February 21st, 2016

Amazon CTO On Encryption: “Evil Players Will Get Access To These Backdoors”

Mobile App Testing Learn tips, techniques and trends for launching great mobile apps Get It Now
Like what you're reading? Subscribe to the weekly newsletter. Subscribe For Free
written by

Werner Vogels says that creating backdoors could open a Pandora’s Box.

The battle over encryption between Apple and the U.S. federal government is all the tech industry is talking about across the world.


Amazon CTO Werner Vogels

Apple is fighting a court order from the FBI to decrypt the information of the iPhone from one of the perpetrators of the San Bernardino mass shooting in December 2015. Apple is protesting that the U.S. government is asking it to create a backdoor—a completely new version of iOS—to open the iPhone so that the FBI can further its investigation into the contacts and communications of the shooter.

The case, of course is not black and white. What the FBI is asking Apple to do could potentially harm the security and privacy of all iOS users across the world and set a dangerous precedent when it comes to building digital forensic tools for third-party organizations (like other governments across the world).

Apple CEO Tim Cook issued a public letter vowing to fight the court order to decrypt the phone and technologists from across the world—including the CEOs of Google, Twitter and more—are standing with Apple.

Today at Mobile Sunday at Mobile World Congress in Barcelona, Amazon chief technology officer Werner Vogels stated unequivocally that no company should build backdoors into the security of their products and that the decision to share data should be wholly in the hands of the individual customers that own that data.

Vogels stated:

We have a very strong opinion on this. We believe that you cannot have a connected business, or an Internet-connected business and not make security and protection of your customers your number one priority.

Encryption plays a very, very important role in that. To be honest, it is one of the few really strong tools we have so customers know that only they have access to their data and nobody else.

In our cloud division we put encryption into all of our services where customers can manage their own keys. I think that encrypting your data … of your customers is mandatory. It is not only mandatory from a business point or in the cloud, but also on premise. You should be encrypting your data. Without backdoors you can be sure that you are the only one who has access to your data.

The moment there are backdoors in encryption technologies, you no longer have that guarantee. You can no longer trust the technology that you have that you are the only one has access to your data. You would [be the one] who decides to share your data, with organizations or governments or whatever. But it is you who makes that decision. And I am a strong believer in that if there are backdoors and only one organization knows that there is backdoors, you are living in a very dangerous illusion.

Because the moment there is backdoors, evil players will get access to these backdoors eventually and renders encryption useless. So we are very strong believers that encryption should be in the hands of our customers and they should be the ones who decide who has access to the data and nobody else.

Without mentioning Apple or the FBI, Vogels is saying that the U.S. government’s stance that it only wants Apple’s help to decrypt the one iPhone and that only the FBI will have access to the backdoor is, at best, a dangerous illusion.

Forensic scientist Jonathan Zdziarski, who has built digital forensic tools for the U.S. government before, agrees. In a blog post on his website, Zdziarski explains the clever ploy by the FBI to have Apple build specific tools to decrypt the San Bernardino iPhone that would have wide-reaching impacts across the technology and law enforcement landscapes.

Zdziarski wrote:

In the same vein, you’ll also notice that in demanding a tool, FBI has sneakily ensured that a more “open” copy of the software will have to be released (that will work on other devices) in order for it to be tested, validated, and re-tested by a defense team. This guarantees that the hacking tool FBI is forcing Apple to write will be out in the public, where it will be in the hands of multiple agencies and private attorneys.