eSecurity: back doors won't beat terrorists

eSecurity: back doors won’t beat terrorists

Email may well help terrorists plan their deadly attacks. But the argument that governments should therefore gain stronger powers to intercept and decode encrypted Internet traffic is flawed. Schemes such as key escrow would do little to foil the 'bad guys', while potentially causing serious damage to companies' trust in eBusiness.

The US terrorist attacks have raised the specter of restrictions on encryption technology.

Encryption technology has come under increasing scrutiny in the aftermath of the terrorist attacks, as lawmakers try to address concerns that terrorist organizations may use the Internet to plan their deadly attacks – and that they might be able to do so safe from prying eyes by encoding their emails.

US Senator Joseph Biden has introduced a bill (266) which declares: It is the sense of Congress that providers of electronic communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law.

While the FBI’s major concern in requesting this language seems to in tapping multiplexed phone lines, the bill also implies that encryption keys should be deposited with a government agency to enable decryption following a court order. There is some support for such a move. A recent opinion poll suggested that 54% of US citizens support the tightening of encryption laws to assist law enforcement agencies.

However, many experts argue that the resulting increased risk of corruption, combined with the exploitation of administrators’ mistakes, could weaken the integrity of encryption to the point that it is rendered useless.

As a result, these ‘back doors’ could significantly damage the trust that businesses place in encryption. Such plans were comprehensively rejected by legislators, law enforcement agencies, the IT sector and civil liberties groups in 1998. Reviving the idea now would be as desperate as it is futile. If back doors let in the ‘good guys’ for monitoring purposes, the ‘bad guys’ will find other ways to elude detection.

In any case, no government agency has the personnel capacity to translate and read all the existing, decrypted material on the Internet, even before encryption is taken into account. Content filtering systems help reduce the workload, but these can be fooled by simple word codes.

As long as such problems remain unsolved, legislators should refrain from taking drastic steps that could hurt eBusiness far more than they hurt terrorism.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing