Intelligence services and not only: how to protect your application from backdoors

Image: EFF-Graphics [ CC BY 3.0 ]

The head of the General Intelligence and Security Services of the Netherlands, Rob Bertoli (Rob Bertholee), in an interview with the local newspaper De Volkskrant, said that developers of protected applications - in particular, instant messengers - should make it easier for special services to access user data if necessary for investigations.
')
The main Dutch intelligence officer said that terrorists use protected messengers like Telegram, WhatsApp and Signal, which makes it difficult for special services to intercept their communications and, as a result, prevent attacks.

"Those who pose a threat"

In early 2016, the Dutch government issued a statement on the inadmissibility of "any restrictions on the development, distribution and use of cryptography." The document, among other things, states that intentional weakening of products with encryption due to backdoors for the needs of special services may have side effects and open access to data for citizens for cybercriminals, terrorists or foreign intelligence services.


Rob Bertoli (right)

Nevertheless, Bertoli believes that intelligence agents should have access to "communications of those who represent a threat." His words are quoted by the Ars Technica edition:

Will privacy advocates remain equally unshakable in their enthusiasm after they become victims of a terrorist attack? You need to ask yourself the question - how much are you willing to sacrifice your own security for the sake of privacy.

At the same time, he made a reservation that privacy protection is “very important,” but he immediately recalled the scandal when the FBI tried to force Apple to unlock the iPhone shooter from San Bernardino.

Bertoli is not the only high-ranking European representative of the security agencies, who believes that developers should provide special services with the ability to decrypt the traffic of their applications.

Earlier in August of this year, France’s Minister of the Interior Bernard Cazeneuve expressed a similar position. He also pointed out that secured applications are used in their communications by attackers and terrorists.


Bernar Kaznev

The problem is not only in the special services

Despite some statements by high-ranking heads of law enforcement agencies, the official position of European governments at the moment does not allow the special services to demand the creation of backdoors, and public organizations are actively criticizing such initiatives.

However, the lack of permission for “backdoors” for special services does not mean that there are no such opportunities in the application. In addition to purposefully created “black moves”, randomly created backdoors, which appear due to developer errors, can occur in programs. Inefficient use of cryptographic tools is one of the common causes of such security holes in applications that pose a serious threat.

On how to protect your application and prevent mistakes when using cryptography, you can learn on October 6 at 14:00 from the free webinar Vladimir Kochetkov, head of the development team of the analyzers of source codes of Positive Technologies.

You can register for the webinar here: www.ptsecurity.ru/research/webinar/109414