denisovd - Fotolia
Coalition of top tech firms opposes weakened encryption
Weakening security with the aim of advancing security simply does not make sense, a coalition of top tech firms tells US president Barack Obama
A coalition of the world’s largest tech firms is opposing any form of weakened encryption or back doors to allow law enforcement and security officers access to encrypted data.
The Information Technology Industry Council (ITI), which represents more than 60 major tech companies including Google, Apple, Microsoft, Intel and Facebook, said in an open letter to US president Barack Obama that it opposes “any policy actions or measures” by the federal government that would undermine encryption technologies.
The move comes a day after Manhattan district attorney Cyrus Vance released a report calling for access to encrypted data on smartphones.
The report criticises Apple and Google for their decision to implement data encryption on their iOS and Android mobile operating systems, claiming “severe” consequences for public safety, and calls for smartphones to be made subject to search warrants that could compel Apple and Google to unlock encrypted data held on the device.
Vance proposes making this possible by introducing US federal legislation requiring technology companies to design smartphone operating systems with weaker encryption.
CIA director John Brennan has joined Vance and other members of the US Congress in opposing strong encryption because it allegedly allows terrorists to communicate freely while blocking the efforts of law enforcement and intelligence agencies.
“Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety,” said ITI president and chief executive Dean Garfield.
“We deeply appreciate law enforcement's and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense,” he said.
Read more about encryption
- A report from US district attorney Cyrus Vance claims the encryption of data on mobile operating systems has had severe consequences for public safety
- The Wikimedia Foundation calls on all sites to join its move to encrypt all connections by default
- Seven more security suppliers join Blue Coat encrypted traffic management programme amid fresh warnings of attackers using encryption to hide malicious activity
The recent terrorist attacks in Paris have fuelled the on-going debate around encryption, although there has been no evidence that the attackers relied on encrypted communication tools to co-ordinate.
Citing encryption technology’s role in protecting consumer privacy and securing the integrity of data in the global digital infrastructure, the ITI and Software & Information Industry Association (SIIA) asked president Obama to work with the technology industry to find a way forward that “preserves security, privacy and innovation”.
The letter warns against policies that mandate the weakening of encryption or the notion of building in dedicated “workarounds” for government agencies to access information.
“Encryption is an essential asset of the global digital infrastructure, enabling security and confidentiality for transactions as well as assurances to individuals that their communications are private and information is protected,” the letter said.
The letter’s authors point out that the rapid growth in online commerce would not have happened if consumers did not trust that their payment information is secure.
“Consumer trust in digital products and services is an essential component enabling continued economic growth of the online marketplace,” the letter said.
The letter also states that in addition to being technologically impractical, such policies would “compromise the security” of technology products and services, “rendering them more vulnerable to attacks” by criminals or bad actors. It would also “erode consumers’ trust in the products and services they rely on for protecting their information”.
Recognising that “the issue at hand is extremely complex, with implications both domestically and internationally” the letter said the tech industry seeks to open a dialogue on policies surrounding encryption and offer to help develop a framework for further discussions.
Read more on Privacy and data protection
EU plans to police child abuse raise fresh fears over encryption and privacy rights
IT professionals wary of government campaign to limit end-to-end encryption
Encryption myths versus realities of Online Safety Bill
Tech companies risk being compelled by law to protect children, says online safety expert