iTnews
  • Home
  • News
  • Technology
  • Security

Crypto experts slam govt encryption backdoor demands

By Juha Saarinen on Jul 8, 2015 10:57AM
Crypto experts slam govt encryption backdoor demands

Revisiting a bad idea considered an even worse idea.

A group of eminent cryptographers and computer scientists have come out strongly against demands by the US and UK governments to mandate backdoors in encryption to allow state agencies access for communications surveillance.

A report entitiled Keys under doormats: mandating insecurity by requiring government access to all data and communications [pdf] was published yesterday by the prestigious Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory (CSAIL).

CSAIL assembled some of the foremost experts on cryptography in the world for the report, which pointed out that the government calls for law enforcement access to all communications and data were not new, with the same mandates being debated 20 years ago.

However, the cryptographers noted that the damage that could be caused by law enforcement backdoors was much greater today than the mid 90s, when government backdoors such as the Clipper Chip key escrow system were considered damaging and harmful.

"In the wake of the growing economic and social cost of the fundamental insecurity of today's internet environmnet, any proposals that alter the security dynamics online should be approached with caution," the group warned.

Mandating government backdoor access to encrypted communications and data would mean protective measures such as perfect forward secrecy (PFS) as used by Google - which limits the amount of user information disclosed even if digital keys are compromised - would have to be removed.

Furthermore, the requirements to provide full access to law enforcement is likely to introduce unanticipated and hard to detect security flaws in today's complex and large internet environment with billions of interconnected devices and services, the cryptographers wrote.

The backdoors themselves would create "concentrated targets that could attract bad actors", further upping the risk of data breaches, the group wrote.

The crypto specialists pointed out that the UK intends to soon introduce laws to compel all communications providers, including US companies, to grant access to British security and law enforcement agencies.

This would lead to other countries demanding the same, reversing US and UK policy to keep the internet free and away from the control of authoritiarian regimes, the group argued.

"China has already intimated that it may require exceptional access. If a British-based developer deploys a messaging application used by citizens of China, must it provide exceptional access to Chinese law enforcement?" the crypto experts wrote.

"Which countries have sufficient respect for the rule of law to participate in an international exceptional access framework? How would such determinations be made?

"How would timely approvals be given for the millions of new products with communications capabilities? And how would this new surveillance ecosystem be funded and supervised?"

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cryptographyencryptiongovernmentssecuritysnowdensurveillance

Partner Content

Why rethinking your CMS is crucial for customer retention
Promoted Content Why rethinking your CMS is crucial for customer retention
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Winning strategies for complaints and disputes management in financial services
Promoted Content Winning strategies for complaints and disputes management in financial services
Why Genworth Australia embraced low-code software development
Promoted Content Why Genworth Australia embraced low-code software development

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

  • Forrester Technology & Innovation Asia Pacific 2022
By Juha Saarinen
Jul 8 2015
10:57AM
0 Comments

Related Articles

  • Post-quantum cryptography algorithms named
  • ASD says quantum no immediate threat to encrypted government data
  • Google open sources data centre scale encryption
  • Researchers identify FIDO2 protocol vulnerabilities
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Services Australia sets changeover date for myGov

Services Australia sets changeover date for myGov

Google Cloud IoT Core goes on the end-of-life list

Google Cloud IoT Core goes on the end-of-life list

NBN Co proposes to axe CVC across all plans by mid-2026

NBN Co proposes to axe CVC across all plans by mid-2026

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul

Digital Nation

Save the Date — Digital Nation Live launches on October 25
Save the Date — Digital Nation Live launches on October 25
Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Stakes are higher for cybersecurity in Web3: Gal Tal-Hochberg, CTO at Team8
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
Crypto losses to crime surge to $1.9 B in first half of 2022: Chainalysis
Edge and IoT critical to Web3 infrastructure
Edge and IoT critical to Web3 infrastructure
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
CommBank’s mobile banking app beats ANZ, NAB, Suncorp and Westpac: Forrester
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.