Security news that informs and inspires

Civil Liberties Groups Decry Calls for Encryption Backdoors

A group of 14 civil liberties organizations from the United States and Europe is raising the alarm about recent calls from government agencies for access to encrypted communications, saying those efforts would not have a measurable effect on crime and would cripple vital security systems for millions of people.

The International Network of Civil Liberties Organizations on Monday issued a statement that echoes concerns from many similar groups about efforts by the Department of Justice, Council of the European Union, and the European Commission to weaken encrypted communication systems and apps in order to provide access for law enforcement agencies. This has been a consistent drumbeat from legislators and law enforcement agencies both in the U.S. and Europe for many years, but the calls for encryption backdoors have been growing louder and more frequent as secure messaging apps have proliferated and become the go-to communication mechanism for many people. Apps such as Signal, WhatsApp, and Telegram have drawn the ire of regulators and law enforcement agencies in many countries recently for not providing a capability for law enforcement to access users’ messages.

Last month, officials from justice agencies in the U.S., UK, India, Australia, and Japan released a joint statement calling on technology providers to give law enforcement “access to content in a readable and usable format” when a warrant or other legal authorization is issued.

“Particular implementations of encryption technology, however, pose significant challenges to public safety, including to highly vulnerable members of our societies like sexually exploited children. We urge industry to address our serious concerns where encryption is applied in a way that wholly precludes any legal access to content,” the statement said.

"Any weakening of that encryption, no matter how well intentioned, will weaken security."

There are also several proposed bills in Congress right now that would affect the use of strong encryption and the ability of platform and app providers to build it into their products. The INCLO statement, which was signed by 14 of the 15 member organizations including the American Civil Liberties Union, the irish Council for Civil Liberties, and the Canadian Civil Liberties Association, warns that weakening encryption will have myriad unintended consequences.

“So many of our online activities involve the transmission of highly sensitive data that is currently protected by strong encryption. Any weakening of that encryption, no matter how well intentioned, will weaken security around these activities; increase the chance of that encrypted data being accessed by malicious third parties; increase well-founded fears of fraud and identity theft; and likely breed distrust,” the statement says.

“INCLO calls on authorities to protect E2EE and safeguard the privacy and innumerable daily security benefits and uses of encryption by people around the world.”

Many of the proposals to grant law enforcement some sort of access to encrypted communications involve technology providers and app developers holding encryption keys for users’ sessions so they can provide plaintext when law enforcement presents a warrant or court order. Others call for a vague technology to be embedded in devices or apps in order to grant access. None of these proposals has been received positively by the major technology providers, and vendors such as Apple and Google have been going in the opposite direction, adding encryption to more of their products and services and speaking out publicly against encryption backdoors. If anything, that trend is likely to grow stronger as user demand for encrypted services grows.