US intelligence and law enforcement agencies are fighting for a back door in encryption tools that would allow them to spy on and monitor “encrypted” information. The concept is a bad idea on multiple levels and will end up causing more problems than it solves.
I wrote about the flaws in the plan for an encryption back door:
Intelligence and law enforcement agencies in the United States have escalated the fight for a back door in encryption algorithms in the wake of the recent attacks in Paris. Aside from the fact that it’s an opportunistic attempt to exploit the tragedy in Paris, and that encryption apparently played no role whatsoever in those attacks, the reality is that adding a back door to encryption would not accomplish the intended goal.
There’s three reasons an encryption back door won’t work. First, any legislation or mandate to build a back door into encryption algorithms for intelligence and law enforcement would only apply to US companies and/or US citizens using those tools. The government could try to ban or prevent people from using non-compliant encryption tools in the United States, but the funny thing about criminals and terrorists is that they’re not very keen on following rules dictated by the US government.
The bad guys that intelligence agencies and law enforcement want to be able to spy on and monitor would simply violate those rules and run encryption tools that don’t include the back door. The resourceful terrorist or cybercrime organizations would simply develop their ownhome-grown communication and encryption tools with unique algorithms that don’t comply with the back door mandate.
“Strong encryption is a core technology that permits the trusted exchange of information between individuals, businesses, and governments,” explains Ajay Arora, CEO and Co-founder, Vera. “Without it, the technology and communications networks we have built are susceptible to constant, uninterrupted, and damaging attacks against financial information, personal information, and assets.”
The second reason a back door won’t work is that the US government and law enforcement agencies have proven time and time again that they can’t actually prevent cyber espionage and data breaches either. It would only be a matter of time—and probably not much time at that—before the master key to the encryption back door falls into the wrong hands and the tables are turned. Instead of being monitored, the cybercriminals would be able to intercept and decrypt virtually all digital communications.
“Creating backdoors to encryption is a Pandora’s box that cyber criminals can and will exploit,” proclaimed Arora. “Technologies like behavioral analysis, not content surveillance, is a much more effective and efficient way to detect anomalies and threatening behavior. It finds the signal in the noise.”
That brings us to the third reason that an encryption back door won’t work. Once trust is broken and companies and individuals learn that encryption no longer providers any privacy or data protection they’ll just stop using it. Terrorists and cybercriminals as well will simply abandon encryption and find other ways to communicate surreptitiously.
Check out the full post on CSOOnline.com: An encryption back door won’t actually help intelligence agencies.
- Tackling Swivel Chair Syndrome - November 14, 2024
- Unlocking Proactive Compliance with Adobe’s Common Controls Framework - October 14, 2024
- Unlocking the Power of Continuous Threat Exposure Management - October 8, 2024