Sign up for our newsletter
Technology / Cybersecurity

What lessons can the UK learn as the Dutch champion data encryption, oppose backdoors

Debate surrounding encryption, defined as the most effective way to achieve data security and achieved through having a secret key or password to unlock encrypted files, has entered 2016 in a similar way to how it left 2015 – with uncertainty and with a lack of clarity.

The row over encryption has pitted governments from across the world against tech giants, with the latter championing privacy and encryption and the former pushing national security and backdoors.

The quest to weaken encryption is being driven by the UK and the US, with both countries engaging in efforts to force technology companies to technically alter their services by building back doors for authorities.

The US started its encryption offensive in April of last year, with Defense Secretary Ashton Carter failing to secure Silicon Valley co-operation despite the veiled threat of legislation forcing government access to encrypted messages. Since then, the US has, for the time being, stopped in its efforts to mandate encryption backdoors into law – a move not shared by the UK government across the Atlantic.

White papers from our partners

The UK government keeps pressing ahead in their efforts to enshrine encryption backdoors into law, with the draft Investigatory Powers Bill having been presented at the end of 2015.

Although the Draft Bill does not seek to ban end-to-end encryption, it would force the likes of third-party services like Apple iMessage, WhatsApp, Blackberry BBM and Cisco Spark to change their services in order to give access to enforcement agencies.

However, the majority of security experts agree that these back-doors would undoubtedly be used and exploited by hackers, as well as by government agencies.

John Michael, CEO of iStorage, explained to CBR how back-doors can be likened to physical home security.

"The introduction of compulsory back doors is like leaving your front door key under the doormat and your house alarm code printed next to the alarm console. Not only can the good guys get in but much more worryingly so can the bad guys."

However, the obvious flaws have been downplayed by governments by impressing the importance of national security and the safety of citizens. This argument was bolstered following the 2015 Paris terror attacks, where security professionals and government argued that encrypted messaging services aided the terrorists in carrying out the attacks.

Former CIA Deputy Director Michael Morell said in an interview on American new programme Face the Nation: "I think what we’re going to learn is that these guys are communicating via these encrypted apps, this commercial encryption which is very difficult or nearly impossible for governments to break, and the producers of which don’t produce the keys necessary for law enforcement to read the encrypted messages."

While the UK and US governments continue in their efforts to discredit encryption for the sake of national security, there has been one government who has taken a definitive stance – potentially setting a massive precedent for many countries and governments who lack clarity when it comes to encryption.

The Dutch government has, this week, officially declared no to back-door encryption. In a letter published on Monday, the Dutch Ministry of Security and Justice said: "The government believes that it is not desirable at this time to take restrictive regulatory measures with respect to the development, availability, and use of encryption within the Netherlands."

Advocating strong encryption, the Dutch government has garnered much praise from security and technology experts, with many praising the positive development and a decision which was based on technical facts. Jamie Graves, CEO at ZoneFox, told CBR:

"The Dutch stance goes against the political grain – the UK government and Hilary Clinton advocated ‘back doors and other such measures’ – which makes it refreshing. It also demonstrates a sophisticated understanding of the security threat landscape."

Many are looking at the Dutch Cabinet’s ruling on encryption as an important precedent – one that experts are urging the UK government to follow.

Justin Harvey, CSO at Fidelis Cybersecurity, said: "I think the UK, US and the EU should consider following in the footsteps of the Dutch and come to the realisation that encryption backdoor isn’t merely a legislative or privacy mandate, but a technical impossibility to enact and enforce."

Echoing Harvey’s sentiments, Covata CEO Trent Telford said that the Dutch ruling could increase pressure in the UK for a similar stance on encryption.

"The Dutch Government will bring a welcome voice of reason into the discussion around strong encryption in the EU and we encourage other member states to follow its lead. For the UK – where David Cameron continues to stand by his opinion that the Government should be able to access encrypted communication – this latest move will further increase pressure on the Prime Minister to soften his stance."

However, there remains the possibility that Cameron and the UK government will not soften their stance towards encryption, which may mean that businesses will have to look overseas to protect their data – arguably one of the most important assets of any business today.

This article is from the CBROnline archive: some formatting and images may not be present.