Nearly three in four IT security professionals believe that forcing organisations to create encryption backdoors to sensitive data could place nations at greater risk of suffering nation-state attacks.
In December last year, the Australian parliament passed a bill that authorised law enforcement agencies to compel messaging services such as WhatsApp to give them access to encrypted communications of individuals involved in terrorism and organised crime.
The new Australian law, called The Assistance and Access Bill, empowered law enforcement agencies to issue “technical capability notices”, using which they can obtain encrypted communications from popular apps such as WhatsApp, Telegram, and Signal.
In the United States, the FBI has also pushed for the creation of encryption backdoors, stating that doing do will enable the agency to better deal with cases involving terrorism, child exploitation, organised crime and trafficking.
While addressing a gathering at the International Conference on Cyber Security in New York last year, FBI Director Christopher Wray said that mobile phone companies must create encryption backdoors that only authorities will be able to exploit, thereby ensuring that such backdoors will stay out of reach of cyber criminals and enemy states.
“Being unable to access those devices is a major public safety issue and impacts our investigations across the board. This problem will require a thoughtful and sensible approach. We have people devoted to working with stakeholders to find a way forward. We need the private sector’s help,” he said.
Encryption backdoors creating new risks for nations
However, unlike investigative agencies, a majority of IT security professionals at private organisations share the opinion that instead of securing nations, encryption backdoors will, in fact, put their countries at greater risk of nation-state attacks.
In a recent survey carried out by Venafi, 73% of IT security professionals said that countries with government-mandated encryption backdoors are more susceptible to nation-state attacks. While 75% of them said governments should not be able to force technology companies to grant access to encrypted user data, 69% said countries with government-mandated encryption backdoors suffer economic disadvantages in the global marketplace.
“This is a tense moment for industry professionals because they know backdoors make our critical infrastructure more vulnerable. This is not rocket science; backdoors inevitably create vulnerabilities that can be exploited by malicious actors,” said Kevin Bocek, vice president of security strategy and threat intelligence at Venafi.
“Last December, Australia’s parliament passed legislation requiring tech businesses to create encryption backdoors within their products. We know that attackers don’t abide by restrictions; they don’t follow the rules or buy products in controlled markets. Countries that enact these near-sighted restrictions harm law abiding businesses and court economic damage as well as intrusions focused on sovereign government processes,” he added.
In May last year, a survey carried out by Venafi also revealed that due to recent geopolitical changes, 64% of IT security professionals had increased their personal encryption usage, compared to just 45% who did so in the previous year.
“We’re entering a world where machines process and conduct transactions autonomously. As a result, it will be incredibly important to preserve privacy with the use of strong encryption. Despite the challenges this poses, it’s excellent news that more than half of these security professionals use encryption to protect their personal privacy,” said Bocek.