Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint //

Privacy

6/9/2015
10:55 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tech Industry Warns President of Risks in Compromising Encryption

WASHINGTON – In a letter released today, leading associations representing the technology industry wrote to President Barack Obama to say they oppose “any policy actions or measures” by the federal government that would undermine encryption technologies. Citing encryption technology’s role in protecting consumer privacy and securing the integrity of data in the global digital infrastructure, the Information Technology Industry Council (ITI) and Software & Information Industry Association (SIIA) asked the President to work with the technology industry to find a pathway forward that “preserves security, privacy, and innovation.” 

The letter warns against policies that mandate the weakening of encryption or the ill-conceived notion of building in dedicated “work-arounds” for government agencies to access information. The letter also states that in addition to being technologically impractical, such policies would “compromise the security” of technology products and services, “rendering them more vulnerable to attacks” by criminals or bad actors. It would also “erode consumers’ trust in the products and services they rely on for protecting their information.”   

Recognizing that “the issue at hand is extremely complex, with implications both domestically and internationally” the industry groups seek to open a dialogue on policies surrounding encryption and offer to help develop a framework for further discussions.

The letter, text of which is included below, can be viewed by clicking here:

June 8, 2015                          

Dear President Obama,

The undersigned associations, representing a wide range of companies in the technology sector, write in connection with encryption technologies that companies incorporate into their products and services. This correspondence is intended to provide clarity on our position and to help develop a framework for further dialogue. We also take this opportunity to point out the global implications of certain policy measures relating to encryption.

We are opposed to any policy actions or measures that would undermine encryption as an available and effective tool. As you know, encryption helps to secure many aspects of our daily lives. Encryption is an essential asset of the global digital infrastructure, enabling security and confidentiality for transactions as well as assurances to individuals that their communications are private and information is protected. For example, the rapid growth in online commerce would not have happened but for consumers’ trust that their payment information is secure. Consumer trust in digital products and services is an essential component enabling continued economic growth of the online marketplace.

Accordingly, we urge you not to pursue any policy or proposal that would require or encourage companies to weaken these technologies, including the weakening of encryption or creating encryption “work-arounds.” We appreciate that, where appropriate, law enforcement has the legitimate need for certain information to combat crime and threats. However, mandating the weakening of encryption or encryption “work-arounds” is not the way to address this need. Doing so would compromise the security of ICT products and services, rendering them more vulnerable to attacks and would erode consumers’ trust in the products and services they rely on for protecting their information.

In addition to these security and trust concerns, the U.S. policy position on encryption will send a signal to the rest of the world. Should the U.S. government require companies to weaken encryption technology, such requirements will legitimize similar efforts by foreign governments. This would threaten the global marketplace as well as deprive individuals of certain liberties.

We are committed to finding pathways forward that preserve security, privacy, and innovation. We know the issue at hand is extremely complex, with implications both domestically and internationally. We hope that by being clear in defining the nature of the problem and our position we can contribute to the current dialogue. We look forward to continuing this discussion with your administration.

Sincerely,

Information Technology Industry Council   •   Software & Information Industry Association

# # #

About ITI:  The Information Technology Industry Council (ITI) is the premier advocacy and policy organization for the world’s leading innovation companies.  ITI navigates the relationships between policymakers, companies, and non-governmental organizations, providing creative solutions that advance the development and use of technology around the world. Visit http://www.itic.org/to learn more. Follow us on Twitter for the latest ITI news and other alerts: @ITI_TechTweets

About SIIA:  SIIA is the leading association representing the software and digital content industries. SIIA represents approximately 800 member companies worldwide that develop software and digital information content. SIIA provides global services in government relations, business development, corporate education and intellectual property protection to the leading companies that are setting the pace for the digital age. For more information, visit www.siia.net.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
US Capitol Attack a Wake-up Call for the Integration of Physical & IT Security
Seth Rosenblatt, Contributing Writer,  1/11/2021
IoT Vendor Ubiquiti Suffers Data Breach
Dark Reading Staff 1/11/2021
The Data-Centric Path to Zero Trust
Altaz Valani, Director of Insights Research, Security Compass,  1/13/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7343
PUBLISHED: 2021-01-18
Missing Authorization vulnerability in McAfee Agent (MA) for Windows prior to 5.7.1 allows local users to block McAfee product updates by manipulating a directory used by MA for temporary files. The product would continue to function with out-of-date detection files.
CVE-2020-28476
PUBLISHED: 2021-01-18
All versions of package tornado are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configura...
CVE-2020-28473
PUBLISHED: 2021-01-18
The package bottle from 0 and before 0.12.19 are vulnerable to Web Cache Poisoning by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with defa...
CVE-2021-25173
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory allocation with excessive size vulnerability exists when reading malformed DGN files, which allows attackers to cause a crash, potentially enabling denial of service (crash, exit, or restart).
CVE-2021-25174
PUBLISHED: 2021-01-18
An issue was discovered in Open Design Alliance Drawings SDK before 2021.12. A memory corruption vulnerability exists when reading malformed DGN files. It can allow attackers to cause a crash, potentially enabling denial of service (Crash, Exit, or Restart).