Features – Like Backdoors – Are Forever

The news this week has been full of stories about Apple's resistance to a court order demanding they build a custom backdoor to a phone used by one of the San Bernardino suspects.

While I will leave deep analysis of the legal situation to experts of that domain, I believe that this instance holds valuable lessons for all software teams. One lesson in particular helps us understand why the creation of such a backdoor would inevitably become dangerous for innocent users.

Image of colorful doors Colorful doors in the UK, by Paul McIlroy under CC BY-SA 2.0.

People love useful software

Put simply: once a piece of useful software is created, its users won't want to give it up.

This is a phenomenon that is well-understood by many experienced software teams. It's part of why long-lived programs like Microsoft Word have so many features. There are strong incentives to add new functionality: niche users request them, salespeople see them as a competitive advantage, and developers get to work on building fun new things instead of just maintaining someone else's code. The incentives to remove functionality – making code simpler and faster, making the commonly-used tasks easier to find and use – are far outweighed by the pain that users experience when a beloved feature is taken away.

This is one reason that a human-centered design process is helpful. Working first to understand users' needs allows a team to start by developing a simple, well-targeted piece of software, rather than throwing a hodgepodge of features against the wall to see what sticks. Once a feature has hit the wall, chances are there are some users somewhere who see it as the product's core advantage – and would be sorely disappointed if it was ever taken away.

The moral is thus: always assume that people will use software more than you expect, and become attached to it in ways that you can't foresee. Don't ship software that you don't want to see used in new, creative, expansive ways.

Backdoors: popular to a fault

We can view a backdoor that circumvents the iPhone's security measures to be a software feature just like any other. If an entity like the FBI was able to get privileged access an iPhone for the San Bernardino case, it is safe to assume that they and other law enforcement entities would want to do so again for future cases – they wouldn't want to give such a useful feature up.

As the demand increased it would be hard to continue treating the backdoor software with tremendous care. More people at Apple would have to be given access to it to satisfy demand, or perhaps Apple would share the software with the law-enforcement agencies so they could take on the burden of fulfilling access requests directly.

As more people gained access to the software, the probability of malicious actors also gaining access would go up. It's hard to keep something that lots of people use every day secret. Given how much juicy data the backdoor could ultimately give access to, we have to assume that it would only be a matter of time before the backdoor was stolen and released into the wild.

Backdoors, like any software feature, will always become popular. If you don't want lots of people using them in new and unexpected ways, it's better to just not create them in the first place.