Attacking Encryption Will Only Hurt Honest People

Cyber Politics, F-Secure Life, Security & Privacy, Threats & Hacks

In the run up to the United Kingdom’s elections, Prime Minister Theresa May promised to “regulate cyberspace” to deny “safe spaces” to terrorists online. Though it doesn’t mention the word “cryptography,” her statement has widely been interpreted as a vow to undermine end-to-end encryption.

Since May appears to be set to continue on as Prime Minister, we have to assume she’ll try keep this promise, which her party has been running on for years. That is very bad news for the Internet, according to Erka Koivunen, F-Secure’s Chief Information Security Officer.

“Banning cryptography as a technological and mathematical foundation of encryption just would not work,” he told me.

He notes that a 2015 study called “Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communication” found anti-cryptography policies were “likely to introduce unanticipated, hard to detect security flaws,” while raising huge questions about how to govern such systems could “respect human rights and the rule of law.”

When officials demand the ability to read any “means of communication” online, they have no idea what they’re demanding.

“It’s impossible to overstate how bonkers the idea of sabotaging cryptography is to people who understand information security,” Boing Boing‘s Cory Doctorow wrote.

Not only would many versions of open source and independent software have to be banned, the  government would need a “master key” that would ultimately force a back door in every software we use to communicate or store our secrets.

“There’s no such thing as a secure backdoor,” Erka said. “Period.”

If a backdoor exists, criminals will find a way through it.

WIRED Magazine‘s Emily Dreyfuss put it like this: “Simply put, weakened encryption makes everything from world banking to travel and healthcare riskier.” It could also have a chilling effect on free speech and political activism.

Banning cryptography or undermining encryption would inevitably fail, Erka warns, and the victims of this will be the people May says she is trying to protect.

“Forcing businesses to abandon cryptography would lead to protectionism and ultimately expose honest people to more online crime,” Erka told me.

And in exchange for a more dangerous online existence, there’s no promise that people will be any safer in real life.

“In most cases of terror, the culprits have been known to intelligence and law enforcement,” he said. “But officials weren’t following them, questioning or detaining them at the right time.”

What could make people safer?

“There are significant gaps in information sharing — not only between countries, but often between agencies within the same government.”

He suggests we fix those gaps before we break the internet.




Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

You might also like