Should world governments have backdoors to encrypted applications?

Australian Prime Minister Malcolm Turnbull recently made a proposal to ensure that law enforcement can still gain access to information despite its protection by encryption. Access Now’s US Policy Manager Amie Stepanovich met with TechRepublic’s Dan Patterson to explain why that may be a bad idea.

“The problem with [this proposal] is that by allowing that law enforcement access, what you’re doing is you’re creating a security technology that fails sometimes,” Stepanovich said.

SEE: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse (free PDF) (TechRepublic)

Encryption is the first defense against people trying to compromise your personal data. Since encryption isn’t a failproof technology, building it in can lead to more data breaches and crime because it’s facilitating a much less secure internet, she said.

The policy requested by Turnbull affects the rest of the world because Australia’s encryption policy could set a precedent for other countries. Stepanovich noted that it’s important to understand that this policy would likely not stop criminals or terrorists from accessing secure communications technologies. The math used in encrypted applications, she said, is not subject to the whims of politicians, which means bad actors will still be able to cover their tracks.

SEE: Encryption Policy (Tech Pro Research)

In the past, other governments have pursued similar policies. For example, some require keys to be stored in third-party facilities and are easily stolen. Some countries restrict the strength of encryption or even prevent the use of end-to-end encryption. These tactics are easily circumvented, said Stepanovich.

She reiterated the need for privacy as a tool that protects consumer privacy, communication between journalists and sources, whistleblowers, and corporate intellectual property. “We’re at a time where we need to be facilitating research into and development of the strongest security tools possible,” she said. “We need to be investing in security as much as we possibly can,” said Stepanovich.