Scanning your connection...
Default PrivacyDefault Privacy
Back to Glossary
Security

What is Backdoor?

A hidden method of bypassing normal authentication or encryption in a computer system. Backdoors may be intentionally built in (for maintenance or surveillance) or secretly inserted by attackers. In privacy contexts, backdoors refer to deliberate weaknesses that allow authorities to access encrypted data.

Also known as: Back Door, Encryption Backdoor

A backdoor is a secret way into a system that bypasses normal security. In privacy debates, governments often demand backdoors in encryption to catch criminals—but backdoors fundamentally undermine security for everyone.

Types of Backdoors

Intentional (Authorized)

  • Built by developers for maintenance
  • Required by governments for surveillance
  • "Lawful intercept" capabilities

Malicious (Unauthorized)

  • Inserted by hackers
  • Hidden in compromised software
  • Supply chain attacks

Architectural

  • Weak key escrow systems
  • Master keys held by third parties
  • "Trusted" third-party access

The Backdoor Debate

Government Argument

  • Need access to catch terrorists, criminals
  • "Responsible encryption" with lawful access
  • Only for authorized law enforcement

Security Expert Response

  • A backdoor for "good guys" is a backdoor for everyone
  • Criminals will just use non-backdoored encryption
  • Discovery/theft of backdoor keys = catastrophic breach
  • Weakens security for billions to catch a few

Why "Secure Backdoors" Are Impossible

  1. Mathematics doesn't negotiate: Encryption is either secure or it isn't
  2. Keys can be stolen: Any master key is a target
  3. Scope creep: Access expands beyond original purpose
  4. International: Other countries demand same access
  5. Criminal adaptation: Bad actors switch to secure alternatives

Historical Examples

  • Crypto AG: Swiss company sold backdoored encryption to governments
  • Juniper Networks: NSA-linked backdoor discovered in firewalls
  • Dual EC DRBG: Backdoored random number generator in standards

Protecting Yourself

  • Use open-source encryption (backdoors harder to hide)
  • Prefer decentralized systems (no central point for backdoors)
  • Check security audits
  • Avoid closed-source, government-influenced encryption

Related Terms

Encryption

The process of converting information into a code to prevent unauthorized access. Encryption transforms readable data (plaintext) into an unreadable format (ciphertext) using a cryptographic algorithm and key. Only those with the correct key can decrypt and read the original data.

End-to-End Encryption

A method of secure communication where only the communicating users can read the messages. In principle, it prevents potential eavesdroppers – including telecom providers, Internet providers, and even the provider of the communication service – from being able to access the cryptographic keys needed to decrypt the conversation.

Open Source

Software whose source code is made freely available for anyone to view, modify, and distribute. In privacy tools, open source allows independent security researchers to verify that the software does what it claims and contains no backdoors or hidden surveillance capabilities.

Have more questions?

Use our guided flow to get the right next privacy step for Backdoor.

Open Guided Flow