EU security body concludes government-mandated backdoors would make legitimate services less secure and harm law enforcement
Encryption back-doors would not improve law enforcement’s ability to gain access to criminals’ communications, and might well have exactly the opposite effect, according to
ENISA, the EU’s IT security advisory agency.
A number of governments, including those in the UK and the US, have suggested forcing communications companies to provide access to encrypted transmissions on demand, but such a system would be likely to encourage criminals to move to other services or develop their own technologies, ENISA said in a new study.
‘Punishes the wrong people’
Meanwhile, such technologies would “punish” the wrong people by making the services used for legitimate communications less secure, according to ENISA.
Any back-door system put into place would be likely to be targeted by criminals and nation-states looking to spy on users’ messages.
The resulting mistrust by the public could threaten the advancement of the EU’s plans for a digital single market.
“An analysis should be carried out to analyse the benefit to law enforcement of the introduction of backdoor weakened encryption technology as against the potential damage to the take up and operation of the Digital Single Market before any legislation is introduced,” ENISA said in the study, titled Strong Encryption Safeguards Our Digital Identity.
The opinion paper made particular mention of services such as WhatsApp, which uses an end-to-end encryption technique originally developed by Open Whisper Systems for the Signal mobile messaging application.
Such techniques, which share encryption keys between users without storing them, make tapping calls “very difficult”, ENISA said.
“There is every reason to believe that more technology advances will emerge that will continue to erode the possibility of identifying or decrypting electronic communications,” the agency wrote.
Other problems with introducing back-doors include the overhead cost for provisioning such a system and the possible weakening of other technologies, such as digital signatures, that rely on encryption.
“History has shown that technology beats legislation and criminals are best placed to capitalise on this opportunity,” the paper concluded.
The current British government recently passed controversial legislation nickamed the “Snooper’s Charter” intended to legitimise broader surveillance practices, including obliging Internet services providers to store users’ communications records and make them available to government agencies.
How much do you know about privacy? Try our quiz!