US agencies batting for new legislation to enable encryption backdoors
1 July 2019 |
Top federal officials in the United States are debating whether to introduce a new legislation to outlaw end-to-end encryption that would also enable security agencies to deploy encryption backdoors into devices under the garb of national security.
According to a recent report from Politico, a National Security Council meeting took place on Wednesday last week that involved deputy-level officials from various key U.S. agencies discussing whether new legislation should be introduced to ban the use of end-to-end encryption by private companies.
End-to-end encryption restricts security agencies' ability to read data stored in devices to identify terrorists and lawbreakers and considering that everyone uses a mobile device nowadays, security agencies believe that gaining backdoor access to devices is essential for ensuring national security.
"The two paths were to either put out a statement or a general position on encryption, and [say] that they would continue to work on a solution, or to ask Congress for legislation," said a person familiar with the matter to Politico. However, the meeting of deputies from various security agencies did not produce a decision.
Politico also noted that there is a lack of consensus among federal agencies as far as banning end-to-end encryption is concerned. While FBI and the DoJ are in favour of encryption backdoors, the Commerce and State Departments believe that introducing encryption backdoors could result in "economic, security and diplomatic consequences".
FBI believes encryption backdoors will stay out of reach of cyber criminals
Last year, FBI Director Christopher Wray said that encryption had weakened the FBI's ability to deal with cases involving terrorism, child exploitation, organised crime and trafficking and urged mobile phone companies to create encryption backdoors that only authorities will be able to exploit, thereby ensuring that such backdoors will stay out of reach of cyber criminals and enemy states.
"Being unable to access those devices is a major public safety issue and impacts our investigations across the board. This problem will require a thoughtful and sensible approach. We have people devoted to working with stakeholders to find a way forward. We need the private sector’s help," he said.
"Once again, we have politicians trying to legislate what they do not understand. The message just doesn’t seem to be getting through – if you undermine encryption, create a backdoor, then you will weaken security defences that are used by our very own government," says Kevin Bocek, Vice President, Security Strategy & Threat Intelligence at Venafi.
"It’s a really bad idea, once a backdoor is created it won’t stay secret for long and will just create blueprints for hackers to steal private data and sneak into encrypted communications. I understand that it’s frustrating that police can’t access encrypted communications, but creating a backdoor isn’t the answer and it’s totally unrealistic to simply ban the use of such services – this will only hurt their legitimate, law-abiding users," he adds.
According to Johathan Evans, an ex MI5 chief who retired in 2013, while the use of encryption has hampered the ability of security agencies to access communications between terrorists, banning encryption altogether would also impact the cyber security of the society as a whole.
"I’m not personally one of those who thinks we should weaken encryption because I think there is a parallel issue, which is cyber security more broadly. While understandably there is a very acute concern about counter-terrorism, it is not the only threat that we face. The way in which cyberspace is being used by criminals and by governments is a potential threat to the UK’s interests more widely.
"It’s very important that we should be seen and be a country in which people can operate securely – that’s important for our commercial interests as well as our security interests, so encryption in that context is very positive,' he said.
Latest posts by Jay Jay (see all)
- Phishing attack targeting financial organisations using SHTML file attachments - 17th July 2019
- Hackers accessed Sprint subscriber accounts via Samsung website - 17th July 2019
- Two years after WannaCry, 2,300 NHS computers are still running Windows XP - 17th July 2019
- NCSC’s Active Cyber Defence programme helped block 140,000 phishing attacks in 2018 - 16th July 2019
- Eurofins forced to pay ransom following crippling ransomware attack - 15th July 2019