Microsoft Expertly Demonstrates Why Encryption Backdoors Are Terrible Ideas

Microsoft did long term privacy advocates a huge favor, even while it screwed over untold millions of customers. The company expertly demonstrated the foolhardy nature of backdoors even existing by accidentally leaking a so-called “golden key.” That key will allow anyone to bypass Microsoft’s Secure Boot protections, rendering them moot.

Golden Key Website

A “secure golden key” is precisely what the FBI is demanding Apple and other companies provide. The agency wants to be able to access encrypted systems—which are increasingly common place—in the pursuit of its law enforcement duties.

In addition to trying to get U.S. courts to force Apple to create software that bypasses its encryption, the FBI has argued companies like Apple could create a backdoor that only they have access to. This, we are assured, would be an excellent compromise that protects privacy and facilitates legitimate law enforcement needs.

Reality

The argument by encryption experts is that a backdoor available to one is available to all. Backdoors provide a target for authoritarian regimes and other foreign governments, as well as terrorists and other criminal organizations. Worse—and this argument has been understood for decades—even if a backdoor isn’t compromised, its legitimate owners can mishandle it, misuse it, or let it out.

Microsoft apparently decided it would play the patsy and demonstrate exactly that. Everyone who doesn’t own a Windows device “protected” by Secure Boot should thank the company. Everyone who does should get rid of it and buy something from Apple.

For technical details on the key and how it works, check out Ars Technica‘s excellent writeup. The keys were originally uncovered in March and published this week to what Ars called “a funky website.”

Share this post