IT Security Pros Slam State-Backed Encryption Backdoors
Most IT security professionals believe governments that mandate end-to-end encryption backdoors are exposed to a greater risk of nation state cyber-attacks, according to Venafi.
The security vendor polled over 500 industry professionals at the recent RSA Conference in San Francisco on a topic which continues to be hotly debated in the US and Europe.
Nearly three-quarters (73%) said they thought laws effectively forcing tech companies to enable law enforcers to read encrypted communications would make their nation less secure. Slightly fewer (70%) claimed governments shouldn’t be able to mandate private tech providers to make their code less secure.
Some 69% argued that such moves would also put a country at an economic disadvantage globally, presumably because it will no longer be seen as a safe place in which to do business.
“This is not rocket science; backdoors inevitably create vulnerabilities that can be exploited by malicious actors. It’s understandable that so many security professionals are concerned because backdoors are especially appealing to hostile and abusive government agencies and more governments are considering these mandates,” argued Venafi VP of security strategy and threat intelligence.
“We know that attackers don’t abide by restrictions; they don’t follow the rules or buy products in controlled markets. Countries that enact these near-sighted restrictions harm law abiding businesses and court economic damage as well as intrusions focused on sovereign government processes.”
Last December Australia passed new laws which could force tech providers to engineer de facto backdoors into their end-to-end encryption products. In so doing, it joined the UK, whose Investigatory Powers Act has widely been viewed as one of the most intrusive surveillance regimes of any western democracy.
However, with most global tech firms based in the US, these powers are unlikely to be tested on the world’s most popular services. That makes the US a key battleground for privacy advocates.
Law enforcers and some lawmakers have long argued for such powers, claiming erroneously that backdoors could be provided to allow police access to encrypted comms only in specific cases, without making the entire ecosystem less secure for all customers.
Increasingly exasperated by this talk, the world’s leading cryptography experts last year backed demands for FBI director, Christopher Wray, to explain the technical basis for his repeated claims that backdoors can be engineered without impacting user security.
Source: Information Security Magazine