Your IP: Unknown · Your Status: Unprotected Protected

Blog Opinion

Politics vs. Maths: Why Do Governments Want Encryption Backdoors?

Jul 25, 2017 · 4 min read

Politics vs. Maths: Why Do Governments Want Encryption Backdoors?

When it comes to encryption and opinions about it, there seems to be no middle ground. The tech sector, security experts and privacy enthusiasts swear by it, while governments and intelligence agencies are no big fans of information they can’t access.

Recent comments from British and Australian officials are evidence of new hostilities in the continuous conflict between authorities and technology companies over privacy and security. It seems like a major face-off is on the horizon.

Governments Against Tech Companies

The UK’s Investigatory Powers Act, which has earned the nickname the Snooper’s Charter, allows the British government to force companies to hack their own customers – for example, by inserting malware into their devices. The 2016 law attracted fierce criticism from privacy advocates and human rights groups, and contributed to a steep increase in demand for additional security measures such as VPN.

However, the British government is willing to go even further. Speaking in a TV interview on June 4, after a series of terror attacks on the British soil, UK Home Secretary Amber Rudd claimed that tech companies should “limit the use of end-to-end encryption.”

Meanwhile, Australian Attorney-General George Brandis has called encrypted communications apps “potentially the greatest degradation of intelligence and law enforcement capability that we have seen in our lifetime.”

Australia Pushes Against Encryption

Brandis’ statement was followed by a new legislative proposal. The Australian government wants to be capable of spying on encrypted means of communications. These include services built into devices like the iPhone, as well as apps like Telegram, WhatsApp and any other services that secure chats and voice calls.

The government expected resistance from some tech companies, many of which are based in the United States, and attempted to reassure them by saying it wasn’t seeking to weaken encryption. However, it still wants the access to user data.

“I’m not a cryptographer, but what we are seeking to do is to secure their assistance,” Prime Minister Malcolm Turnbull said of the responsibility of tech companies in his future plans.

Official statements released after the late June meeting of the Five Eyes security alliance — consisting of Australia, Canada, New Zealand, the UK and the US — and the Group of 20 leaders’ summit in Germany further underscore this push.

Australia was a major driver of a statement agreed at the G20 meeting that called on the tech industry to make provisions for “lawful and non-arbitrary access to available information” needed to protect against terrorist threats. At the G20, PM Turnbull played a key role in drafting a section of the statement on encryption that emphasized the need for the law to apply online, just as it did elsewhere.

What Supporters of Encryption Have to Say

However, as a lot of commentators have pointed out, the truth is a lot more complicated than policy makers assume. As stated by a spokesperson for Facebook, “weakening encrypted systems for (law enforcement) would mean weakening it for everyone.”

In fact, legislating encryption out of existence is not realistic – it’s as reasonable as outlawing the application of math. The logical structure of encryption is built upon mathematical premises, not the least because encryption itself is based on the mathematical discipline of integer factorization.

Mike Brown, a former United States Department of Defense (DoD) cryptographer, said that encryption is “a key element” of the ability for governments to have “information assurance.” The retired Navy Rear Admiral added: “You have best practices that include the use of encryption and now you’re saying you must weaken your encryption, one way or another, in order to solve another really important issue, but you’ve created other issues from that.”

HuffPost Australia spoke to Dr. Greg Austin from the University of NSW School of Cyber Security, who told that messaging companies and experts had three key reasons to object the cyber security changes that have been put forward:

  • The companies don’t have the technology to decrypt.
  • Their software packages do not fall under the government’s remit.
  • Terror acts do not depend on the use of encrypted messaging services.

That’s an important point that many policy makers tend to forget: Even if the companies could be forced to change their policies, criminal organizations would not be stopped from building encrypted methods of communication themselves. After all, the laws of mathematics do apply everywhere, despite what PM Turnbull thinks.

What Now?

George Brandis’ comments about encryption say a lot about where the future direction Australian politicians are going to take. Brandis expects that Apple, Facebook and other tech companies will voluntarily erode the privacy and security measures available on their devices and services. However, his confidence will hopefully lead to disappointment — a lesson that the FBI learned last year during the San Bernardino case.

Although Australia and the UK are pushing forward with their attempts to weaken encryption, there is still hope from the US, which as up to now rejected such a move. Realistically, without the same legislation in the US, the impact of any other nations’ laws will be limited.

We at NordVPN believe that the freedom of communication and expression is the lifeblood of the Internet – it was not built to have regulation, censorship or administrators. If an encryption backdoor to any service is built, it can clearly be abused by the same people that governments wish to keep track of. A backdoor gives away a lot of private information about each citizen and puts power in the hands of anyone who wants to take advantage of it, criminals included.

What do you think? Are encryption backdoors the future or just bad politics?

Ruby Gonzalez
Ruby Gonzalez successVerified author

Ruby is a cybersecurity expert and the Head of Communications at NordVPN. In her compelling stories, she sheds light upon the latest happenings in the online privacy and security world.

Subscribe to NordVPN blog