Backdoor: How a metaphor turns into a weapon
Governments want special access to encrypted data while IT specialists and privacy advocates oppose these demands. What is the role of the “backdoor” metaphor within these conflicts, often coined as “Crypto Wars”? Leontine Jenner takes a closer look at the metaphor’s many layers.
“UK’s new Snoopers’ Charter just passed an encryption backdoor law by the backdoor” reads a headline by British technology news website The Register from 30 November 2016. The twofold usage of the term “backdoor” should not be dismissed as merely a mediocre pun. Rather, the headline’s wordplay shines light on the multiple layers of metaphorical meaning the IT term “backdoor” carries.
As Lakoff and Johnson have argued, the “the essence of metaphor is understanding and experiencing one kind of thing in terms of another”. But when we make sense of new phenomena by borrowing from well-known concepts, we structure our understanding in a way that highlights certain aspects while potentially disregarding others. So what does it mean to understand the concept of a “backdoor” (e.g. with regard to encryption) in terms of a rear door to a building?
It may help to think of the metaphor as an onion with its several layers. At the core of the onion lies the original and most basic understanding of the “back door” as the rear door to a building. The middle layer consists of the phrase “by the back door” (or alternatively: “through the back door” / “backdoor” as an adjective) used to describe indirect and devious means of achieving something. As the outer layer of the onion, we have the backdoor as a mechanism for bypassing security (and more narrowly encryption). I will reserve the spelling “backdoor” for the IT term while using the spelling “back door” when talking about the two underlying metaphorical layers.
The Core Layer: “Back Door” as a Rear Door to a Building
When used within the realm of IT, the term “backdoor” refers to a highly technical and complex concept while at the same time borrowing meaning from everyday life. Relating the backdoor in encryption to the back door of a building immediately creates some sort of basic understanding of this technical concept, even for those less well versed in information technology. This makes the backdoor metaphor particularly useful and powerful but also potentially misleading. Since it creates a simple yet imperfect analogy, it can also lead to false assumptions, oversimplification or even an instrumentalisation of the term.
In contrast to the front door, a back door can be understood as an alternative, unofficial point of entry. In past centuries, back doors were used by servants. In rural areas, frequently visiting neighbours entered through the back door as to avoid carrying dirt through the front door, which was reserved for more formal visits. Today we may think of the back door to a restaurant, where goods are received and waiters take a quick smoke break. We may even imagine a popular nightclub, where renowned musicians are ushered in through the back door and underage fans try to bypass the bouncer.
These examples all point to one implied characteristic of the back door: It is meant to be used only by people who are somehow legitimised to do so. This authorisation is often enforced by controlled access to the keys.
According to many IT specialists, this is where the “backdoor” metaphor fails to adequately describe the technical reality. A backdoor into one “building” (here: a technical device like a terrorist’s iPhone) would inevitably be a backdoor into all other similar “buildings”. In this view, the backdoor metaphor is misleading if it is not used in combination with the idea of a “master key”. The master key metaphor was also used by Apple CEO Tim Cook in 2016 when the FBI and Apple clashed over the encrypted iPhone owned by one of the San Bernardino shooters. A U.S. magistrate ordered Apple to assist the FBI in its attempt to bypass the iPhone’s lock screen in order to access its data. The technique required to open the San Bernardino shooter’s iPhone “would be the equivalent of a master key, capable of opening hundreds of millions of locks” argued Cook in an open letter in response to the FBI’s demands.
However, the “master key” metaphor is not without its problems. According to renowned IT security expert Bruce Schneier the dilemma that governments fail to acknowledge goes as followed: “We cannot build a backdoor that only works for a particular type of government, or only in the presence of a particular court order. Either everyone gets security or no one does. Either everyone gets access or no one does.” This reasoning goes against the most basic understanding of a back door as an alternative entry point, which can only be accessed by authorized parties in possession of a key. Schneier’s remark also hints at the legal precedent that may be set if one country successfully forces IT firms to comply with demands for backdoors.
The Middle Layer: Phrase “By the Back Door” Used to Describe a Secret, Furtive, or Illicit Method, Manner, or Means
When analysing the term “backdoor” in the context of encryption, it is not enough to think about the physical back door. Long before any disputes over locked iPhones, the term was already being used metaphorically to describe “a secret, furtive, or illicit method, manner, or means”.
This is also the case in the aforementioned headline by The Register: An encryption backdoor law is passed by the backdoor. In different contexts, the Trump administration has inspired several headlines making use of this metaphor. For instance, the Los Angeles Times wrote about how Donald Trump was plotting “another backdoor effort to gut Obamacare’s consumer protections” while the Huffington Post commented on “Trump’s Backdoor Muslim Ban”. When referring to the law making process, the phrase is often used to highlight and criticise a supposedly intentional lack of transparency that impedes public scrutiny. In this sense, the middle layer adds a negative connotation to the term by suggesting the government is working against its citizens. Thus, government officials have reasons to steer clear of the term “backdoor” in IT issues and often do. For instance, Australia’s Attorney-General George Brandis explicitly distanced himself from the term.
The Outer Layer: IT Term “Backdoor”
So what do IT specialists mean when they talk about the “backdoor”? If the world of ones and zeros could provide us with a clear-cut definition for the term, this would allow us to attribute less significance to the previously discussed metaphoric meaning behind it. However, technical definitions of the term “backdoor” remain somewhat ambiguous themselves in two regards:
- Firstly, general definitions of the backdoor in computing remain notoriously vague. A specific backdoor needs to be “hidden”; it can only remain an alternative entry point if its technical properties are not widely known. If most backdoors relied on the very same technical mechanism, this would defeat the very purpose of a backdoor.
- Secondly, definitions vary with regard to the purpose and the typical users of backdoors. Some definitions (e.g. in the SANS Glossary of Security Terms) focus solely on backdoors as a tool used by “attackers” or “hackers” with malicious intent. But there also examples for broader definitions: “A backdoor in software or a computer system is generally an undocumented portal that allows an administrator to enter the system to troubleshoot or do upkeep. But it also refers to a secret portal that hackers and intelligence agencies use to gain illicit access.“ This definition distinguishes between but also includes both “legitimate” and “illegitimate” backdoors. Interestingly, the definition mentions hackers and intelligence agencies in the same breath. Still other definitions cover the use by both administrators or attackers while describing any backdoor as a security risk and threat, regardless of the original intent behind it.
Political dimension of the “backdoor”
Have we successfully peeled back all of our onion’s layers? All in all, the deconstruction of the backdoor metaphor does not seem to fully explain the way in which the term is used in public discourse.
The “backdoor” has become a contested term within the so-called “Crypto Wars” – a long series of conflicts and power struggles over encryption technologies between national security agencies on one side and the tech scene and privacy advocates on the other side. While security agencies seem to avoid using the term to describe their efforts to gain access to computer systems or encryption, tech and privacy experts keep pushing the term “backdoor” to the forefront. “Uncovering” something as a backdoor seems to have become an argument of its own (see The Register’s article or Apple CEO Tim Cook’s open letter addressing the FBI’s demands for a backdoor).
Some layers of our backdoor onion seem to promote its use as a rhetorical tool against governmental intrusion. As shown here, the backdoor metaphor has associations with illicit means, malicious intent and security threats. Definitions of the IT term go as far as lumping together hackers and intelligence agencies.
However, some aspects of the backdoor metaphor could in turn also be leveraged by governments and their security agencies to strengthen their pro-backdoor argument in discourse. Both the core and the outer layer of the metaphor leave room for claiming and positively framing the term “backdoor” as a tool used by legitimized state actors (akin to an “administrator” instead of a “hacker”) and likening the act of accessing iPhones in the name of national security to some form of “troubleshooting” or “maintenance”.
From this perspective, the backdoor metaphor as such does not exclusively play into the hands of either side. The fact that, within the crypto wars, the term is avoided by governments and utilized by the tech scene can ultimately be understood as the result of a power struggle over its meaning. The tech scene and privacy advocates may not have won the war (yet), but for now the term represents a powerful rhetorical weapon in their hands.
If you are interested in submitting a piece yourself, send us an email with your suggestions.
This post represents the view of the author and does not necessarily represent the view of the institute itself. For more information about the topics of these articles and associated research projects, please contact firstname.lastname@example.org.
Sign up for HIIG's Monthly Digest
and receive our latest blog articles.
Data collection from standardized documents is still a manual process in many industries. AI-based solutions, such as those from Hypatos in Berlin, automate these manual processes, thereby reducing costs and...