Donate
Don’t Poke Holes in Our Digital Security Shield Thumbnail
‹ Back
Encryption 13 April 2021

Don’t Poke Holes in Our Digital Security Shield

Lennart Schulze
By Lennart SchulzeGuest Author

In only a few days the European Union will close the doors on our chance to provide feedback on an initiative which could grant law enforcement agencies backdoor access to encrypted messaging services. Doing this would poke holes in our most important digital security shield. It misleadingly claims it to protect kids’ safety online. As a young German IT professional and advocate who has experienced the importance of cybersecurity myself, I find this prospect both short sighted and dangerous.

Encryption protects the privacy of our online communications, financial data, and health records. It safeguards key transportation, infrastructure and industries. And it enables us to work and study from home, along with myriad benefits for social and economic prosperity.

Weakening this necessary armour by allowing law enforcement to interfere will threaten all of this by opening doors that criminals can exploit. Rather than undermining it, encryption needs to be strengthened and expanded.

The increased adoption of end-to-end encryption over the past few years, especially among popular messaging services, is a major achievement for cybersecurity and human rights. Yet governments have been pushing back, repeatedly referring to the inability of law enforcement to fulfill their duties when presented with subjects’ non-decipherable information. Recently, German federal lawmakers are furthering their plans to grant access to individuals’ devices to national intelligence agencies too, going beyond the permitted interference of police and justice officials introduced in 2017.

As a young person, I’m concerned these developments particularly threaten our future. Not only are youth the group most likely to be online in Europe, but we’re also the most active community on social networks, leading to special exposure to the consequences of interfered encryption. If our digital literacy and social participation are indeed a priority, how can measures be considered that undermine their core?

The most worrying: Backdoors to encryption are open to everybody. Maintaining vulnerabilities in both hardware and software, even when created on purpose for authorities’ exclusive use, helps criminals seize the opportunity to hack them too. This uncontrollable threat, paradoxically, also puts governments at risk.

With backdoors, law enforcement might exploit existing security breaches in digital products. However, the incentive to keep these flaws secret, instead of disclosing them to the developers for elimination, also leaves them open to whoever was using them before – jeopardizing the overall security of the Internet. Plus, as agencies lack their own resources, software procured for these purposes often stems from dubious sources, resulting in governments supporting illegitimate actors and authoritarian regimes.

The overall political problem becomes obvious in the fundamental contradiction between weakening encryption and European values. Introducing backdoors would go against the EU’s very promise to improve cybersecurity. It also conflicts with discussions happening across Europe about digital sovereignty. You cannot ask international players to respect European privacy and cybersecurity standards while authorities here are actively undermining them.

This further shows that jurisdiction cannot effectively control the application of these measures: Due to the lack of technical expertise in oversight bodies, the legitimacy of authorities’ eavesdropping on encrypted communication often remains unquestioned, infringing on democratic principles.

This is where, instead, governments could leverage the potential of digitization for law enforcement to achieve their objectives. In fact, technology produces so many sources of information, that breaking encryption is not necessary at all to have sufficient data for criminal prosecution.

Encryption is paramount for social, economic, and political prosperity. We need to call upon EU member states to urgently refrain from banning encryption or forcing companies to weaken it with backdoors. Instead of working on political measures to harm encryption, our governments should be strengthening encryption by passing forward-looking legislation and supporting the technical development of secure standards.

What we need are shields, not holes.


Image by Paweł Czerwiński via Unsplash

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

DNSSEC and DANE Activities at ICANN 57 in Hyderabad, India, November 4-7, 2016
Deploy3604 November 2016

DNSSEC and DANE Activities at ICANN 57 in Hyderabad, India, November 4-7, 2016

Friday marks the beginning of the ICANN 57 meeting in Hyderabad, India. As per usual there will be a range of...

Internet Governance & Sustainable Development - The Case of Small Island Developing States
Internet Governance9 November 2012

Internet Governance & Sustainable Development – The Case of Small Island Developing States

I will be posting a report here shortly on what I consider (perhaps I am biased) to be the most...

New IPv6 Security Testing from go6lab
Deploy3608 April 2015

New IPv6 Security Testing from go6lab

In my go6lab, I often work with vendors to test the implementation of various IPv6 features and let them know...

Join the conversation with Internet Society members around the world