A GROUP OF CRYPTOGRAPHERS AND COMPUTER SCIENTISTS has blasted demands from US and British governments for backdoors to encryption systems, saying that it would cause a "major security risk".
The report from the Massachusetts Institute of Technology (MIT) Computer Science and Artificial Intelligence Lab criticises plans to allow law enforcement agencies unfettered access to encrypted data, following in the footsteps of Apple and Google.
UK prime minister David Cameron, for example, said recently that services such as iMessage and WhatsApp should be banned if British intelligence services cannot access them, while the FBI has argued that access to encrypted communications is crucial in the fight against terrorism.
MIT said in a 34-page paper, compiled by the likes of security expert Bruce Schneier and professor Ross Anderson from Cambridge University, that this is a bad idea and will create a major security risk.
"Such access will open doors through which criminals and malicious nation states can attack the very individuals law enforcement seeks to defend,” the paper said.
"The costs would be substantial, the damage to innovation severe and the consequences to economic growth hard to predict. The costs to the developed countries’ soft power and to our moral authority would also be considerable."
The paper noted that granting governments backdoors to encryption systems will also make them a more appealing target to hackers and increase the risk of data breaches.
"Security credentials that unlock the data would have to be retained by the platform provider, law enforcement agencies, or some other trusted third party," it said.
"If law enforcement's keys guaranteed access to everything, an attacker who gained access to these keys would enjoy the same privilege.
"Recent attacks on the US Government Office of Personnel Management show how much harm can arise when many organisations rely on a single institution that itself has security vulnerabilities."
MIT also pointed out that UK plans to compel all communications providers, including US companies, to grant access to British security and law enforcement agencies will see other companies following suit, reversing policy to keep the internet free.
"China has already intimated that it may require exceptional access. If a UK-based developer deploys a messaging application used by citizens of China, must it provide exceptional access to Chinese law enforcement?" the experts wrote.
"Which countries have sufficient respect for the rule of law to participate in an international exceptional access framework? How would such determinations be made?
"How would timely approvals be given for the millions of new products with communications capabilities? And how would this new surveillance ecosystem be funded and supervised?" µ
Tabs to more Ctrl and less Win. Such Fn.
Either that or it's a really intense holiday