leowolfert - Fotolia
Security pros reiterate warning against encryption backdoors
The majority of security professionals believe countries with government-mandated encryption backdoors are more susceptible to nation-state cyber attacks
Government-mandated encryption backdoors make countries, and more specifically their election systems, vulnerable to cyber attack, 74% of information security professionals warn.
At the same time, 72% believe laws that allow governments to access encrypted personal data will not make citizens safer from terrorists, according to a poll by security firm Venafi of 384 attendees of the Black Hat USA 2019 security conference earlier in August in Las Vegas.
The findings echo a similar poll of attendees of RSA Conference 2019 in San Francisco in March, which showed 73% of respondents were opposed to government-mandated backdoors.
Governments and law enforcement officials around the world, particularly in the Five Eyes intelligence alliance, continue to push for encryption backdoors, which they claim are necessary in the interests of national safety and security as criminals and terrorists increasingly communicated via encrypted online services.
According to the Five Eyes governments, the increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is “a pressing international concern” that requires “urgent, sustained attention and informed discussion”.
“Last month, the US Senate Intelligence Committee reported that election systems in all 50 states were targeted by Russia during the 2016 election,” said Kevin Bocek, vice-president of security strategy and threat intelligence at Venafi.
“We know that encryption backdoors dramatically increase security risks for every kind of sensitive data, and that includes all types of data that affects our national security. The IT security community overwhelmingly agrees that encryption backdoors would have a disastrous impact on the integrity of our elections and on our digital economy as a whole.”
Opponents of encryption backdoors have said repeatedly that government-mandated weaknesses in encryption systems put the privacy and security of everyone at risk the same backdoors can be exploited by hackers.
The survey also shows that 70% of the Black Hat USA respondents believe countries with government-mandated encryption backdoors are at an economic disadvantage in the global marketplace, while 84% would never knowingly use a device or program from a company that agreed to install a backdoor.
Bocek added: “On a consumer level, people want technology that prioritises the security and privacy of their personal data. This kind of trust is priceless. Encryption backdoors would not only make us much less safe at a national level, they also clearly have the potential to inflict significant economic and political damage.”
In July 2019, US attorney general William Barr said consumers should accept the risks that encryption backdoors pose to their personal security to ensure law enforcement can access encrypted communications. But more recently, Canada’s public safety minister Ralph Goodale called for his government to work with internet companies to find a balance between internet privacy and the needs of law enforcement.
In December 2018, the parliament of another Five Eyes member, Australia, passed controversial legislation requiring tech businesses to create encryption backdoors within their products, prompting criticism from security and privacy advocacy groups, including the Electronic Frontier Foundation (EFF).
The Australian legislation is based on the UK’s equally controversial Investigatory Powers Act, but the Australian law goes a step further by including the power to compel individual network administrators, sysadmins, and open source developers to comply with secret demands, including potentially to force them to keep their cooperation secret from their managers, lawyers and executive leadership.
The US, Canada, Australia and the UK are all members of the Five Eyes intelligence alliance, which in September 2018 called on tech firms to include backdoors in their encrypted products to give access to law enforcement authorities or face various measures.
The group said it encouraged information and communications technology service providers to voluntarily establish lawful access solutions to their products and services, but warned in a statement that should governments “continue to encounter impediments to lawful access to information necessary to aid the protection of the citizens of our countries, we may pursue technological, enforcement, legislative or other measures to achieve lawful access solutions”.
Read more about encryption backdoors
- UK and allies call for backdoors in encryption products.
- EFF welcomes backdoor-blocking US bill.
- Encryption is under attack, says Venafi CEO Jeff Hudson.