Investigatory Powers Bill: Hackers could access security backdoors

Why David Cameron is wrong about backdoors, and the Netherlands is right

While the UK government continues to push forward with the notion that encryption backdoors are a good thing and encryption is bad because terrorists and paedophiles use it, others have a slightly more informed opinion.

Take, for example, the Dutch government, which this week declared something approaching a passion for strong encryption.

In an English translation of the Dutch government's statement, Dutch security and justice minister Ard van der Steur is clearly shown to have a much better understanding of technology than either Prime Minister David Cameron or Home Secretary Theresa May.

Arriving at the conclusion that "it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption" within the Netherlands, van der Steur shows that he gets how backdoors would make encrypted data vulnerable to not only criminals and foreign intelligence services but, yes, also to the very terrorists that Cameron and his cohorts argue they would protect us from.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Backdoor access is, simply put, not a one-way street. You cannot introduce such a weakness into a security product and expect it to only be exploitable by yourself. Well, Cameron obviously does expect exactly that, which means that he's either an idiot or has been getting very poor technical advice: most likely a bit of both, if you ask me.

Van der Steur, meanwhile, appears to be spot on when he notes that backdoors "could have undesirable consequences for the security of information communicated and stored" as well as the core integrity of IT systems which are "increasingly of importance for the functioning of the society".

We cannot forget, however, that this Dutch government statement is put together by politicians and so the language used is all important. Language such as "is currently not desirable" which implies that it could become so if there's a political will to change things.

What I do know is that, currently, the UK and US governments appear to be on a collision course with IT and I suspect will continue to use terrorist atrocities as emotional leverage to drive badly thought out, commercially damaging and privacy-harming policies as far as weakening encryption usage is concerned.

Cameron appears to have more of an appetite for this than President Obama, and while the draft Investigatory Powers Bill may have stopped short of banning end-to-end encryption services, it does require backdoor access for law enforcement officials.

If this becomes law, then I guarantee that UK PLC will suffer as business moves data out of the country and to locations where strong encryption without backdoors is available.

Advertisement - Article continues below

UK companies who make secure products have also spoken of relocating outside of the UK rather than have to bow to legal moves to build backdoors into them.

Of course, whether the UK stays in the EU could impact upon all of this: Privacy of communication is a fundamental right that the European Convention on Human Rights (and Charter of Fundamental Rights of the EU) protects.

The 'security soundbite' may win the popular vote among some, but the economy will surely suffer just as much as our right to privacy. Once the masses realise that any law weakening encryption is actually taking us down the exact same road as regimes with poor human rights records, then even the 'nothing to hide, nothing to fear' right-leaning brigade might start thinking twice...

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/354584/windows-10-and-the-tools-for-agile-working
Sponsored

Windows 10 and the tools for agile working

20 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020