ENISA says crypto backdoors are a bad idea
“History has shown that technology beats legislation, and criminals are best placed to capitalise on this opportunity,” the European Network and Information Security Agency (ENISA) noted in a recently released opinion paper on encryption.
The paper addresses the question of whether backdoors or key escrow schemes should be implemented in encryption solutions, so that law enforcement and security services are able to decrypt communication that could be vital to solving cases.
ENISA’s position is clear: the use of backdoors in cryptography is not a solution.
For one, criminals can simply switch to using cryptographic tools that do not have a backdoor, or create their own. Secondly, legitimate users are put at risk.
“There is a legitimate need to protect communications among individuals and between individuals and public and private organisations. Cryptography provides the electronic equivalent of letter cover, seal or rubber stamp and signature,” the agency noted.
“In the light of terror attacks and organised crime, law enforcement and intelligence services have requested to create means to circumvent these protection measures. While their aims are legitimate, limiting the use of cryptographic tools will create vulnerabilities that can in turn be used by terrorists and criminals, and lower trust in electronic services, which will eventually damage industry and civil society in the EU.”
Thirdly, as said at the beginning, technology moves at breakneck speed.
“New technologies which generate once off encryption keys between end users are now being deployed,” the agency pointed out. “These keys are not stored centrally by the operator. These types of technologies make lawful interception in a timely manner very difficult. There is every reason to believe that more technology advances will emerge that will continue to erode the possibility of identifying or decrypting electronic communications.”
Finally, it’s possible that a weakening of encryption technology may ultimately weaken other aspects of cryptology, as the same technology is used, for example, to create digital signatures. “The existence of back doors / key recovery mechanisms can also potentially undermine the authenticity of a document,” they added.
All in all, the agency pointed out many of the drawback previously noted by crypto experts and security professionals.
Earlier this year, European Data Protection Supervisor (EDPS) Giovanni Buttarelli also opined against backdoors in encryption tech.