Skip to main content

ENISA: crypto backdoors “create vulnerabilities that can be used by criminals and terrorists”

Posted by Sam Frances on Friday, February 26th, 2016 at 14:14

The European Agency for Network and Information Security (ENISA) has released a paper criticising moves by governments seeking to create “back doors” into encrypted communications.

While conceding that “cryptography might make lawful interception harder”, the paper argues that schemes such as key recovery and escrow “introduces new technological risks to IT infrastructure and it might even damage the gathered evidence”, and other attempts to limit the use of crypography would be unenforceable.

Key escrow and recovery is theoretically possible, but it would need a fundamental change of our communication infrastructure and joint development efforts of many experts. The resulting infrastructure would be more complex, making it potentially more vulnerable to attacks and less resilient to failures. The economic impact might be undesirable. Furthermore, for individuals, it would be rather simple to bypass these systems (unnoticeable for law enforcement), which might make them ineffective. In addition future advances in cryptology and computing power might turn any mechanism that is specifically designed for law enforcement in a vulnerability that can be explored by criminal and terroristic organizations. Lastly, it is likely that restricting the use of cryptography in commercial products, will damage the EU based IT industries.

The take-home message is that, while the aims behind law enforcement requests for cryptography backdoors “may be legitimate”:

…limiting the use of cryptographic tools will create vulnerabilities that can in turn be used by criminals and terrorists, and lower the trust in electronic services, which eventually will damage industry and civil society in the EU.

For more information, see the ENISA paper - On the free use of cryptographic tools for (self) protection of EU citizens.

With over 770 members connecting from over 76 different countries worldwide, LINX members have access to direct routes from a large number of diverse international peering partners.

© London Internet Exchange, 2018 Registered office: London Internet Exchange Limited, 2nd Floor, Trinity Court, Trinity Street, Peterborough PE1 1DA United Kingdom . Registered in England, Number: 3137929
VAT Registration Number: GB 665 9580 82 Head office main telephone number Telephone: +44 (0)1733 207700 Fax: +44 (0)1733 207729

Web Design by Web Design by Bluestorm Design & Marketing

Leave Feedback

Cookies

This site uses cookies to store information on your computer. Some of these cookies are essential to make our site work and have already been set. By using our site you accept the terms of our Privacy Policy.

×