Skip to main content
banner image
venafi logo

Are Governments Getting Smarter about Encryption? New Bill Could Prohibit Government Backdoors.

Are Governments Getting Smarter about Encryption? New Bill Could Prohibit Government Backdoors.

government encryption backdoors
May 21, 2018 | Guest Blogger: Kim Crawley

People in the cybersecurity industry and digital rights activists have a reason to be optimistic. Representative Zoe Lofgren (D-CA) and Thomas Massie (R-KY), Jerrold Nadler (D-NY), Ted Poe (R-TX), Ted Lieu (D-CA) and Matt Gaetz (R-FL) are sponsoring a bill in the US House of Representatives that if made law would prohibit mandatory government backdoors in software and computer hardware devices.

The Secure Data Act of 2018 is the third attempt by those Representatives to pass a law that would prohibit mandatory government backdoors. There were previous attempts in 2014 and 2015 which failed to pass.

One of the most notable recent cases of US government agencies trying to force tech companies to implement government encryption backdoors into consumer products involved Apple and the FBI. In December 2015, there was a mass shooting in San Bernadino, California. Syed Rizwan Farook was a prime suspect, and he owned an iPhone 5C. The FBI wanted to be able to decrypt the iPhone to facilitate their criminal investigation of Farook. Between the end of 2015 and 2016, Apple objected to eleven orders issued by US district courts. By February, Federal District Court for the District of Central California Judge Sheri Pym ruled that Apple must find a way to bypass the iPhone’s security features for the FBI. Apple appealed and the case continued to proceed in court. But by March 28th, the FBI announced that they were able to bypass the iPhone’s encryption with the help of a third party, rather than with Apple’s cooperation.

And that’s just one of many cases where a US government agency either mandated a government backdoor in a computing device and the vendor cooperated, or a US government agency fought a tech company in order to implement a backdoor or otherwise bypass encryption.

If the Secure Data Act of 2018 becomes law, it may be the end of government encryption backdoors in computing devices altogether.

The bill reads in part

“Except as provided in subsection (c), no agency may mandate or request that a manufacturer, developer, or seller of covered products design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by any agency.

Except as provided in subsection (c), no court may issue an order to compel a manufacturer, developer, or seller of covered products to design or alter the security functions in its product or service to allow the surveillance of any user of such product or service, or to allow the physical search of such product, by an agency.”

But why should potential criminals have the right to use encryption in a way that would hinder a criminal investigation? Wouldn’t we be safer if law enforcement and intelligence could examine the contents of a suspect’s computing device without any hassles?

No. Allowing any government backdoors weakens all encryption for everyone. We need strong and effective encryption to keep our financial transactions, medical records, the overall functionality of our mobile devices, PCs, and servers, and private information secure from cyber attackers.

Bruce Schneier said it best on his blog. Here’s his reaction to the case between the FBI and Apple:

“The FBI wants the ability to bypass encryption in the course of criminal investigations. This is known as a ‘backdoor,’ because it's a way at the encrypted information that bypasses the normal encryption mechanisms. I am sympathetic to such claims, but as a technologist I can tell you that there is no way to give the FBI that capability without weakening the encryption against all adversaries. This is crucial to understand. I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn't work that way.

If a backdoor exists, then anyone can exploit it. All it takes is knowledge of the backdoor and the capability to exploit it. And while it might temporarily be a secret, it's a fragile secret. Backdoors are how everyone attacks computer systems.

This means that if the FBI can eavesdrop on your conversations or get into your computers without your consent, so can cybercriminals. So can the Chinese. So can terrorists. You might not care if the Chinese government is inside your computer, but lots of dissidents do. As do the many Americans who use computers to administer our critical infrastructure. Backdoors weaken us against all sorts of threats.”

I’m so relieved that there appears to be a voice of reason in the US government, via the House of Representatives. If the Secure Data Act of 2018 becomes law, it will set a very positive precedent for the future of cybersecurity in the United States. Perhaps there are some people in public office who realize that the harm of mandating government encryption backdoors is greater than any benefit law enforcement may enjoy in making their criminal investigations easier.

But the bill may fail to pass. If you’re an American citizen, I urge you to contact your Representative and ask them to vote in favor of the Secure Data Act of 2018. You can find your Representative through this page on the US House of Representatives website.

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

Infographic of big data stream, 3D model of multiple graphs and data points on a dark blue background

New Quantum Cryptography Research Gives Governments an Edge Against Nation State Attacks

picture of the statue of liberty from the bottom, holding a lit torch

Is Cryptography Really a Threat to Liberty? [Labor Day Musings]

Canadian flag image on laptop with coding in the background

Canada Is Getting Ready for Quantum Cryptography

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more