Law enforcement officials have recently proposed requiring all computer systems to have a “back door” built into them. This back door is to be designed so that, U.S. law enforcement can bypass protections such as encryption or access controls that would normally prevent them from accessing the data or resource. For example, Apple would have to build the iPhone in such a way that, if law enforcement officers had a court order, they could read any data that the court order allowed.

This is similar to a bill Senators Feinstein (D-CA) and Burr (R-NC) drafted in 2016 (the “Compliance with Court Orders Act of 2016”), but that never became a law.

  1. What assumptions must be made for this law to have the desired effect?
  2. Assume that such a law could be effective. What problems might that introduce?
  3. What is the difference between this type of back door and a vulnerability?

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 153, Computer Security
Version of April 17, 2018 at 8:25PM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh