Why we say no to encryption backdoors, once again
The timing of the latest battle of the Crypto Wars is unfortunate. People and organizations all over the world rely now on digital security technologies such as encryption to work remotely (and securely), yet policy makers are once again threatening to breach encrypted communications – thus threatening the digital security of billions of users.
At Tresorit, our mission is to help people and organizations work securely while protecting each individual’s right to digital privacy. Any attempt to access encrypted data, even if it is deemed “lawful” or “targeted”, creates vulnerabilities in encrypted systems and affects the security of millions of businesses and billions of people.
What’s happening now
Why do we have to say this one more time? As of end of 2020, encryption seems to be under a threat. Even though the recently leaked EU Council’s draft resolution states that strong encryption is fundamental, it completely misunderstands how encryption tech works and falsely suggests that it is possible to access some encrypted content for law enforcement in a targeted manner while keeping encryption secure for all.
Earlier this year, the lawmakers of Five Eyes urged the tech industry to embed solutions into their encryption products to allow access to readable user content for authorities.
Germany, a country traditionally in favor of data privacy, also introduced new laws about surveillance that threaten digital privacy.
Why we say no to backdoors
There is a long-held consensus among researchers and industry experts that it is impossible to create any kind of access to encrypted communications without undermining the security of the whole encryption infrastructure. Here are the reasons, in short.
- If built into encryption systems, backdoors act as intentional vulnerabilities that are not only there for the “good guys”
The main technology argument against backdoors is that they can be opened by anyone who happens to find them: criminals, terrorists, hostile intelligence agencies and the dark web alike. These backdoors would act as “Pandora’s Box” and enable malicious actors to infiltrate the entire communications. There is no regulative force, which could limit the use of these special vulnerabilities only for good uses. - The assumption that any governmental agency is unhackable or not vulnerable is naïve and has proven to be wrong multiple times. If we weaken our existing systems by introducing additional security gaps to enable law enforcement to do a better job, we will end up creating an even bigger problem with irreversible societal and political impact.
- Backdoors would ruin well-functioning security protocols. As we said above, the current security systems have been designed in a way that there is no exceptional access in the system. Current security protocols are not the best, but with backdoors, most of the accomplishments, would be ruined.
- With backdoors, we would end up making the internet a less secure place for all
Encryption is not only used by end-to-end encrypted apps. Thus, if we break the integrity of existing encryption protocols, we threaten digital services that enable our everyday lives. Our world increasingly relies on a trustworthy connection through the internet: individuals and business are banking online, companies transfer crucial business data through this network, governments communicate with their citizens online and so on.
What’s next?
So, what’s next for Tresorit in this fight? To strengthen our advocacy work and get our voice heard by policy makers, we have now joined the Global Encryption Coalition, a worldwide organization founded in March 2020 as a reaction to alarming developments on undermining encryption.
The mission of the GEC is to promote and defend encryption in key countries and multilateral gatherings where it is under threat. Together with global civil society organizations, research institutions and industry representatives, our aim is to help the relevant decision making bodies with our insights to create cybersecurity and law enforcement policies that are committed to strong encryption.
We’re keeping a close eye on how the above policies on encryption develop and will take every opportunity to represent our standpoint and defend encryption for all. Follow our privacy podcast under CTRL on Spotify or our official Facebook, Twitter and LinkedIn channels to keep in the loop.