If technology companies don’t provide the U.S. government with access to data via encryption backdoors, “legislation may be necessary,” Deputy Attorney General Rod Rosenstein recently told an audience at the Utah National Security and Anti-Terrorism Conference.
“One of our most significant and growing challenges is that terrorist groups often use encrypted communication channels,” Rosenstein said. “The use of encrypted services poses a novel threat to public safety. We can disrupt attacks only if we are able to learn about them.”
“After a terrorist attack, obtaining stored electronic information is an effective and necessary law enforcement technique,” he added. “But, as we saw after the San Bernadino attack, obtaining electronic data can be time-consuming, expensive, and uncertain if technology providers refuse to cooperate.”
“Unfortunately, some companies are unwilling to help enforce court orders to obtain evidence of criminal activity stored in electronic devices,” Rosenstein said.
Venafi CEO Jeff Hudson told eSecurity Planet by email that giving government access to encrypted data won’t make us safer — in fact, he said, it’ll do the opposite. “It’s clear that governments don’t understand how encryption backdoors will be used to undermine our global digital economy,” he said. “The negative impact encryption backdoors will have on every aspect of security and privacy is tremendous.”
A recent Venafi survey of 296 IT security professionals found that 72 percent of respondents don’t think encryption backdoors would make their nations safer from terrorists, and 91 percent said cybercriminals could take advantage of government-mandated encryption backdoors.
Eighty-one percent of respondents said governments should not be able to force technology companies to give them access to encrypted user data.
Just 19 percent of respondents believe the technology industry is doing enough to protect the public from the dangers of encryption backdoors, and 86 percent believe consumers don’t understand the issues surrounding backdoors.
“We need to spend more time protecting and supporting the security of our machines, not creating purposeful holes that are lucrative to cybercriminals,” Venafi chief security strategist Kevin Bocek said in a statement.
The National Interest
At the end of last year, a report from the U.S. House Judiciary Committee’s Encryption Working Group stated, “Any measure that weakens encryption works against the national interest,” adding that representatives of the national security community had told the working group that “strong encryption is vital to the national defense and to securing vital assets, such as critical infrastructure.”
And recently proposed European Union regulations would explicitly encourage end-to-end encryption and outlaw backdoors.
“The providers of electronic communications services shall ensure that there is sufficient protection in place against unauthorized access or alternations to the electronic communications data, and that the confidentiality and safety of the transmission are also guaranteed by the nature of the means of transmission used or by state-of-the-art end-to-end encryption of the electronic communications data,” the proposal states.
“Furthermore, when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited,” the proposal adds. “Member States shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.”