The European Union Agency for Network and Information Security (ENISA) released a new report on encryption today, which argues strongly against law enforcement’s uses of, or requests for, backdoors in consumer electronics. The report concludes that the inclusion of such backdoors in consumer electronics puts regular citizens at substantial risk, and may even undermine national security.
As Tom’s Hardware reports, ENISA goes on to suggest that backdoors required by one nation’s laws could very well be exploited by a rival nation, effectively giving a national actor access to thousands or even millions of backdoored consumer devices. The benefits, ENISA states, simply do not outweigh the substantial risks that backdoors pose to public safety and national security.
Speaking specifically to the public safety risks, the report goes on to suggest that backdoors are not only dangerous but dangerously ineffective. Government or law enforcement mandated backdoors are designed to provide a way into secured electronics seized from criminals, as a way to circumvent consumer-grade security in an emergency. ENISA cautions against such thinking, stating that criminals would simply make use of non-backdoored technology to get around government-mandated backdoors.
Just this year, the conflict between public safety and privacy was highlighted when the FBI requested Apple’s help in unlocking the San Bernardino, California shooter’s iPhone. At the time Apple cautioned against such a request, suggesting that a backdoor for law enforcement could just as easily become a backdoor for criminals. Today ENISA echoes those concerns.
“Limiting the use of cryptographic tools will create vulnerabilities that can in turn be used by terrorists and criminals, and lower trust in electronic services, which will eventually damage industry and civil society,” the report warns.
The ENISA report is not unsympathetic to law enforcement’s encryption dilemma, and recognizes the difficult position law enforcement agencies are in with regard to strong encryption being used by criminals. But, the European Union agency cautions, weakening encryption or backdooring consumer electronics will only create more vulnerabilities in the long run.