Skip to main content
banner image
venafi logo

Security Press Wary of Encryption Backdoors: Governments Can’t Make “Terrifying“ Decisions without Also Granting Access to Criminals

Security Press Wary of Encryption Backdoors: Governments Can’t Make “Terrifying“ Decisions without Also Granting Access to Criminals

government mandated encryption backdoors
August 24, 2017 | David Bisson

A majority of consumers fear that governments abuse their powers to access citizens' data and feel that government-backed encryption backdoors would not make citizens appreciably safer from terrorists.

Many governments want to impose legislation or regulations requiring encryption backdoors so that they can more easily bring terrorists to justice. But these entities might not be capable of protecting these backdoors even if they were to get their way. After all, the CIA and others have failed to protect software vulnerabilities they've been secretly hoarding against actors like the Shadow Brokers. These exploits ultimately ended up in the hands of WikiLeaks, an organization which bears at least part of the blame for the WannaCry global outbreak in May 2017. Attackers leveraged a leaked Windows exploit developed by the CIA to distribute WannaCry malware to upwards of a million machines.

So how are we to assume governments could do a better job of preventing encryption backdoors from falling into the wrong hands? And how can we know that rogue government actors wouldn't use these backdoors for their own personal gain?

Security journalist Kim Crawley's answer is simple: we can't. This reality makes the notion of backdoors all the more concerning for her. She revealed as much in an email:

"If governments make it legally mandatory for all encryption systems to have backdoors, the results will be terrifying. What's to stop a government worker from getting all of the credit card data that runs through Amazon's implementations of HTTPS, for example?"

Crawley isn't alone in her worry over government's management of encryption backdoors, either.

In July 2017, Venafi announced the results of a study on consumer attitudes regarding government backdoors into encrypted data. The firm surveyed three thousand consumers in total, with one thousand each based in the United States, the United Kingdom, and Germany. Of those who participated, nearly two thirds (65 percent) said they suspect their government abuses its power to access citizens' data. The same percentage of respondents also opined that their government shouldn't be able to force citizens to hand over their data without their consent.

If given the chance, governments would likely dispute these consumer viewpoints. Perhaps they feel they understand the challenges at hand and know how to best protect citizens' data. As a result, they might feel justified in their ability to access encrypted information whenever they want for the sake of fighting terrorism.

Information security writer Bev Robb disagrees. She thinks governments don't have any idea what they're doing:

"Governments that are proposing these ridiculous encryption backdoors must be on some type of magical 'Clipper chip' carpet ride. I doubt that there are any 'unintended' consequences involved. This flawed backdoor (terrorist scare-mongering) concept is more in tune with a serious lack of critical thinking skills, blanket data greed, technical ignorance, or a combination thereof. Governments that implement backdoors will soon realize they can’t change the laws of mathematics. If they can get in, the bad guys can get in, too."

Some of those who participated in Venafi's study echoed Robb's sentiments. More than half (59 percent) of respondents said they don't feel granting government access to encrypted personal data would make them safer from terrorists. In fact, 38 percent of consumers think encryption backdoors could potentially benefit criminals and terrorists, while only 37 percent of participants feel confident in their government's ability to combat cybercrime.

In this debate, there are those who maintain encryption backdoors could help stop cybercrime, and there are those who feel such measures could provide attackers with another attack vector. While these two sides continue to weigh the impacts of encryption backdoors, one course of action remains especially relevant: organizations need to do everything they can to prevent computer criminals from abusing their keys and certificates to prey upon unsuspecting users. That process begins by discovering all keys and certificates in their encryption environments.

Gain complete visibility of your encryption assets.

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more