A worrying report emerging from the US concerns the future of end-to-end encryption and the on-going security of consumers; if the intelligence community can’t break it, tech firms won’t be allowed to use it.
Hypocrisy and contradiction seem to be languages on the syllabus for every politician in today’s society. This might have been the case for decades, but it seems to be very prevalent in the legislative halls around the globe currently. Today’s example concerns cybersecurity.
According to Politico, there has recently been a secret meeting with all the no.2’s from US intelligence agencies to discuss the possibility of banning end-to-end encryption. The logic is relatively simple; removing the end-to-end encryption barrier would help these agencies catch more terrorists. But then again, the contradiction is also glaringly obvious.
In the pursuit of increased security, the intelligence agencies are suggesting less security. The removal of end-to-end encryption might help these agencies catch more terrorists, but it would also expose the consumer to considerable risks such as fraud or blackmail, while also making it easier for foreign states or criminals to spy on anyone and everyone, including governments.
Fixing one problem by making several problems should not be considered a sensible or logical approach to managing national security. It’s incredibly ill-advised and quite frankly we are surprised this debate rages on.
What is worth noting is this is not a dispute which is limited to the shores of the US; there are short-sighted and dim-witted politicians trying to kill end-to-end encryption all around the world.
Australia passed a law in December to compel technology companies into creating backdoors for security services to make use of, while in the UK, GCHQ directors suggested a similar mechanism called ‘Ghost Protocol’ which received a scathing reception. During 2017, then Home Secretary Amber Rudd attempted to rid the UK of encryption, while the infamous ‘Snoopers Charter’ was a disaster waiting to happen. In France, Article L.871-1 of the Internal Security Code requires technology companies to provide access to data within 72 hours of a request.
There are other approaches as well, which pay a much-needed nod to the importance of end-to-end encryption. In Finland for example, Section 23 of Chapter 8 of the Law on Coercive Measures Act compels persons/companies other than suspects/accused persons to hand over passwords and decryption keys if it is necessary to conduct a search of data contained in a device. This approach is not perfect, but it maintains the integrity of security protocols and the resilience of end-to-end encryption.
Although these agencies might think creating backdoors and the accountability mechanisms to use them is a sensible strategy, it clearly isn’t. If there is a vulnerability created in the security perimeter, the dark web will find out about it and will go searching for it. It will only be a matter of time before someone finds it, either through perseverance or accident, and it will be monetized by nefarious characters.
What is an important factor of the digital economy is the desire and requirements of technology providers to build security into products and services. This desire to build in backdoors undermines any work which is being done. Governments are pressing for increased security, but then insisting it must be weakened. The technology industry is caught between a rock and a hard place.