- Amanda Holden’s bad coronavirus advice sheds light on the struggle of being immunocompromised Friday 9:03 PM
- The World Health Organization is now fighting coronavirus misinformation on TikTok Friday 8:43 PM
- Police are using coronavirus misinformation to trick people into turning in drugs Friday 8:11 PM
- People can’t stop touching their faces–and the CDC really wants them to Friday 7:31 PM
- A TikTok of a girl getting an abortion is going viral—and the internet is divided Friday 3:06 PM
- FCC proposes $200 million fine for T-Mobile, others over data sharing Friday 3:03 PM
- Which ‘Love is Blind’ couples are still together? Friday 2:01 PM
- Review: ‘The Invisible Man’ reboot is thrilling but basic Friday 1:25 PM
- Sex workers speak out after OnlyFans leak Friday 1:21 PM
- Normani addresses Camila Cabello’s racist social media posts Friday 1:07 PM
- Mike Huckabee’s defense of Trump’s coronavirus response will make you nauseous Friday 12:06 PM
- Gmail’s email filtering may affect what candidate emails you are seeing Friday 11:08 AM
- Woman shares aftermath of domestic abuse: ‘This is only to raise awareness’ Friday 10:40 AM
- Skai Jackson gets restraining order against Bhad Bhabie after death threat Friday 10:19 AM
- Taylor Swift shades Scooter Braun in ‘The Man’ video Friday 10:15 AM
Top E.U. network-security official slams proposals for encryption backdoors
It’s unclear how his comments will shape the brewing debate.
The head of the European Union’s information-security agency on Wednesday rebuked government proposals requiring tech companies to design their encryption so that they could circumvent it for criminal and terrorism investigations.
“If you have a potential backdoor in an encryption implementation,” Udo Helmbrecht, the director of the European Union Network and Information Security Agency (ENISA), told Euractiv.com, “then the question is, how can you [ensure] that terrorists or criminals don’t attack it and don’t use it?”
In the wake of recent deadly terrorist attacks in Paris, Brussels, and San Bernardino, California, many Western governments are considering legislation that would force tech companies to be able to bypass their products’ encryption if investigators present them with warrants for user data.
Law-enforcement and intelligence officials, like FBI Director James Comey in the United States, argue that terrorists and criminals are “going dark” by using encryption to mask their planning. But tech companies, security experts, and civil-liberties advocates have strenuously opposed demands for so-called “backdoors” in encryption, arguing that they would devastate innocent users’ security and tech firms’ economic competitiveness.
As part of the latest phase of the so-called “crypto wars,” the United States, the United Kingdom, and France are considering various legislative solutions to the encryption dilemma.
In the United States, the leaders of the Senate Intelligence Committee are working on a bill that is said to require backdoors. French lawmakers recently approved an amendment that would punish companies that refuse to cooperate with demands for encrypted data. And the U.K. Parliament is debating the Investigatory Powers Bill, which contains a provision letting authorities demand “the removal of electronic protection applied … to any communication or data.”
The phenomenon extends beyond Europe. China recently adopted a counterterrorism law that could let police demand backdoor access, and it is said to be looking to U.S. policymakers for guidance or political cover in implementing such a requirement.
Critics of backdoors point out that they create new digital risks by deliberately engineering a vulnerability that is available to anyone who can find it.
“What would be your feeling if you leave your house and you know somebody else has a key?” Helmbrecht said.
“It is very encouraging to see E.U. officials support encryption,” said Estelle Massé, a policy analyst in the Brussels office of the digital-rights group Access. “We now encourage the E.U. to translate these statements in action and engage with members states such as France and Hungary that are putting forward proposals to undermine encryption.”
Massé noted that Helmbrecht’s remarks echoed what Andrus Ansip, the vice president of the European Commission, the E.U.’s executive body, has said about backdoors.
A spokesperson for U.K. Home Secretary Theresa May, who is spearheading the Investigatory Powers Bill, attempted to distance the legislation from Helmbrecht’s concerns.
“The bill does not create backdoors,” the spokesperson said in an email. “Rather, it maintains the existing obligation for telecommunications companies to assist in the execution of warrants which can themselves only be issued where necessary and proportionate.”
While it is true that there is no explicit backdoor mandate in the bill, the requirement that tech companies “assist in the execution of warrants” would effectively prohibit them from implementing encryption that they cannot break. This would amount to a mandate that they place backdoors in their encryption.
Nathalie Kosciusko-Morizet, the French lawmaker who sponsored the punitive amendment, did not respond to an email asking for her response to Helmbrecht’s remarks.
ENISA, founded in 2004 and based in Greece, is an E.U. agency that works to bolster network security across the 28-member international body. Its 55 staff members serve as resources for E.U. and national lawmakers considering information-security policies.
Helmbrecht has served as ENISA’s director since October 2009. Before that, he led Germany’s Federal Office for Information Security, which oversees, among other things, national cryptography policy.
Update 2:04pm CT, March 30: Added quote from Access analyst.
Update 9:45am CT, March 31: Added response from Home Office.
Photo via ITU Pictures/Flickr (CC BY 2.0)
Eric Geller is a politics reporter who focuses on cybersecurity, surveillance, encryption, and privacy. A former staff writer at the Daily Dot, Geller joined Politico in June 2016, where he's focused on policymaking at the White House, the Justice Department, the State Department, and the Commerce Department.