Investigatory Powers Bill: Hackers could access security backdoors

Why David Cameron is wrong about backdoors, and the Netherlands is right

While the UK government continues to push forward with the notion that encryption backdoors are a good thing and encryption is bad because terrorists and paedophiles use it, others have a slightly more informed opinion.

Take, for example, the Dutch government, which this week declared something approaching a passion for strong encryption.

In an English translation of the Dutch government's statement, Dutch security and justice minister Ard van der Steur is clearly shown to have a much better understanding of technology than either Prime Minister David Cameron or Home Secretary Theresa May.

Arriving at the conclusion that "it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption" within the Netherlands, van der Steur shows that he gets how backdoors would make encrypted data vulnerable to not only criminals and foreign intelligence services but, yes, also to the very terrorists that Cameron and his cohorts argue they would protect us from.

Advertisement
Advertisement - Article continues below

Backdoor access is, simply put, not a one-way street. You cannot introduce such a weakness into a security product and expect it to only be exploitable by yourself. Well, Cameron obviously does expect exactly that, which means that he's either an idiot or has been getting very poor technical advice: most likely a bit of both, if you ask me.

Van der Steur, meanwhile, appears to be spot on when he notes that backdoors "could have undesirable consequences for the security of information communicated and stored" as well as the core integrity of IT systems which are "increasingly of importance for the functioning of the society".

We cannot forget, however, that this Dutch government statement is put together by politicians and so the language used is all important. Language such as "is currently not desirable" which implies that it could become so if there's a political will to change things.

What I do know is that, currently, the UK and US governments appear to be on a collision course with IT and I suspect will continue to use terrorist atrocities as emotional leverage to drive badly thought out, commercially damaging and privacy-harming policies as far as weakening encryption usage is concerned.

Cameron appears to have more of an appetite for this than President Obama, and while the draft Investigatory Powers Bill may have stopped short of banning end-to-end encryption services, it does require backdoor access for law enforcement officials.

If this becomes law, then I guarantee that UK PLC will suffer as business moves data out of the country and to locations where strong encryption without backdoors is available.

UK companies who make secure products have also spoken of relocating outside of the UK rather than have to bow to legal moves to build backdoors into them.

Of course, whether the UK stays in the EU could impact upon all of this: Privacy of communication is a fundamental right that the European Convention on Human Rights (and Charter of Fundamental Rights of the EU) protects.

The 'security soundbite' may win the popular vote among some, but the economy will surely suffer just as much as our right to privacy. Once the masses realise that any law weakening encryption is actually taking us down the exact same road as regimes with poor human rights records, then even the 'nothing to hide, nothing to fear' right-leaning brigade might start thinking twice...

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/business/policy-legislation/354282/boris-johnson-suggests-uk-will-side-with-us-over-huawei
Policy & legislation

Boris Johnson suggests UK will side with US over Huawei exclusion

5 Dec 2019