.
Hayden responded to a news story about Barr’s comments on Twitter by suggesting encryption backdoors shouldn’t be accepted by Americans.
Hayden has consistently spoken about against the dangers of encryption backdoors over the last few years and notably said that the US government was wrong to ask Apple to build a backdoor into its iPhone encryption in the wake of the 2016 San Bernadino shootings.
Hayden’s response to Barr comes after we’ve seen numerous security holes that have given bad actors access to the data on people’s devices over the last year. These include:
- Two major WhatsApp vulnerabilities with the first allowing bad actors to surveil WhatsApp users and the second allowing bad actors to scrape data from WhatsApp users’ Amazon, Apple, Facebook, Google, and Microsoft accounts
- A major Zoom vulnerability which allowed bad actors to hijack people’s webcams
- A major FaceTime vulnerability which allowed bad actors to listen in on iOS devices without the device owner’s approval
Building encryption backdoors into software would likely make incidents like these more common.
In addition to the security risks, multiple companies in Australia have highlighted the other negative impacts compelled encryption backdoors can bring by speaking out against the consequences of the 2018 Australian Assistance and Access Bill – a bill which can be used to force the employees of any Australian company to secretly install backdoors in company software.
Earlier this year, the Australian company Fastmail said its staff were worried about being legally compelled to install secret backdoors in its software as a result of this bill and at the beginning of this month, the Australian cloud storage company Vault said customers are avoiding Australian tech companies because of this bill.
