Thursday 24 September 2015

Rejoice, World: U.S. Government-Mandated Backdoors Are Unlikely

Ask a U.S.-based CEO what he really thinks about government backdoors for encrypted technology and he’ll have little need for nuance.

Paul Kafasis, Rogue Amoeba, United States, government-mandated backdoors
Rogue Amoeba's Kafasis: "Backdoors are a terrible idea."
Rogue Amoeba’s Paul Kafasis recently told us, "Government-mandated backdoors are a terrible idea, and they’re virtually sure to be exploited. Look no further than the TSA locks. The master keys for these locks are widely spread, and recently, a photograph of all the keys was published. Now, the locks are right and truly compromised for everyone, all due to a government-mandated back door.”

It’s a sentiment frequently expressed by members of the United States tech industry and one that has thus far held off mandated backdoors. As a waffling United States government inches closer to making a definitive statement one way or the other, SumRando can’t help but acknowledge the significant implications legislation will have for the world beyond America that is largely dependent on U.S. products and services. As SumRando’s CEO recently pointed out, “It’s an oversimplification to think that one country’s concerns and policies exist in isolation.” 

For all you Randos out there wondering what will come next, we have some good news: a document leaked earlier this month to the Washington Post implies that encryption worldwide just became a little safer.

The document, said to have been written by U.S. National Security Council members, outlines three potential strategic approaches to government policy regarding encryption, none of which are pushing for government-mandated backdoors in the near future :

Option 1: Disavow Legislation and Other Compulsory Actions, self-labeled “the strongest option for cybersecurity, economic competitiveness and civil liberties and human rights,” acknowledges that:               
  • Government backdoors are not a “secure, practical solution” to law enforcement information gathering.
  • Because U.S. technology is used around the globe, mandating vulnerabilities “makes all of us less safe.”
  • “Domestically, many privacy and civil liberties advocates would regard this approach as a significant step in defense of privacy and free expression around the world.  If other nations follow our lead or companies successfully resist country demands, this approach could limit repressive regimes’ willingness to demand access to encrypted information, which likely would help protect dissidents and other communities in danger of human rights violations."

Option 2: Defer on Legislation and Other Compulsory Actions calls for further public discussion before drafting legislation while also acknowledging that the tech industry is unlikely to voluntarily comply with government-requested backdoors.

Option 3: Remain Undecided on Legislation or Other Compulsory Actions would allow competing messages—Obama’s belief that “there is no situation in which you wouldn’t want strong encryption” alongside a general government desire for greater access to communications—to continue to exist, potentially eroding trust in the credibility, accountability and effectiveness of the U.S. government.

We anxiously await which option Washington will launch this fall, but can’t imagine that the public would accept anything less than the “strongest option for cybersecurity, economic competitiveness and civil liberties and human rights.”

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando! 

1 comment:

  1. Relevant: http://venturebeat.com/2015/09/24/nsa-director-just-admitted-that-government-copies-of-encryption-keys-are-a-security-risk/

    ReplyDelete