The U.S. and six other countries want a back door easier access to encrypted data when a warrant is issued. Tech companies argue that implementing a back door creates a soft spot for hackers.
Earlier this month, the United States Department of Justice in conjunction with officials from the United Kingdom, Australia, New Zealand, Canada,, India and Japan, signed an international statement citing the dangers with encryption. They implored an industry-wide effort to give law enforcement agencies access to encrypted data upon the issuance of a warrant.
While the statement (linked above) does acknowledge the need for and value of encryption, it later goes on to cite the problems that current encryption implementation poses to authorities:
“Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content. We call on technology companies to work with governments to take the following steps, focused on reasonable, technically feasible solutions:
-Embed the safety of the public in system designs, thereby enabling companies to act against illegal content and activity effectively with no reduction to safety, and facilitating the investigation and prosecution of offences and safeguarding the vulnerable;
-Enable law enforcement access to content in a readable and usable format where an authorisation is lawfully issued, is necessary and proportionate, and is subject to strong safeguards and oversight; and
-Engage in consultation with governments and other stakeholders to facilitate legal access in a way that is substantive and genuinely influences design decisions.”
It is understandable from a law enforcement perspective that having access to data will help certain cases in a variety of ways. There’s a pretty long history of enti-encryption advocacy in the U.S., the most recent in 2018 when they joined four other countries (Canada, Australia, UK and New Zealand) in sending a memo to tech companies regarding the issue. The memos always state that the backdoors requested would only be used for “lawful” access to a device.
On the flip side, technology companies are increasingly wary about this request. Even should governments mandate that a backdoor be put in place, tech companies are going to fight it. Why? Because it creates a softer point of entry for an attack. Tech companies fear that hackers will seek out this backdoor and try to exploit it, which then puts the company on the hook for any information that gets exposed.
While law enforcement agencies sometimes need access to encrypted information relating to investigations, there has to be a better way than putting in a backdoor. Both sides have an argument that makes sense. If tech companies can collaborate and come up with an alternative solution, law enforcement might be willing to listen. Until then, it’s going to be an ongoing saga worldwide.