Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management //

Encryption

12/6/2017
10:05 AM
Larry Loeb
Larry Loeb
Larry Loeb
50%
50%

Crypto Wars: The Show That Never Ends

The German Interior Ministry is spearheading an effort to create a new law that would require tech companies to provide backdoors for a range of devices. It's the latest salvo in the war over encryption.

As the classic Emerson, Lake and Palmer song goes: "Welcome back, my friends, to the show that never ends." Only this time, it's the Crypto Wars that are being refought.

The German government is preparing a law that would make all electronic device manufacturers include a backdoor that could be used by law enforcement authorities, according to local media reports. Such a backdoor in a connected auto might disable the warning it sends to its owner when physically disturbed -- say in a police investigation.

The German Interior Ministry is spearheading the effort, and is looking far beyond stopping car notifications to suspect owners. The ministry want companies to tell the government about any future plans that they have for encryption and other protocols in products, so that the police can analyze them.

Investigators also want the power to hack back at attackers, so that they can shut down some remote computer in a crisis.

Some of those who have seen the draft bill also point to provisions in it that would allow the state to intercept any Internet traffic. That kind of power would allow a full-blown surveillance state with snooping everywhere. Of course, the ministry says such power would only be used under court order.

This kind of effort is not unexpected to those that have seen similar efforts arise lately in France and the UK for such backdoors.

Indeed, closer to home, the US Justice Department has revisited the issue lately when Deputy Attorney General Rod Rosenstein told an audience in London this October: "There is no constitutional right to sell warrant-proof encryption."

The push back against working encryption is on the rise, without a doubt.

Once the province only of the government, it seemed that the first crypto wars of the 1980s and 90s had established that crypto use was not only legal, but that it was enabling the establishment of a digital economy. It seems obvious that people would not give financial information to a website to pay for shopping if they did not feel that it was being protected in a secure manner.

These new efforts that hold up the straw men of terrorists and criminals to the public miss some major points here. Backdoors or decrypting will not stop someone that wishes to blow things up. They will just change methods to ones that are harder to expose, like trusted couriers and face-to-face meetings.

And if there was some master key to encryption methods, how long would it take before it was stolen by threat actors? Such a key would make it easy for miscreants to obtain anything they wanted without any trace left behind, making the situation even worse.

The balance between too little and too much privacy in social settings has been discussed for years on end. It will continue to be discussed, no doubt. But a simplistic approach such as the removal of encryption from devices can only have unintended consequences that will end up crippling the only growth area left in the world.

Related posts:

— Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
News
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Edge-DRsplash-10-edge-articles
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
News
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-27670
PUBLISHED: 2021-02-25
Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter.
CVE-2021-27671
PUBLISHED: 2021-02-25
An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack.
CVE-2020-9051
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2020-9052
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.
CVE-2020-9053
PUBLISHED: 2021-02-24
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none.