April 16, 2021 Opener

Law enforcement officials have recently proposed requiring all computer systems to have a “back door” built into them. This back door is to be designed so that law enforcement can bypass protections such as encryption or access controls that would normally prevent them from accessing the data or resource. For example, Apple would have to build the iPhone in such a way that, if law enforcement officers had a court order, they could read any data that the court order allowed.

This is similar to a bill Senators Feinstein (D-CA) and Burr (R-NC) drafted in 2016 (the “Compliance with Court Orders Act of 2016”), but that never became a law.

  1. What assumptions must be made for this law to have the desired effect?
  2. Assume that such a law could be effective. What problems might that introduce?
  3. What is the difference between this type of back door and a vulnerability?

UC Davis sigil
Matt Bishop
Office: 2209 Watershed Sciences
Phone: +1 (530) 752-8060
Email: mabishop@ucdavis.edu
ECS 135, Computer Security
Version of April 15, 2021 at 12:13AM

You can also obtain a PDF version of this.

Valid HTML 4.01 Transitional Built with BBEdit Built on a Macintosh