Since Snowden released the National Security Agency’s (NSA) dirty laundry security conscious people have been scrambling to find more secure means of communication. Most of the companies called out in the leaked documents have been desperately trying to regain the confidence of their customers. Google and Apple have enabled full device encryption on their mobile operating systems by default, many websites have either added HTTPS communications or have gone to exclusive HTTPS communications, and many apps have been released claiming to enable communications free from the prying eyes of Big Brother. Verizon decided to jump on the bandwagon but failed miserably:
Verizon Voice Cypher, the product introduced on Thursday with the encryption company Cellcrypt, offers business and government customers end-to-end encryption for voice calls on iOS, Android, or BlackBerry devices equipped with a special app. The encryption software provides secure communications for people speaking on devices with the app, regardless of their wireless carrier, and it can also connect to an organization’s secure phone system.
Cellcrypt and Verizon both say that law enforcement agencies will be able to access communications that take place over Voice Cypher, so long as they’re able to prove that there’s a legitimate law enforcement reason for doing so.
Security is an all or nothing thing. If you implement a method for law enforcement to access communications you also allow everybody else to access communications. Backdoors are purposely built weaknesses in the security capabilities of a software package. While developers will often claim that only authorized entities can gain access using a backdoor in reality anybody with the knowledge of how the backdoor works can use it.
Matters are made worse by the fact that law enforcement access is the problem everybody is trying to fix. The NSA was surveilling the American people in secret. A lot of people have also been questioning the amount of surveillance being performed by local law enforcement agencies. Since there is a complete absence of oversight and transparency nobody knows how pervasive the problem is, which means we must assume the worst case and act as if local departments are spying on everything they can. Tools like the one just released by Verizon don’t improve the situation at all.