Do Encryption backdoors benefit Hackers and Scammers? Governments Vs Privacy.

Show Notes

In this week's episode of Scams, Hacks, and Frauds, we explore the nuanced relationship between encryption backdoors and the activities of hackers and scammers. With the rise of end-to-end encryption, user privacy is at the forefront of technology discussions. However, governments are increasingly pushing for access to encrypted data, raising concerns about whether this response is justified in the fight against fraud. We will look into controversial cases such as Apple’s defiance against UK government demands, examining the broader implications for personal data and how it could potentially create more opportunities for hackers. Tune in for essential insights on maintaining your privacy while navigating a landscape full of scams and fraud.

We publish new content every other Monday. The  10 minutes our episodes may save your wallet, and help protect your family.

If you like shows like "The Perfect Scam" or "Darknet Diaries" then this show might be for you.  

On our website you’ll find more computer hacking, identity fraud, impersonation, consumer rights and Romance Scams.  To find these and to access our transcripts, visit us at www.scamshacksandfrauds.com.

The transcript and spoken audio are available under the Creative Commons, Share Alike, With Attributions license. For more information on this visit creativecommons.org.  

Transcript

For years, a secret battle has been fought  over privacy online. Users expect their password-protected data to be encrypted to prevent theft by hackers or governments. As hackers improve their methods, companies enhance encryption, leading to government court orders for data decryption. Many companies now use end-to-end encryption, making it impossible for them to access their customers ’ data. In response, governments are demanding back doors to decrypt and access everyone’s data.  Is this a reasonable step to combat crime, or is it just another opportunity for hackers?  This is the podcast that helps keep you safe from scams, Hacks, and frauds.

Let’s start by discussing what encryption is. Encryption is a process of encoding information so that only those who are supposed to be able to see it can read it.  It is a cornerstone of modern cybersecurity. Humans have used ciphers, codes, and other methods to send secure, secret messages for thousands of years, there are examples of these being in use in ancient Egypt, Greece and Rome.

During World War 2 German forces famously encrypted their communications with Enigma machines, while the British military worked tirelessly to crack those codes. 

You may have even experimented with simple codes or ciphers as a child, swapping one letter for another letter or number.

Today, encryption is crucial for protecting sensitive data online, from personal emails to financial transactions. The modern world wouldn’t be possible without it.

The way digital encryption works is that each character is converted into a unique number, and complex algorithms are used to scramble those numbers, creating encrypted data. To decrypt and read the original text, you need a special code, known as a key. These keys can be extremely long and complex. For example, in the 1970s, 56-bit encryption was standard, offering over 72 quadrillion possible combinations. Using the correct key with encrypted data allows the information to be decrypted and read. Modern cybersecurity relies on even more advanced encryption standards to secure sensitive information from cyber threats.

Imagine a combination bike or padlock.  Usually, if you buy one, there will be 3-5 tumblers - the spinning bit with the numbers.  To get the same sort of security that 1970s digital encryption provided, you’d need 17 of those tumblers on the lock.

If you don’t have the combination—whether for a bike lock or digital encryption—you might try every possible option. In cybersecurity, this is called a brute-force attack. If it took you a second to try each combination, it would take more than 2 billion years to try every possibility with 1970s 56 bit encryption.

Computers are far faster than humans. But even in  1977, a computer designed to break encryption would take about 4,500 years to crack a then state-of-the-art encrypted message—not quite 2 billion years, but still effective for the time. Today, even a standard laptop like a MacBook Air could break that level of encryption in under 20 hours. Specialized systems achieved this speed by 2010. Today, we use far more advanced encryption algorithms,which are harder to crack, but the point here is encryption is always crackable, given enough time and computer power. 

——

But waiting for technology to advance a few decades to get to the point where it takes even a few months to decrypt is clearly not going to work if you’re trying to investigate a potential terrorist attack, track down a child pornographer, or work out if your neighbouring country has spies in your capital looking for missile strike targets.  You need to access that now.  For many years, governments would head to court for a court order asking a messaging system, social media site, or email provider to hand over people’s data - you sent it to the company encrypted, they decrypted it on receipt, and reencrypted it when you wanted it sent back to you.  The court order would allow them to access your data when its right in the middle there, unencrypted.

In recent years, companies have shifted to a more secure approach. Now, data remains encrypted from the moment it is sent until it reaches the intended recipient, the company never holds it in an unencrypted form. This method, known as end-to-end encryption (E2EE), ensures that even if a hacker breaks into that company, they cannot read your data. Likewise, if a government obtains a court order for the decrypted data, there’s nothing the provider can hand over because they don’t have access. End-to-end encryption has become the gold standard for secure messaging apps and cloud storage, protecting online privacy and user data from unauthorized access.

Governments worldwide are very uneasy with end-to-end encryption. Although they reconise the value of it for their own communications, they’re uncomfortable with the rest of us having the same security.

In 2018, former FBI Director Chris Wray told NBC that there must be a way to ensure both secure messages for users andlaw enforcement access, stating, “We’re a country that has unbelievable innovation, we put a man on the moon […] the idea we can’t solve this problem as a society—I just don’t buy it.” 

In response, cybersecurity experts say that creating a secure backdoor is impossible without weakening security for everyone. Wray’s stance has been paraphrased as saying: Because we put a person on the moon, we should also be able to put a person on the sun. No amount of technology will ever make that possible.

Any intentional vulnerability, no matter how well-intended, will eventually be discovered and exploited by hackers, cybercriminals, and hostile governments.

Here’s a simple analogy: Which is easier to break through—a locked door, or a solid wall? By installing a door, you’ve already lowered your defenses; someone can pick the lock or force the door open. With a wall, your only option is to try to knock it down, which is much harder than forcing open a door. Requiring a backdoor in encryption is like adding a door to a wall—hostile countries, cybercriminals, and hackers will all try to exploit it.  Eventually they will be successful.

Despite these warnings, governments continue to frame backdoors as necessary for fighting online crime and child exploitation, often downplaying the very real privacy and cybersecurity risks.

——

This isn’t a new debate—the US first attempted to bring in back doors in the mid-1990s with the Clipper chip, even going as far as to say it would improve National security because they’d be able to access terrorist communications.  The only organisation to really deploy Clipper chip was the US government itself, consumers and businesses rejected it and came up with more secure encryption protocols instead. 

More recently, the UK government demanded access to encrypted data stored in Apple’s iCloud, which is protected by Advanced Data Protection. With this feature, only the user can decrypt their cloud data, and Apple does not hold any master key. Apple has taken a public stance against building backdoors or master keys for any government.

Apple didn’t back down; rather than build this back door, It chose to withdraw the Advanced Data Protection feature from the UK.  The UK responded by taking Apple to court, and perhaps most alarmingly, attempted to keep the matter secret; yet, somehow, the press managed to obtain it anyway. In April 2025, the court rejected attempts to keep the case secret. Recently, the US government claimed that the UK has backed down from this case, but I haven’t seen any UK-based confirmation of this.  

But even if it has backed down against Apple, the laws that allowed the UK Government to demand this remain on the books in the UK, as do laws in many EU states, Turkey, and, of course, China.  This is by no means just a UK issue.

At Scams, Hacks, and Frauds, we are impartial, but not unbiased.  We strongly advocate for protecting your personal data and digital privacy, regardless of which political party or country proposes it. 

We recognize the vital role of law enforcement in preventing and stopping serious crimes, but this cannot justify putting everyone else at risk of scams, hacks, and fraud. Strong encryption is essential for safeguarding your information against cyberattacks and identity theft.

If you’re searching for a secure messaging app or online cloud storage service, always choose one that offers end-to-end encryption. Even if you have nothing to hide, end-to-end encryption safeguards your personal data from hackers, scammers, cybercriminals, and hostile foreign actors—not just government surveillance. Take a moment to look at the website of your favourite messaging and social media apps and check what they say about encryption. If they do not use end to end encryption, consider switching to one that prioritizes your online safety and data protection.

While reviewing those, also check if they use the latest encryption standards, such as AES-256 or other reputable algorithms. The longer and more complex the encryption key - thats the 256 part, and the more up-to-date the standard, the harder it is for cybercriminals to break. That means it will take even longer before your information can be stolen, even through brute force.

We’ll have a new scam story next week, I’ve been Cee, and this has been Scams, Hacks, and Frauds.