A new survey reveals that many consumers are concerned by the impact of encryption backdoors, especially if governments with poor records of protecting their own data were empowered to use them to access private citizen data.
Broken down by country, consumers felt different levels of faith towards government backdoors into encrypted data. For instance, 29 percent of US consumers said such laws would benefit them to this question, whereas more than half (52 percent) of German participants said they were in support of encryption backdoors.
Digital security practice manager Matt Pascucci counts himself among those who are skeptical about encryption backdoors. He explains that his concern is twofold:
"First, once a law to circumvent encryption via backdoors is promulgated, it's extremely hard to repeal, especially when governments are promoting if for national security; and second, we've seen governments recently have their security tools compromised, so the protection of our personal data would be at risk now that encryption can be bypassed. These nations will come under constant attack to find additional ways to circumvent the ability to find vulnerabilities in the process. These governments would at this point have to monitor, deploy, and protect the process, technology, and key management for these backdoors."
In the event such legislation was passed, one would hope governments would take this responsibility to manage encryption backdoors seriously and do everything in their power to respect citizens' privacy. But in all likelihood, not every government would.
Those surveyed by Venafi shared this pessimistic viewpoint. When asked if they suspect their government abuses its power to access citizens' data, nearly two-thirds (65 percent) of respondents answered in the affirmative. That same percentage of consumers went on to say that governments shouldn't be able to access citizens' encrypted data without consent.
But there's another side to this debate.
Even if governments did nurture good intentions, some governments might not be able to adequately protect citizens' data if they themselves have a bad track record of protecting their own data. Part of this bad track record might be their failure to account for the intricacies of managing encrypted data, let alone backdoors into private data. CISSP Angus Macrae elaborates on the dangers of such limited understanding:
"The main problem here is that many of those desperately trying to push such legislation appear to have a technically limited and rather naïve understanding of the complexities of the problems they are trying to solve and therefore fail to see why legislatively imposed backdoors are simply not an effective solution. When people such as former GCHQ director Robert Hannigan have recently stated that 'You can't un-invent end-to-end encryption, you can't legislate it away' and instead advise upon more intelligently targeted responses to its abuse, they really should be listening."
With consumers conflicted over encryption backdoors and governments potentially unwilling, unable, or unsure of how to adequately protect people's data, users' privacy and security would (and do) suffer under laws that grant governments access to encrypted information.
Going forward, lawmakers and privacy advocates will no doubt continue to debate the impact of encryption backdoors around the world. While they do, it's important that organizations focus on strengthening their encryption environments against digital threats. Doing so will help protect both customers' and corporate information.