When British Prime Minister David Cameron announced on Tuesday his plan to introduce new surveillance powers in the UK by forcing businesses to plant backdoors in their communication products, and ban applications that use end-to-end encryption, security experts we asked for an opinion have unanimously declared that weakening users’ security posture is not the right answer to the problem of fighting criminals and terrorists.
“Doing this only to prevent some bad actors from communicating securely demonstrates a spectacular lack of understanding of the issue,” noted Jean-Philippe Taggart, Senior Security Researcher at Malwarebytes.
Still, you would think that by now we would be accustomed to tone deafness from politicians on technology subjects. We shouldn’t be surprised: state security often comes before the security of individual citizens.
“The genie is already out of the bottle, so making changes now won’t have much effect if the bad guys can already get their hands on strong encryption for free. People can’t make the technology simply “go away’ just because it has unwanted uses,” noted Richard Moulds, VP of Strategy at Thales e-Security.
In the meantime, The Guardian’s James Ball has shared the conclusions of a secret US cybersecurity report found in Edward Snowden’s trove that say that encryption is crucial for defending both government and private data.
According to the report, which concentrated on the problem of government networks’ security but also touched upon the dangers faced by businesses and citizens, when it comes to data security the biggest issue is slow adoption of encryption and other technologies.
The report was compiled in 2009 by the US National Intelligence Council, and at the time the fact that some US tech giants ramped up their encryption efforts was met with approval. Six years later, the global state of affairs is considerably different, and end-to-end encrypted communication methods are considered by the authorities to be dangerous.
Cameron is currently visiting the US and, according to Bell, it’s expected that he will ask the US president to pressure those very same tech giants to cooperate with the authorities on a greater level.
“They have a social responsibility to fight the battle against terrorism,” noted Cameron, but he seems to have forgotten that they have also a duty to protect their users’ security and privacy.