Weakness is not a Solution
It turns out designing vulnerabilities into our systems makes us more vulnerable
This was a response to the announcement of compromised US telecom systems.
Backdoors make everyone unsafe. We know this, and it's been proven to us repeatedly... yet here we are, again.
Why?
I think, in part, because we've embraced a seductive but broken concept of safety.
Safety Through Weakness
That concept is what I'd call safety through weakness. It involves finding ways to cripple everyone so that we feel less threatened.
Backdoors are an instance of this enforced weakness. We could, if we wanted, build public systems that enable nearly perfect secrecy... but we don't. We're scared of what others might "get away with" if they had greater agency - in this case, strong privacy. The result is that we replace localized risk with systemic risk, inviting our most powerful adversaries to exploit the weaknesses we thought would save us.
Safety through weakness is both zero-sum and coercive. In order for me to feel safer, you must be weaker. And since you may not want to be weak, I must use the force of law to compel you to be weak.
This abusive thinking leads to increasingly absurd outcomes, like treating software engineers as criminals for writing code that people use in ways we don't like... which is to say, by treating ALL code development as potentially illegal.
Safety Through Strength
The alternative is what I'd call (predictably) safety through strength.
This approach is about finding ways to overcome danger by becoming more capable and resilient. It is about what I CAN do, not what other people CAN'T do. It includes everything from physical exercising to prevent injury, to building a more distributed power grid.
I value this approach for multiple reasons, including:
1 - It affirms our agency
I don't need someone else's permission to make things better. As an individual, I can explore new solutions; and as a community, we can develop more resilient systems. It's not zero-sum. We can be strong together.
2 - It doesn't require me to compel you to change
Because I'm focused on finding solutions by increasing my own capabilities, there is little place for government-backed force. I don't need obligatory technology backdoors, or precautionary restrictions, or preemptive enforcement. Focusing on strength instead of weakness can actually make our communities LESS coercive.
3 - It can really achieve our goals
This hack is just the latest failure of "safety through weakness" thinking; it will continue to fail us until we either abandon it or it makes us irrelevant. Throughout time, new technologies have always involved new risks; the societies that thrive are those that master - rather than suppress - the capabilities those technologies enable.