Skip to main content
banner image
venafi logo

Security Professionals Weigh In on Encryption Backdoors: A “Bad Idea“ Given Governments’ Own Data Protection Records

Security Professionals Weigh In on Encryption Backdoors: A “Bad Idea“ Given Governments’ Own Data Protection Records

encryption backdoors
August 23, 2017 | David Bisson

A new survey reveals that many consumers are concerned by the impact of encryption backdoors, especially if governments with poor records of protecting their own data were empowered to use them to access private citizen data.

Broken down by country, consumers felt different levels of faith towards government backdoors into encrypted data. For instance, 29 percent of US consumers said such laws would benefit them to this question, whereas more than half (52 percent) of German participants said they were in support of encryption backdoors.

Digital security practice manager Matt Pascucci counts himself among those who are skeptical about encryption backdoors. He explains that his concern is twofold:

"First, once a law to circumvent encryption via backdoors is promulgated, it's extremely hard to repeal, especially when governments are promoting if for national security; and second, we've seen governments recently have their security tools compromised, so the protection of our personal data would be at risk now that encryption can be bypassed. These nations will come under constant attack to find additional ways to circumvent the ability to find vulnerabilities in the process. These governments would at this point have to monitor, deploy, and protect the process, technology, and key management for these backdoors."

In the event such legislation was passed, one would hope governments would take this responsibility to manage encryption backdoors seriously and do everything in their power to respect citizens' privacy. But in all likelihood, not every government would.

Those surveyed by Venafi shared this pessimistic viewpoint. When asked if they suspect their government abuses its power to access citizens' data, nearly two-thirds (65 percent) of respondents answered in the affirmative. That same percentage of consumers went on to say that governments shouldn't be able to access citizens' encrypted data without consent.

But there's another side to this debate.

Even if governments did nurture good intentions, some governments might not be able to adequately protect citizens' data if they themselves have a bad track record of protecting their own data. Part of this bad track record might be their failure to account for the intricacies of managing encrypted data, let alone backdoors into private data. CISSP Angus Macrae elaborates on the dangers of such limited understanding:

"The main problem here is that many of those desperately trying to push such legislation appear to have a technically limited and rather naïve understanding of the complexities of the problems they are trying to solve and therefore fail to see why legislatively imposed backdoors are simply not an effective solution. When people such as former GCHQ director Robert Hannigan have recently stated that 'You can't un-invent end-to-end encryption, you can't legislate it away' and instead advise upon more intelligently targeted responses to its abuse, they really should be listening."

With consumers conflicted over encryption backdoors and governments potentially unwilling, unable, or unsure of how to adequately protect people's data, users' privacy and security would (and do) suffer under laws that grant governments access to encrypted information.

Going forward, lawmakers and privacy advocates will no doubt continue to debate the impact of encryption backdoors around the world. While they do, it's important that organizations focus on strengthening their encryption environments against digital threats. Doing so will help protect both customers' and corporate information.

Protect your organization's machine identities today.

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

David Bisson
David Bisson

David is a Contributing Editor at IBM Security Intelligence.David Bisson is a security journalist who works as Contributing Editor for IBM's Security Intelligence, Associate Editor for Tripwire and Contributing Writer for Gemalto, Venafi, Zix, Bora Design and others.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more