It is widely acknowledged that backdoors into encryption technology create vulnerabilities that can be exploited by a wide range of malicious actors, including hostile or abusive government agencies. Billions of people worldwide rely on encryption to protect critical infrastructure – including global financial systems, electrical grids and transportation systems – from cybercriminals who steal data for financial gain or espionage.
Despite these dangers, many government officials want private companies to hand over their encrypted data and communication methods. Advocates claim this would strengthen national security and hinder terrorism. However, experts agree that breaking encryption would do little to prevent terrorist attacks.
In July 2017, Venafi released the results of an international study on consumer attitudes regarding government-enforced backdoors into encryption technology. One thousand consumers from the United States, United Kingdom and Germany (3,000 total) participated in the survey and the results showed that the public is conflicted about the how these laws and policies would affect them personally.
During this year’s Black Hat convention, Venafi was curious to see if IT security professionals had similar opinions on encryption backdoors. We surveyed over 290 attendees and found that the majority of industry professionals believe encryption backdoors are ineffective and potentially dangerous.
For example, 91% of the respondents said cybercriminals could take advantage of government-mandated encryption backdoors. In addition, 72% of the respondents do not believe that encryption backdoors would make their nations safer from terrorists
Additional highlights from the survey include:
“Giving the government backdoors to encryption destroys our security and makes communications more vulnerable,” says Kevin Bocek, chief security strategist for Venafi. “It’s not surprising that so many security professionals are concerned about backdoors; the tech industry has been fighting against them ever since global governments first called for unrestricted access. We need to spend more time protecting and supporting the security of our machines, not creating purposeful holes that are lucrative to cybercriminals.”
Overall, it’s clear from our survey that members of the security industry greatly distrust government mandated encrypted backdoors. They find them unproductive at best and hazardous at worst.
How can we educate our government officials and consumers about the dangers of encryption backdoors?