An end to end-to-end encryption?
This week the European politicians sought to outlaw the practice of technology companies having backdoors to encrypted private data. Such a move is undoubtedly the best way to ensure the protection of sensitive data, but is considered controversial as it provides a channel for potential terrorists to communicate without the means for security agencies to spy on them.
The European Parliament however seem to be leaning toward the civil liberties and privacy arguments. Such an approach seems to be a victory for common sense, since the technology for end-to-end encryption is well known and widely publicised meaning its trivial for organized groups with malicious intent to create their own secure communication tools.
In contrast enabling, or permitting, technology companies or governments to access data without consent raises concerns particularly with the most sensitive data such as medical records.
There are other, unexpected consequences from such back doors, exemplified by the WannaCry ransomware attacks which piggy bagged on a security vulnerability the NSA had identified, and exploited, but which was leaked into the public domain.
Politicians in both the UK and the US have been calling for tech companies to be forced to introduce such weaknesses intentionally so that they can examine communications. Such calls show a concerning lack of understanding in how encryption technology works which ministerial advisors should really understand.
The views expressed in this blog are those of the author and do not necessarily reflect the official policy or position of the company