The European Agency for Network and Information Security (ENISA) has released a paper criticising moves by governments seeking to create “back doors” into encrypted communications.
While conceding that “cryptography might make lawful interception harder”, the paper argues that schemes such as key recovery and escrow “introduces new technological risks to IT infrastructure and it might even damage the gathered evidence”, and other attempts to limit the use of crypography would be unenforceable.
Key escrow and recovery is theoretically possible, but it would need a fundamental change of our communication infrastructure and joint development efforts of many experts. The resulting infrastructure would be more complex, making it potentially more vulnerable to attacks and less resilient to failures. The economic impact might be undesirable. Furthermore, for individuals, it would be rather simple to bypass these systems (unnoticeable for law enforcement), which might make them ineffective. In addition future advances in cryptology and computing power might turn any mechanism that is specifically designed for law enforcement in a vulnerability that can be explored by criminal and terroristic organizations. Lastly, it is likely that restricting the use of cryptography in commercial products, will damage the EU based IT industries.
The take-home message is that, while the aims behind law enforcement requests for cryptography backdoors “may be legitimate”:
…limiting the use of cryptographic tools will create vulnerabilities that can in turn be used by criminals and terrorists, and lower the trust in electronic services, which eventually will damage industry and civil society in the EU.
For more information, see the ENISA paper - On the free use of cryptographic tools for (self) protection of EU citizens.