We must not enable encryption backdoors in consumer products

As the Apple encryption controversy rages on, here's my take on it.

There should never be backdoors put in consumer products to enable the manufacturer or the government to bypass encryption protections. (It is however, reasonable for the government or an enterprise to enable a feature like this for their own devices that they manage and provide for their own internal uses.)

The obvious question is then Why? Doesn't this enable bad people to do bad things?

Look at it this way. You understand how your home's door lock works, right? You have a key that opens it. You also probably understand how a locksmith with the proper knowledge can bypass your particular lock.

Now, imagine that your home's lock has a "master key" feature created by the manufacturer. If you possess this master key, you can unlock the door to anybody's home that uses that brand of lock. These master keys are carefully controlled and distributed to licensed locksmiths only. The law says that only licensed locksmiths may use master keys and only under court order.

Seems pretty safe and reasonable, right? Only the good guys have the master keys and they use them for the right purposes.

Now, imagine that just *one person* out of all 7 billion on the planet is able to fool the manufacturer of the lock into believing that they are one of these trusted locksmiths. They end up with a master key in their hands. Doesn't seem too bad yet, right? It's only one person and laws prohibit them from using it.

Next, imagine this person scans the key and produces a 3D printer model of it. Then they put that model out on the Internet for anyone to download. Now, any criminal, anywhere with access to the Internet and a 3D printer can obtain their own master key for that brand of lock with a very small amount of work.

Do you think this is a far-fetched and unlikely scenario? Think again.

The exact same reasoning applies with the situation Apple is discussing. The only thing preventing all backdoor enabled devices from being decryptable is a little bit of extremely sensitive information stored in the hands of a few good (and imperfect) people. Once that information gets out – and with the ever-increasing number of serious cyber security breaches (see Edward Snowden and Office of Personnel Management), it is very likely that it eventually will – every single device in use becomes instantly decryptable.

That is just too dangerous of a situation to allow. It will instantly endanger people everywhere in sometimes life-threatening ways. And I've got good company in taking that position. The present and two former NSA Directors agree:

The US is “better served by stronger encryption, rather than baking in weaker encryption.” 

Yes, we will be protecting criminals and their behavior at times. But so do the 4th and 5th Amendments to the Constitution.

The danger of the alternative is too high. As H.L. Menken put it:

The trouble with fighting for human freedom is that one spends most of one's time defending scoundrels. For it is against scoundrels that oppressive laws are first aimed, and oppression must be stopped at the beginning if it is to be stopped at all.