Enisa: Backdoors Will Undermine Society and Industry

The EU’s network and information security agency Enisa has become the latest big-name institution to publicly support strong encryption and claim that any attempts to circumvent such systems by law enforcers will undermine industry and civil society.

In a newly released paper, On the free use of cryptographic tools for (self) protection of EU citizens, the agency argued that cryptography provides the electronic equivalent of the “letter cover, the seal or rubber stamp and the signature.”

It claimed first off that key escrow and recovery, while theoretically possible, would require a “fundamental change” in our communications infrastructure, making it more complex and vulnerable to attacks.

Going down this road would also have a potentially negative economic impact, and it would be easy for individuals to bypass such a system, Enisa argued.

It continued:

“In addition future advances in cryptology and computing power might turn any mechanism that is specifically designed for law enforcement in a vulnerability that can be explored by criminal and terroristic organizations. Lastly, it is likely that restricting the use of cryptography in commercial products, will damage the EU based IT industries.”   

What’s more, any attempt at building backdoors into end-to-end encryption would undermine security and trust in a way that is completely at odds with the aims of the recently agreed NIS directive and General Data Protection Regulation, it argued.

Enisa’s stance comes on the back of a similar declaration from both the French and Dutch governments.

The French case is particularly noteworthy as many UK and US politicians have used the Paris terror attacks last year as evidence that intelligence agencies need access to encrypted messaging platforms.

This is even despite the fact that several of the terrorists in this instance were already on the radar of the US intelligence agencies, and communicated by Facebook and unencrypted SMS prior to the atrocities.

What’s Hot on Infosecurity Magazine?