Skip to main content
banner image
venafi logo

Overheard in the Press: FiveEyes calls for Encryption Backdoors, But it Won’t Change the Math

Overheard in the Press: FiveEyes calls for Encryption Backdoors, But it Won’t Change the Math

government encryption backdoors
August 29, 2019 | Katrina Dobieski

If you haven’t been keeping up with the encryption backdoor debate, now’s a good time to tune in.

After Attorney General William Barr’s call to allow government-mandated encryption backdoors into consumer tech, opinions have made themselves known. Everyone from tech bloggers to the former director of the National Security Agency has weighed in, with the Five Eyes Alliance (Australia, Canada, New Zealand, the UK, the US) voting in favor of lowered encryption protections on August first.  

However, some declare the stalemate isn’t a matter of opinion, but fact. All the national security interests in the world “won’t change the math,” some argue, despite Attorney General Barr’s positive belief in the “ingenuity” of problem-solvers to create selective backdoor access for law enforcement. And although “we are not talking about protecting the Nation's nuclear launch codes,” the way we’ve heard federal lawmakers, top security analysts, Big Tech and heads of state fight about it—you’d think we were. 

The debate continues below as we run the latest blow-by-blow coverage of what we’ve Overheard in the Press. 



National Security

Attorney General William Barr, speaking at ICCS in New York. Image courtesy of AP Images



  • "After all, we are not talking about protecting the nation's nuclear launch codes.  
    Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications."  
    - Attorney General William Barr  



  • “The thing is, that distinction between military and consumer products largely doesn't exist. All of those ‘consumer products’ Barr wants access to are used by government officials—heads of state, legislators, judges, military commanders and everyone else—worldwide.”  
    - Bruce Schneier is a security technologist, lecturer at Harvard and board member of the Electronic Frontier Foundation (EFF) 


Law Enforcement Only Access



  • We think our tech sector has the ingenuity to develop effective ways to provide secure encryption while also providing secure legal access. Some good minds have already started to focus on this, and some promising ideas are emerging.  
    - Attorney General William Barr 



  • Barr expressed confidence in the tech sector’s “ingenuity” … paying no mind to the broad technical and academic consensus in the field that this risk is unavoidable.  
    - Andrew Crocker, senior staff attorney on the Electronic Frontier Foundation’s civil liberties team 


  • “[Encryption] is a complex mathematical problem that involves prime numbers.  
    Mandating that programmers learn to solve that problem in a way that produces different correct answers... is like demanding that gravity be significantly lighter for police officers than criminals in a high-speed chase, or that radioactive fallout from a nuclear warhead only kills enemy soldiers.” 
    -Greg Fish is the Los Angeles-based editor of Politech and self-proclaimed ex-Soviet computer lobotomist 


  • “[I]t can't change the maths (sic) behind encryption, which will either work or not. Weakening encryption will do more harm than good, as it will leave all communication vulnerable and allow bad actors to compromise legitimate traffic.”  
    -Javvad Malik, Security Awareness Advocate 


Risk of Vulnerability

Peter Thiel, board member of Facebook, Inc.. Image courtesy of AP Images.

The Attorney General is clear that he believes that if we mandated government backdoors, encrypted assets would still be “99%” safe. 

  • “If the choice is between a world where we can achieve a 99 percent assurance against cyber threats...while still providing law enforcement 80 percent of the access... [or one where} we have boosted our cybersecurity to 99.5 percent but …[reduced] law enforcement’s access to zero ... the choice for society is clear.” 
    - Attorney General William Barr 
  • The real question is whether the residual risk of vulnerability resulting from incorporating a lawful access mechanism is materially greater than those already in the unmodified product. The Department does not believe this can be demonstrated. 
    - Attorney General William Barr 


What might be difficult to confirm is that by giving law enforcement “80% access” through encryption backdoors, the percentage of “cyber assurance” could still be guaranteed at 99%.  

  • "If the government deems that it should have access to private communication for the sake of national security, it is likely that the same line of thought will then be applied to all tech products. It can use this same rationale to justify legislation allowing for the audit of files on your home computer, tablet, and encrypted conversations at any moment, and for any reason.” 
    -Julio Rivera, writer at American Thinker 
  • For tech companies, offering customers the privacy of end-to-end encryption is now a competitive advantage.”  
    - Steve Ranger is the UK editor-in-chief of ZDNet and TechRepublic.  
  • “If you deencrypt everything, maybe stuff goes back to our rivals in China,” Thiel said. “Maybe the FBI gets the information, maybe other people get it. I don’t trust the FBI to keep it protected inside the FBI.” 
    - Peter Thiel, Silicon Valley billionaire and board member of Facebook, Inc. 

  • Barr’s demand could “[compromise] the security of potentially billions of people by creating a vulnerability that criminals and terrorists could easily exploit."  
    Andi Wilson Thompson, in a piece supported by the Electronic Frontier Foundation  


  • “In advancing an irresponsible encryption policy that would deny individuals and businesses access to strong encryption, [they] have failed to publicly acknowledge ... the range of serious harms that would follow...” 

    Christopher Parsons, Citizen Lab 

  • US attorney general #WilliamBarr says Americans should accept security risks of #encryption #backdoors . Not really. 
    - Tweet by General Michael Hayden, Former Director of the National Security Agency 


International Support


  • “Five Eyes, the anglophone intelligence alliance comprising Australia, Canada, New Zealand, the United Kingdom and the United States, has come out against the use of end-to-end encryption and asked technology firms to install backdoor access to encrypted communications.”


  • “Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and usable format.”  
    The Five Eyes intelligence co-operative (Canada, Australia, New Zealand, the UK, the US)  



  • “We’re closer to the knife’s edge than we’ve been for some time” 
    Christopher Parsons, a senior research associate at Citizen Lab, in the Munk School of Global Affairs at the University of Toronto, on Canada’s vacillation on encryption backdoors 


  • “[Australia] has been seen as a dangerous place to develop security products” [As a result of their implementing encryption backdoors
    - Christopher Parsons, Munk School of Global Affairs, Toronto 


Secrecy vs. Privacy 

Priti Patel, British Home Secretary. Image courtesy of AP Images.



  • The current encryption is "warrant proof...extinguishing the ability of law enforcement to obtain evidence essential to detecting and investigating crimes," and allows "criminals to operate with impunity, hiding their activities under an impenetrable cloak of secrecy” 
    - Attorney General William Barr 
  • "Where systems are deliberately designed using end-to-end encryption which prevents any form of access to content, no matter what crimes that may enable, we must act"  
    - Priti Patel, the UK's new home secretary 


  • "The new home secretary repeats the errors of some of her predecessors. She seems not to understand that a general access to encrypted communications by the police and security services would effectively end those communications, because no-one could trust them.” 
    - Steve Ranger, UK editor-in-chief, TechRepublic and ZDNet 


  • “When we talk about human rights and privacy…and the countries that suppress [these rights] such as Saudi Arabia and China, we speak about people’s right in the physical world. When we view it in a digital scenario, that law is actually an oppression of human rights.”  
    - Joseph Carson, chief security scientist at Thycotic, in a statement to CIO.  


It Worked in Telecoms  


  • “During my tenure, we dealt with these issues and lived through the passage and implementation of CALEA the Communications Assistance for Law Enforcement Act. CALEA imposes a statutory duty on telecommunications carriers to maintain the capability to provide lawful access to communications over their facilities. 
    It is absurd to think that we would preserve lawful access by mandating that physical telecommunications facilities be accessible to law enforcement for the purpose of obtaining content, while allowing tech providers to block law enforcement from obtaining that very content.”  
    - Attorney General William Barr 

Bruce Schneier, in front of the House of Representatives’ Energy & Commerce CommitteeScreengrab courtesy of Venafi/YouTube.


  • "In 2012 every CALEA-enabled switch sold to the Defense Department had security vulnerabilities.”  
    - Bruce Schneier, Security Boulevard 

The encryption backdoor debate may leave more questions than it does answers.

Is this a matter of limited security consequence, or could the implications be as large as the tech community is fearing? Does our search for a government-only backdoor leave us chasing windmills, or are we missing a solution somewhere in the data? And how will it all end? We’re not sure which side gets the rose on this one, but it will be crucial to see if North America follows Australia’s actions (and the FiveEyes’ consensus), or if the tech community clamors loud enough to be heard. 

How to protect the IoT?

To date, there is no standard protocol for encrypted communication between our IoT devices - those cell phones, laptops and encrypted chats we are trying so hard to protect. Accessec (and Venafi) want to do something about that.





Related posts 

Like this blog? We think you will love this.
Featured Blog

With Rapid Rise in Funds Stolen from DeFi Protocols, Private Keys in Play

Massive heist begins with

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more