{"id":1659,"date":"2020-11-12T07:25:00","date_gmt":"2020-11-12T15:25:00","guid":{"rendered":"https:\/\/www.ssls.com\/blog\/?p=1659"},"modified":"2023-09-27T15:19:30","modified_gmt":"2023-09-27T22:19:30","slug":"us-and-more-governments-push-for-backdoor-encryption-access","status":"publish","type":"post","link":"https:\/\/www.ssls.com\/blog\/us-and-more-governments-push-for-backdoor-encryption-access\/","title":{"rendered":"US and more governments push for backdoor encryption&nbsp;access"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/www.ssls.com\/blog\/wp-content\/uploads\/SSL_Blog_backdoor-encryption-access.png\" alt=\"\" class=\"wp-image-1398\"\/><\/figure>\n\n\n\n<p>For the past few years, there has been a debate regarding the regulation of web encryption among the governments of several countries around the globe. On November 6, the Council of the European Union published a <a href=\"https:\/\/files.orf.at\/vietnam2\/files\/fm4\/202045\/783284_fh_st12143-re01en20_783284.pdf\">draft resolution on the topic<\/a>, while back in October, <a href=\"https:\/\/www.justice.gov\/opa\/pr\/international-statement-end-end-encryption-and-public-safety#_ftnref1\">the US joined<\/a> Canada, India, Japan, the UK, Australia, and New Zealand in urging the industry to allow <a href=\"https:\/\/www.theverge.com\/2020\/10\/12\/21513212\/backdoor-encryption-access-us-canada-australia-new-zealand-uk-india-japan\">governments to have \u201cbackdoor encryption access\u201d<\/a>.<br><\/p>\n\n\n\n<!--more-->\n\n\n\n<p>So, what exactly does all this mean?<br><\/p>\n\n\n\n<p>For the latter countries, they basically want to enable law enforcement agencies with search warrants to access <a href=\"https:\/\/www.ssls.com\/blog\/what-is-a-digital-certificate\/\">encrypted<\/a> data. This includes encrypted data in transit, as well as stored encrypted data and custom encrypted applications and platforms.\u00a0 Even though encryption protects Internet users and their data from hackers and other malicious actors, the <a href=\"https:\/\/techcrunch.com\/2020\/09\/20\/encryption-backdoor-bill-dangerous-lofgren\/\">US government believes<\/a> that its existence also makes it more difficult to catch criminals. A press release from the US Department of Justice claims that it wants to \u201cchallenge the assertion that public safety cannot be protected without compromising privacy or cyber security\u201d.\u00a0<br><\/p>\n\n\n\n<p>However, most of the tech industry disagrees. A <a href=\"https:\/\/www.ssls.com\/blog\/what-is-a-digital-certificate\/\">secure<\/a> encryption backdoor would basically be <a href=\"https:\/\/tutanota.com\/blog\/posts\/why-a-backdoor-is-a-security-risk\/\">impossible to implement<\/a>. Once such a backdoor is opened, it\u2019s almost guaranteed that it would be exploited by cybercriminals and cause mass hacking and technical disruption. Beyond that, allowing such access to governments and law enforcement is a slippery slope when you take into account how international the tech industry is. Even if you do trust your country\u2019s government, it\u2019s likely that before long a request will come in from less democratic governments, which is likely to put tech companies in a very difficult position. An article from <a href=\"https:\/\/www.justsecurity.org\/53316\/criminalize-security-criminals-secure\/\">Just Security<\/a> points out that tech firms would likely find themselves having to choose between being complicit in human rights abuses or losing access to entire markets. Basically, the existence of encryption backdoors would be messy, with all semblance of privacy and security destroyed in the process. Which kind of defeats the purpose of encryption, don\u2019t you think?<br><\/p>\n\n\n\n<p>The EU\u2019s call to regulate encryption, on the other hand, is a little less extreme, and a bit more vague in its intentions (with one commissioner essentially referring to it as an <a href=\"https:\/\/techcrunch.com\/2020\/11\/09\/whats-all-this-about-europe-wanting-crypto-backdoors\/\">empty political gesture<\/a>). They don\u2019t want to ban end-to-end encryption, simply spark a discussion. The draft resolution basically points out the importance of discussing how criminal justice authorities can work in tandem with strong encryption across the web, while also taking into account every EU citizen\u2019s right to data protection and privacy. It concludes by saying, \u201cthere should be no single prescribed technical solution to provide access to encrypted data\u201d.<br><\/p>\n\n\n\n<p>The debate poses the question, can encryption with \u201cbackdoor access\u201d even still be called encryption? It could be argued that calling encryption \u2014 the <a href=\"https:\/\/www.ssls.com\/blog\/possible-issues-with-the-sha-1-root-sunset\/\">protection<\/a> of people\u2019s data when they use the web or digital devices \u2014 unsafe is akin to calling locking the front door of your house to protect yourself from intruders as unsafe. While this may protect a small number of criminals, the majority of people encrypting their data or locking their doors are just ordinary citizens who want to keep their private information private.<br><\/p>\n\n\n\n<p>While it doesn\u2019t seem like these debates will result in the destruction of end-to-end encryption as we know it any time soon, it is worrying when government officials don\u2019t understand how encryption actually works or its significance in modern day-to-day life where web usage is becoming increasingly ubiquitous. We can only hope it remains a discussion and doesn\u2019t become a reality.<br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>For the past few years, there has been a debate regarding the regulation of web encryption among the governments of several countries around the globe. On November 6, the Council of the European Union published a draft resolution on the topic, while back in October, the US joined Canada, India, Japan, the UK, Australia, and [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1659","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1659","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/comments?post=1659"}],"version-history":[{"count":4,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1659\/revisions"}],"predecessor-version":[{"id":2732,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/posts\/1659\/revisions\/2732"}],"wp:attachment":[{"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/media?parent=1659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/categories?post=1659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ssls.com\/blog\/wp-json\/wp\/v2\/tags?post=1659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}