IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Investigatory Powers Bill: Hackers could access security backdoors

Why David Cameron is wrong about backdoors, and the Netherlands is right

While the UK government continues to push forward with the notion that encryption backdoors are a good thing and encryption is bad because terrorists and paedophiles use it, others have a slightly more informed opinion.

Take, for example, the Dutch government, which this week declared something approaching a passion for strong encryption.

In an English translation of the Dutch government's statement, Dutch security and justice minister Ard van der Steur is clearly shown to have a much better understanding of technology than either Prime Minister David Cameron or Home Secretary Theresa May.

Arriving at the conclusion that "it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption" within the Netherlands, van der Steur shows that he gets how backdoors would make encrypted data vulnerable to not only criminals and foreign intelligence services but, yes, also to the very terrorists that Cameron and his cohorts argue they would protect us from.

Backdoor access is, simply put, not a one-way street. You cannot introduce such a weakness into a security product and expect it to only be exploitable by yourself. Well, Cameron obviously does expect exactly that, which means that he's either an idiot or has been getting very poor technical advice: most likely a bit of both, if you ask me.

Van der Steur, meanwhile, appears to be spot on when he notes that backdoors "could have undesirable consequences for the security of information communicated and stored" as well as the core integrity of IT systems which are "increasingly of importance for the functioning of the society".

We cannot forget, however, that this Dutch government statement is put together by politicians and so the language used is all important. Language such as "is currently not desirable" which implies that it could become so if there's a political will to change things.

What I do know is that, currently, the UK and US governments appear to be on a collision course with IT and I suspect will continue to use terrorist atrocities as emotional leverage to drive badly thought out, commercially damaging and privacy-harming policies as far as weakening encryption usage is concerned.

Cameron appears to have more of an appetite for this than President Obama, and while the draft Investigatory Powers Bill may have stopped short of banning end-to-end encryption services, it does require backdoor access for law enforcement officials.

If this becomes law, then I guarantee that UK PLC will suffer as business moves data out of the country and to locations where strong encryption without backdoors is available.

UK companies who make secure products have also spoken of relocating outside of the UK rather than have to bow to legal moves to build backdoors into them.

Of course, whether the UK stays in the EU could impact upon all of this: Privacy of communication is a fundamental right that the European Convention on Human Rights (and Charter of Fundamental Rights of the EU) protects.

The 'security soundbite' may win the popular vote among some, but the economy will surely suffer just as much as our right to privacy. Once the masses realise that any law weakening encryption is actually taking us down the exact same road as regimes with poor human rights records, then even the 'nothing to hide, nothing to fear' right-leaning brigade might start thinking twice...

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Microsoft to double salary budget to retain workers
Careers & training

Microsoft to double salary budget to retain workers

17 May 2022