Playing into the hands of the criminals
Imagine a world where both nation-states and criminals are able to compromise e-commerce traffic, steal banking details and access your private information at will, and yet at the same time that the criminals themselves and their activities are completely protected because, well, they’re criminals, and they don’t follow the same laws that compromise the privacy of law-abiding citizens.
This is the utopia that many governments, law enforcement agencies and now even Interpol want us to live in.
Interpol, the international organisation of police forces, stating that they believe that ubiquitous strong encryption is a threat to law enforcement, is calling for backdoors to be installed into encryption applications/processes: “Tech companies should include mechanisms in the design of their encrypted products and services whereby governments, acting with appropriate legal authority, can obtain access to data in a readable and useable format.”
There is no doubt that criminals use encryption to protect themselves from law enforcement. But Interpol, like other law enforcement agencies, is completely ignoring two critical factors in calling for encryption to be fallible.
The first, and probably most important, is that the same cryptographic processes that law enforcement agencies and government are complaining are used by criminals, are also used by regular law-abiding citizens every day (online and even offline). If these encryption processes are broken by the application of weaknesses or backdoors, the security of literally billions of transactions carried out by law-abiding people globally will be open to attack.
Flowing on from this, although every effort will probably be made to ensure that only law enforcement agencies have access to the tools to break encryption in this manner, the reality is that these tools will undoubtedly fall into the hands of criminals — and once they do, they will themselves be used for criminal activity.
Potentially even more concerningly, we know that there are already multiple examples of law enforcement officials abusing data they already have access to, and there’s no reason to believe that the same would not occur when law enforcement agencies gain the ability to break into encrypted communications. We’ve already seen unlawful access to metadata, and a large number of examples when access to private data has been abused by police officers with very little done about it.
The second, and probably most critical, point is that assuming the cryptographic algorithms themselves are sound (and we’ve no reason to believe that they’re not — if they had flaws, we’re sure that governments wouldn’t be calling for weaknesses to be introduced), then criminals will simply be able to implement them in their own specific programs, exempt from government requirements for backdoors.
This means that while you and I, as law-abiding citizens, are pushed to use compromised applications, the criminals will be free to use products that are not subject to the new backdoors — rendering law-enforcement efforts against them completely ineffectual.
Interpol is no more correct in this proposed request than Malcolm Turnbull was when he suggested that the laws of mathematics were subservient to the laws of Australia. This mentality that the general population should suffer in order to facilitate a law-enforcement activity that will only lead to failure simply has to stop.
Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.
Across the festive season we'll be reprising some of our best articles from 2019. Today, a...
Across the festive season we'll be reprising some of our best articles from 2019. Today we...
Implementation of legislation, ongoing security challenges, the nbn, skills visas and many other...