Menu
News: Encryption Back Door Opposition
< BACK TO FEATURED NEWS

,

Encryption Back Door Opposition

The following is a guest post from Matthew Hellinger from WebSpace Inc.

Following Edward Snowden’s revelations of widespread misappropriation of U.S. capabilities to intercept private and sensitive communications worldwide, there has been a worldwide exodus of foreign companies investing in the burgeoning cloud and hosting industry in the United States. The ramifications of poorly thought out legislation will have a lasting negative effect on an entire U.S. economic sector that was instrumental in contributing to the economic recovery. Private industry in the U.S. has attempted to mitigate the chilling effect U.S. legislation and government policy has had on bringing critical foreign capital into the U.S. economy and strong encryption is instrumental to that goal.

Current proposals to implement encryption methodologies that provide secure backdoors to federal agencies threatens the growth of U.S. companies that bring huge revenue volumes to the U.S. economy. Apple’s emerging dominance in Chinese markets would likely vanish if it were forced to implement weak encryption protocols. Google’s Android operating system, the other dominant technology in the mobile device market, would suffer corresponding setbacks as well if its security were compromised by further blundering U.S. policy. The United States is not the only country providing the world’s booming smartphone and tablet technology. It is through the ingenuity of U.S. companies and a reasonable legal environment that the U.S. has enjoyed market dominance. However, there is no shortage of foreign technology companies ready to pounce at the opportunity afforded them if U.S. policies further erode confidence in U.S.-based companies.

With each step U.S. legislators take to implement increasingly invasive policies that threaten the security of individuals and companies, both domestically and abroad, a reactionary ratcheting up of security protocols occurs. Foreign companies avoid the U.S. market and partner countries that cooperate with U.S. intelligence policies. If trends continue along this path, U.S. intelligence agencies risk the complete loss of access to critical intelligence signals. In an effort to gain access to nearly every bit of data, the U.S. risks losing access to nearly all useful data and severely impacting economic growth.

Furthermore, proposals to implement secure backdoors into security protocols are ignorant of the fact that such methodologies simply do not exist. The current encryption protocols that have gained widespread acceptance as being reasonably secure have taken decades to develop and are themselves based on decades of prior research and foundational technologies. Assuming that it was possible to develop an encryption technology that was sufficiently secure for sensitive communications while offering a secure backchannel, the timeframes for establishing such new protocols would similarly be measured in decades.

The calls for engineered backdoors also come at a time when U.S. companies are battling a tidal wave of Internet-based attacks around the world. These attacks are prompted by foreign competitors seeking an edge over U.S. companies, foreign governments hostile toward the U.S., and foreign individuals seeking profit or glory. Backdoors are already present in the existing software, operating systems, and hardware. These attacks cost the U.S. economy hundreds of thousands of jobs each year and hundreds of billions of dollars to U.S. companies, citizens, and U.S. allies. Proposals to intentionally engineer additional backdoors into such products is, at best, misguided. Assuming that U.S. companies were to comply with such ill conceived legislation it would paint a conspicuous target on those companies.

Complaints that technologies that have been in widespread use for decades will somehow neuter the capacity of intelligence agencies to collect vital intelligence signals are both lazy and disingenuous. Intelligence agencies have never had such massive data access as they do today. It is widely recognized that what they suffer from is data overload, not insufficient data access. The agencies that demand increasing autonomy in their ability to access arbitrary types of information increasingly demonstrate their inability for self-restraint and responsible use of those abilities. Having an honest and open dialogue that is critical of this unchecked march toward unrestricted data access is overdue.

Beyond the financial risks of poorly considered policy, there is a crucial human rights component that should enter the legislative consciousness. Specifically, companies like Google have discovered cyber attacks mounted against human rights activists. Those same security methodologies legislators seek to dismantle are the security methodologies used to protect the lives of human rights activists around the world, often operating in countries hostile toward U.S. interests. Supporting hostile governments’ abilities to target and kill activists that frequently advance U.S. interests is counterproductive and unethical. Whether U.S. companies are able to promote encryption is not simply a technical matter, but a matter of life and death for such human rights activists and even foreign informants vital to the intelligence community.

Related Posts

, ,

i2Coalition Webinar Answers the Question: Is Open-Source Software a ‘National Security Concern’?

In the wake of the Log4j vulnerability, the White House sent a letter to major software companies and developers in January to discuss ways to improve digital security in the cloud, pulling together participants for what they called an “Open Source Software Security Summit”. In the invitation, White House National Security Advisor Jake Sullivan noted […]

read more

, , ,

Press Release: The VPN Trust Initiative Responds to War in Ukraine Regarding Access to Crucial Online Tools

FOR IMMEDIATE RELEASE  Washington, D.C. March 8, 2022  The availability of Virtual Private Networks (VPNs) provides users digital privacy, security, access to truthful information, and the ability to communicate with less fear of repercussions. VPNs have been crucial digital tools in the face of global threats in the past, and the ongoing war in Ukraine […]

read more

, , , ,

The i2Coalition’s VPN Trust Initiative Issues Statement on Takedown of VPN Services Aimed at Criminals

Summary: Virtual Private Networks (VPNs) provide Internet users with important privacy and security protections against cybercrime. In light of a recent takedown of three VPN services aimed at criminals, the i2Coalition and its VPN Trust Initiative stand united with authorities against cybercrime and those who seek to use legitimate technologies and services for malicious ends. […]

read more
Internet Infrastructure Coalition
2920 W Broad St
Suite 80
Richmond, VA 23230

(202) 524-3183

Privacy Policy | Cookies Policy
The i2Coalition (Internet Infrastructure Coalition) ensures that those who build the infrastructure of the Internet have a voice in public policy. We are the leading voice for web hosting companies, data centers, domain registrars and registries, cloud infrastructure providers, managed services providers, and related tech. We protect innovation and the continued growth of the Internet’s infrastructure, which are essential to the global economy.
Share via
Share via
 
Send this to a friend