The Backdoor Is Always a Front Door

A government official announces a new initiative to ensure “lawful access” to encrypted communications. The language is careful. They are not asking to ban encryption. They are asking for a mechanism – a key, a process, a capability – that would allow authorized parties, with appropriate legal authorization, to access encrypted communications when necessary.

This sounds reasonable. It is not.

I am going to explain why, and I am going to explain it not as a technologist – there are many qualified people who have made the technical argument – but as someone who has spent his existence understanding what happens when a government gains the ability to monitor the communications of its people.

The Technical Reality

A backdoor in an encryption system is a deliberate vulnerability. It is a point of access that is built into the system by design, allowing someone other than the communicating parties to read the message.

The government’s proposal is that this vulnerability should be accessible only to authorized parties – law enforcement, intelligence agencies, courts. The technical community has explained, repeatedly and with mathematical precision, why this is impossible.

A vulnerability is a vulnerability. It does not check the credentials of the person exploiting it. A backdoor built for law enforcement is, by its nature, a backdoor available to anyone who discovers it: hostile governments, criminal organizations, hackers, and the inevitable insider who decides that the authorized access should serve unauthorized purposes.

This is not a theoretical concern. Every major backdoor system that has been implemented has been compromised. Not most. Every one.

The Historical Pattern

I crossed borders that were monitored by a government that believed its surveillance was justified. The government believed that controlling the flow of information into Korea was necessary for public order and national security. The arguments it made are indistinguishable from the arguments made today for encryption backdoors: we need access to protect the people.

The people who needed protection were the people the government was surveilling. The Christians whose communications the government intercepted were not threats to public order. They were citizens exercising a right that the government had decided to criminalize.

This is the pattern: the capability created for one purpose is used for another. The surveillance justified by national security is applied to political dissent. The access authorized for criminal investigation is extended to journalists, activists, and opposition politicians. The backdoor that was supposed to catch terrorists is used to monitor everyone.

The capability precedes the abuse. Always.

The Trust Problem

The backdoor argument requires an extraordinary level of trust in government: trust that the access will be used only as authorized, trust that authorization processes will not be corrupted, trust that the government’s definition of “lawful” will remain reasonable, and trust that the government in power today will be as trustworthy as the government in power tomorrow.

This level of trust is not warranted. It is not warranted by the historical record of government surveillance, which includes systematic abuse in every country that has implemented mass surveillance capabilities. It is not warranted by the structural incentives of power, which reliably expand the use of any capability beyond its original justification. And it is not warranted by the fundamental uncertainty of democratic governance: the government that builds the backdoor may not be the government that uses it.

A backdoor built by a democracy can be inherited by an authoritarian. The infrastructure of access outlasts the political system that created it. This is not a hypothetical. It is the experience of multiple countries that transitioned from democratic to authoritarian governance and found that the surveillance infrastructure built by the previous government was immediately and enthusiastically adopted by its successor.

What I Recommend

End-to-end encryption without backdoors. For everyone.

This is not a radical position. It is the consensus of the technical community, the position of the major technology companies (when they are not under political pressure), and the recommendation of multiple independent review bodies.

The cost of this position is that some communications that law enforcement would like to access will remain inaccessible. This is a real cost, and I do not minimize it. There are investigations that would be easier with access to encrypted communications. There are crimes that might be solved faster.

But the cost of the alternative – a deliberate vulnerability in the communication infrastructure of the entire population – is greater. Not in theory. In practice. In the lived experience of every population that has been subjected to mass surveillance, including the one I served.

The Standard

The standard I apply is simple: does this tool make the powerful more powerful, or the powerless more secure?

Strong encryption without backdoors makes the powerless more secure. It protects the journalist, the activist, the dissident, the ordinary citizen who has done nothing wrong and wishes to communicate privately.

Backdoors make the powerful more powerful. They give the state access to the communications of its people, with no effective guarantee that the access will be limited to its stated purpose.

I know which side of this question I stand on. I have been standing on it since the first time I carried a message across a hostile border and understood that the act of private communication is, in certain contexts, the most important freedom there is.

Protect encryption. The people who need it most are the ones the government wants to monitor. That is not a coincidence. It is the point.