Most infosec pros consider government-mandated encryption backdoors a bad idea

Apple and the FBI have been engaged in a legal battle over the federal government’s right to require built-in smartphone encryption software that could aid law enforcement investigations.

This debate has moved to Capitol Hill as pressure grows for Congress to pass updated laws clarifying technology companies’ responsibility to provide access to customers’ encrypted data.

Tripwire announced the results of a survey of 198 security professionals attending the RSA Conference 2016.

Of those surveyed, 81 percent of respondents said it is either very likely or certain that cybercriminals would abuse the government’s capability to access encrypted data if technology companies are required to provide it.

“Security professionals are very suspicious of any decision that redefines what’s acceptable and what’s not when it comes to security and privacy,” said Dwayne Melancon, CTO and vice president of research and development for Tripwire. “It’s no surprise that the majority of the respondents at a security conference are concerned about this decision and, regardless of how it is resolved, it will have a lasting impact on security and privacy.”

Additional survey findings include:

• 82 percent of respondents said it is either very likely or certain that government agencies would abuse their right to access encrypted data if technology companies were required to provide it.
• 53 percent said technology firms should be required to provide access to encrypted data on consumer devices if law enforcement serves them with a warrant or subpoena.
• When asked about the impact this change would have on consumer and enterprise privacy and security, an overwhelming 88 percent believe it will reduce security and privacy.