Why Legislators Are Eager to Mandate Encryption Backdoors
Mon, 04/23/2018 – 12:58
Ignorance of Cryptography and Computer Sciences
This is becoming a systemic problem in and outside government. Colleges and universities have been and continue to teach “Introduction to Computing” classes, but in my experience, institutions of higher learning do not have courses specific to information security for the non-technical degree seeker. When I was teaching “Introduction to Computing,” the only mention of security was in the week before finals and did not address cryptography but rather the standard advice of only connect to secure wireless networks, update your systems, and keep your antivirus up to date.
Many of the legislators and lobbyists come from other professions: law, medicine, business, etc. Many, but not all, legislators are from a generation absent of being “wired” and underwent their formal education before technology at that scale and scope was an offering. I am not saying that these people are tech-illiterate, I am saying that many lack the understanding of what happens beyond the user experience.
Lobbying from Law Enforcement and Intelligence Professionals Sourced from Outside Cryptography
This group of people are not necessarily ‘villains’ per se, but they can easily be portrayed as such. They come from an era when people were not ‘always on.’ The 24-hour news cycle had not reached its climax yet, assuming it has at this point. People in law enforcement and government were able to do more monitoring with less accountability from the public.
Fast forward to 2016 and beyond and these people have progressed out of their military service, police beat, or detective duties into management roles via career advancement, appointment, or election. Due to these people being trained to look for physical clues and having been able to get a warrant to investigate, the ability to do so in encrypted systems is a foreign concept to them. Because of the mathematics involved with cryptography and cryptanalysis, the ability to get a warrant and have a look around from the conventional sense is not feasible and it puzzles them.
Theoretical: Lobbying from Firms and Organizations that Would Benefit Financially from Backdoors
Of all the groups mentioned here, I would consider this group to be the villains. They are the companies, vendors, and organizations that would benefit from subverting cryptography. It is a slippery slope with this because if cryptography were banned (think 1984), their business model would collapse. This requires these organizations to lobby for enough cryptography but not “too much.” I am not aware of any specific companies of this sort, but in 2018, nothing surprises me anymore.
I summarize this in the regard of most legislators are not trying to bring Orwell’s Big Brother from 1984 into reality nor are they putting in the effort to learn about encryption and how it impacts their constituents. I do offer the three reasons above as possible reasons why we are still having this debate. If we learned anything in 2017, it is that secrets are rarely “secret” and everything can be made public in a single keystroke.
In the United States, United Kingdom, and abroad, encryption is a hot button issue. We have heard Directors of the FBI, Attorney-Generals, and other legislators lobby to mandate backdoors into existing cryptosystems. Some of the same cryptosystems that the same governments use. Why? There is no clear answer, but I have three ideas why this is the case.
*** This is a Security Bloggers Network syndicated blog from Venafi Blog authored by Scott Carter. Read the original post at: https://www.venafi.com/blog/why-legislators-are-eager-mandate-encryption-backdoors