Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management //

Encryption

12/6/2017
10:05 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Crypto Wars: The Show That Never Ends

The German Interior Ministry is spearheading an effort to create a new law that would require tech companies to provide backdoors for a range of devices. It's the latest salvo in the war over encryption.

As the classic Emerson, Lake and Palmer song goes: "Welcome back, my friends, to the show that never ends." Only this time, it's the Crypto Wars that are being refought.

The German government is preparing a law that would make all electronic device manufacturers include a backdoor that could be used by law enforcement authorities, according to local media reports. Such a backdoor in a connected auto might disable the warning it sends to its owner when physically disturbed -- say in a police investigation.

The German Interior Ministry is spearheading the effort, and is looking far beyond stopping car notifications to suspect owners. The ministry want companies to tell the government about any future plans that they have for encryption and other protocols in products, so that the police can analyze them.

Investigators also want the power to hack back at attackers, so that they can shut down some remote computer in a crisis.

Some of those who have seen the draft bill also point to provisions in it that would allow the state to intercept any Internet traffic. That kind of power would allow a full-blown surveillance state with snooping everywhere. Of course, the ministry says such power would only be used under court order.

This kind of effort is not unexpected to those that have seen similar efforts arise lately in France and the UK for such backdoors.

Indeed, closer to home, the US Justice Department has revisited the issue lately when Deputy Attorney General Rod Rosenstein told an audience in London this October: "There is no constitutional right to sell warrant-proof encryption."

The push back against working encryption is on the rise, without a doubt.

Once the province only of the government, it seemed that the first crypto wars of the 1980s and 90s had established that crypto use was not only legal, but that it was enabling the establishment of a digital economy. It seems obvious that people would not give financial information to a website to pay for shopping if they did not feel that it was being protected in a secure manner.

These new efforts that hold up the straw men of terrorists and criminals to the public miss some major points here. Backdoors or decrypting will not stop someone that wishes to blow things up. They will just change methods to ones that are harder to expose, like trusted couriers and face-to-face meetings.

And if there was some master key to encryption methods, how long would it take before it was stolen by threat actors? Such a key would make it easy for miscreants to obtain anything they wanted without any trace left behind, making the situation even worse.

The balance between too little and too much privacy in social settings has been discussed for years on end. It will continue to be discussed, no doubt. But a simplistic approach such as the removal of encryption from devices can only have unintended consequences that will end up crippling the only growth area left in the world.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Ripple20 Threatens Increasingly Connected Medical Devices
Kelly Sheridan, Staff Editor, Dark Reading,  6/30/2020
DDoS Attacks Jump 542% from Q4 2019 to Q1 2020
Dark Reading Staff 6/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15505
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1, and Sentry before 9.7.3 and 9.8.x before 9.8.1, allow remote attackers to execute arbitrary code via unspecified vectors.
CVE-2020-15506
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to bypass authentication mechanisms via unspecified vectors.
CVE-2020-15507
PUBLISHED: 2020-07-07
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10.5.2.x before 10.5.2.1, and 10.6.x before 10.6.0.1 allow remote attackers to read files on the system via unspecified vectors.
CVE-2020-15096
PUBLISHED: 2020-07-07
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affecte...
CVE-2020-4075
PUBLISHED: 2020-07-07
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure you are calling `event.preventDefault()` on all new-window events where the `url` or `options` is not ...