Jeffrey I. Schiller
Networking, Security and Cavies

Deja Vu: Risks for Back Doors in Systems

There have been stories in the press recently about how Google was hacked from China. One of the interesting observations was that the system at Google that was compromised was a system designed for lawful intercept. Back in May of 1997, a group of us, the self defined "Eleven Cryptographers" published a report entitled: "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption."

One of the issues we discussed in that report was that systems designed with "back doors" (the paper was concerned with cryptography, but the concept applies more broadly) are fundamentally less secure then systems without. The "back door" becomes an attractive target for intruders. Looks like it worked this time!