Encryption stops criminals. Weakening it doesn’t make sense

Graham Cluley
Graham Cluley
@[email protected]

Following the horrific terrorist attacks in Paris, there have been calls from some for law enforcement to be given a method to snoop upon encrypted communications.

For instance, Clare Foges – who writes speeches for UK Prime Minister David Cameron, and is described as one of his advisers – wrote a quite extraordinary piece in The Telegraph where she demonises encryption.

Never mind that the murderers in Paris appear to have communicated via unencrypted SMS.

Fortunately, there are some technical experts who are prepared to step into the debate and share their wisdom.

Sign up to our free newsletter.
Security news, advice, and tips.

For instance, here is a statement released yesterday by the Information Technology Industry Council (ITIC):

“Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety. We deeply appreciate law enforcement’s and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense.”

In case you are wondering, the ITIC counts amongst its members some of the biggest technology firms in the world.

Companies who are member of the ITIC include Accenture, Adobe, AMD, Agilent Technologies, Akamai, Acatel, AOl, Apple, BlackBerry, Brother, Canon, CA, Dell, EMC, Epson, Ericsson, Facebook, Fujitsu, Google, Hewlett Packard, HTC, IBM, Intel, Intuit, Lenovo, LinkedIn, Microsoft, Nokia, Oracle, Palo Alto Networks, Panasonic, Samsung, SAP, Sony, Symantec, Toshiba, Toyota, Twitter, Verisign, VISA, Yahoo, and more…

You would expect those companies to be against crime, right? You would expect them to know what they’re talking about when it comes to technology, yes?

In June they sent a letter to Barack Obama, acknowledging that the issue is complex, but warning against policies that would see encryption weakened or ill-conceived backdoors for government agencies to access information.

We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool. As you know, encryption helps to secure many aspects of our daily lives. Encryption is an essential asset of the global digital infrastructure, enabling security and confidentiality for transactions as well as assurances to individuals that their communications are private and information is protected. For example, the rapid growth in online commerce would not have happened but for consumers’ trust that their payment information is secure. Consumer trust in digital products and services is an essential component enabling continued economic growth of the online marketplace.

Accordingly, we urge you not to pursue any policy or proposal that would require or encourage companies to weaken these technologies, including the weakening of encryption or creating encryption “work-arounds.” We appreciate that, where appropriate, law enforcement has the legitimate need for certain information to combat crime and threats. However, mandating the weakening of encryption or encryption “work-arounds” is not the way to address this need. Doing so would compromise the security of ICT products and services, rendering them more vulnerable to attacks and would erode consumers’ trust in the products and services they rely on for protecting their information.

The big question is this: are the authorities refusing to listen to the advice of technology industry experts because it doesn’t fit an agenda that they have already decided upon?

Encryption stops criminals. Weakening encryption simply does not make sense.

If you haven’t already done so, read Clare Foges’s Telegraph article. If the people advising and writing speeches for our leaders can be so woefully clueless about a subject that we’re comparatively experts in, one wonders what other poorly-judged decisions are made by our governments every day.

flickr photo shared by Electronic_Frontier_Foundation under a Creative Commons ( BY ) license.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

4 comments on “Encryption stops criminals. Weakening it doesn’t make sense”

  1. Tim

    Next up…Clare Foges demanding that mathematicians globally stop being obstructive and cooperate on the government's demands that 2+2 needs to equal 5

    1. coyote · in reply to Tim

      But.. but… it does! 2 + 2 = 5 for extremely large values of 2!

      Or so the old joke goes…

  2. Barry Neilsen

    Nice to see that 92% of people who've so far clicked on the poll on that Telegraph article don't agree with it.

  3. coyote

    I've written about encryption in this sense too so I won't touch upon that (other than what I already wrote here).

    So instead I'll just answer your curiosity :

    'one wonders what other poorly-judged decisions are made by our governments every day.'

    It's quite simple, see: it's every decision they make. If you prefer it might be almost every decision. But what's the difference ? Mostly bad or all bad, the fact of the matter is governments are terrible decision makers – at least in the sense of making things better (it is great for their own manipulative, corrupt, malicious agenda, however).

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.