The US government and law enforcement agencies want to make sure terrorists and criminals can’t hide behind encryption. The solution, apparently, is to try and force vendors to build backdoors through the encryption. The problem with that “solution” is that it exposes all of the innocent, law abiding companies and citizens to potential compromise of sensitive data, but the bad guys will just find ways around the backdoor requirement:
The world can be a dangerous place, and nations around the world must be vigilant to identify and prevent attacks from would-be terrorists. In the wake of recent terrorist attacks in Paris and in San Bernardino, Calif., there has been increased debate over the need for intelligence agencies to have some sort of back-door access to enable monitoring of encrypted data and communications. It’s an issue of national security, apparently.
How would that work, exactly? Let’s assume that we allow the government to mandate that our Internet providers, websites and Web browsers, email systems, instant messaging tools, and other computer and communication technologies build some sort of encryption back door that allows Big Brother to keep tabs on everything and everyone. Would we then also make a rule demanding that would-be terrorists only use the tools that comply with the encryption back-door requirement?
I know that sounds silly, but how else would it work? The problem with making rules and regulations is that they only apply to law-abiding organizations and individuals. Terrorists and criminals—by definition—don’t follow the rules, so making new rules won’t really change anything.
The bad guys that are ostensibly the target of an encryption back door can simply choose to use platforms and applications that don’t comply with the encryption back door requirements. The more resourceful terrorists and criminals can just develop their own proprietary tools to encrypt information. Those that lack the capacity to do so would simply find alternative methods to communicate that circumvent the encryption back door. At the very least, the only terrorists or criminals who could be monitored or captured as a result of a known encryption back door would be the dumbest of the dumb, and probably would have blown themselves up anyway.
See the full post on the RSA Conference blog: Encryption Rules Only Apply to Those Who Follow Them.
- Julie Smith Shares Identity Security Guidance for 2023 - January 19, 2023
- Mark Thomas Talks about Threat Hunting - January 5, 2023
- Malcom Harkins Talks about Ethical and Legal Obligations of the CISO - October 20, 2022