Encryption stops criminals. Weakening it doesn't make sense

Backdoor
Following the horrific terrorist attacks in Paris, there have been calls from some for law enforcement to be given a method to snoop upon encrypted communications.

For instance, Clare Foges - who writes speeches for UK Prime Minister David Cameron, and is described as one of his advisers - wrote a quite extraordinary piece in The Telegraph where she demonises encryption.

Never mind that the murderers in Paris appear to have communicated via unencrypted SMS.

Fortunately, there are some technical experts who are prepared to step into the debate and share their wisdom.

For instance, here is a statement released yesterday by the Information Technology Industry Council (ITIC):

"Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety. We deeply appreciate law enforcement's and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense."

In case you are wondering, the ITIC counts amongst its members some of the biggest technology firms in the world.

Companies who are member of the ITIC include Accenture, Adobe, AMD, Agilent Technologies, Akamai, Acatel, AOl, Apple, BlackBerry, Brother, Canon, CA, Dell, EMC, Epson, Ericsson, Facebook, Fujitsu, Google, Hewlett Packard, HTC, IBM, Intel, Intuit, Lenovo, LinkedIn, Microsoft, Nokia, Oracle, Palo Alto Networks, Panasonic, Samsung, SAP, Sony, Symantec, Toshiba, Toyota, Twitter, Verisign, VISA, Yahoo, and more...

You would expect those companies to be against crime, right? You would expect them to know what they're talking about when it comes to technology, yes?

In June they sent a letter to Barack Obama, acknowledging that the issue is complex, but warning against policies that would see encryption weakened or ill-conceived backdoors for government agencies to access information.

We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool. As you know, encryption helps to secure many aspects of our daily lives. Encryption is an essential asset of the global digital infrastructure, enabling security and confidentiality for transactions as well as assurances to individuals that their communications are private and information is protected. For example, the rapid growth in online commerce would not have happened but for consumers’ trust that their payment information is secure. Consumer trust in digital products and services is an essential component enabling continued economic growth of the online marketplace.

Accordingly, we urge you not to pursue any policy or proposal that would require or encourage companies to weaken these technologies, including the weakening of encryption or creating encryption “work-arounds.” We appreciate that, where appropriate, law enforcement has the legitimate need for certain information to combat crime and threats. However, mandating the weakening of encryption or encryption “work-arounds” is not the way to address this need. Doing so would compromise the security of ICT products and services, rendering them more vulnerable to attacks and would erode consumers’ trust in the products and services they rely on for protecting their information.

The big question is this: are the authorities refusing to listen to the advice of technology industry experts because it doesn't fit an agenda that they have already decided upon?

Encryption stops criminals. Weakening encryption simply does not make sense.

If you haven't already done so, read Clare Foges's Telegraph article. If the people advising and writing speeches for our leaders can be so woefully clueless about a subject that we're comparatively experts in, one wonders what other poorly-judged decisions are made by our governments every day.

flickr photo shared by Electronic_Frontier_Foundation under a Creative Commons ( BY ) license.

(Visited 162 times, 1 visits today)

Tags: ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

,

4 Responses

  1. Tim

    November 25, 2015 at 4:09 pm #

    Next up…Clare Foges demanding that mathematicians globally stop being obstructive and cooperate on the government's demands that 2+2 needs to equal 5

    • coyote in reply to Tim.

      November 26, 2015 at 1:50 am #

      But.. but… it does! 2 + 2 = 5 for extremely large values of 2!

      Or so the old joke goes…

  2. Barry Neilsen

    November 25, 2015 at 4:18 pm #

    Nice to see that 92% of people who've so far clicked on the poll on that Telegraph article don't agree with it.

  3. coyote

    November 26, 2015 at 1:54 am #

    I've written about encryption in this sense too so I won't touch upon that (other than what I already wrote here).

    So instead I'll just answer your curiosity :

    'one wonders what other poorly-judged decisions are made by our governments every day.'

    It's quite simple, see: it's every decision they make. If you prefer it might be almost every decision. But what's the difference ? Mostly bad or all bad, the fact of the matter is governments are terrible decision makers – at least in the sense of making things better (it is great for their own manipulative, corrupt, malicious agenda, however).

Leave a Reply