It is really scary to me: We get discussions again about backdoors in crypto-algorithms, export control for encryption etc. etc. The list is endless. When I started in security just before the change of the millennium, we already had these discussions and I thought that it was agreed that this is a bad thing.
Backdoors in crypto-algorithms will definitely fire back. There is no way these backdoors can be kept secret. No way. This means that we will weaken the overall industry and expose it to unacceptable risks with which result? Do we really think that the bad guys â€“ being it terrorists or criminals â€“ would use the weakened algorithms? Definitely not (not even if we would mandate them to do soâ€¦). There will be people writing OpenSource algorithms and implementing them, which is a good thing. Remember PGP? What will criminals and terrorists do? What will businesses do to protect against improper access to their information? Use tools and software with no (known) backdoors.
Similar is true with export control. Dear politicians and regulators, I know that we in the security industry too often used military and weapon vocabulary to explain security and this is ultimately a bad analogy. But you cannot regulate software the way you regulate weapons as software is not a physical good requiring factories to produce. Software will be easily replicated, whether you like it or not. The only impact you will have is on companies wanting to do business globally. The bad guys will not be impacted â€“ they will just circumvent your rules and even leverage them to do “business” (back to the backdoor above).
So, please stop this discussion and get back to business. Once again, a close collaboration between the private sector and the public sector are needed to make sure both sides will be able to achieve their goals. Otherwise we run the risk of regulating the wrong things â€“ not achieving the regulators goals but limiting the company’s ability to do business and â€“ at least as bad â€“ to protect themselves against attacks.
- David Cameron is going to try and ban encryption in Britain (AAPL) (businessinsider.com)
- No U-turn: David Cameron still wants to break encryption (wired.co.uk)
- Top crypto experts warn governments over encryption backdoors (fortune.com)