Why building backdoors into encryption software will not make us more secure

Encryption is an important technology that increases IT security and ensures the protection of sensitive information. The ability to encrypt one's data is considered by the UN to be a fundamental human right, but it is not without consequences.

Topic Cyber security
Encryption
Frank Bødtker Madsen
Frank Bødtker Madsen
Head of Security

Encryption

is a vital part of the internet today and the average person encounters it many times every day

Backdoors into encryption

Encryption is the primary means by which all our data is protected – emails, passwords, every bit of digital information that we exchange with each other via the internet. Encryption also protects journalists, whistleblowers, and human rights activists from being monitored and suppressed by authoritarian regimes, particularly in countries where freedom of speech is under pressure. In addition, encryption offers protection to individuals against the monitoring of their communications by hackers, criminals, and unscrupulous authorities. 

In cryptography, encryption is the process of encoding data. When data is encrypted, an algorithm is used to convert that data into code, a process that changes the original information, known as plaintext, into an alternative form known as ciphertext, which is unreadable to anyone without the proper decryption credentials. In this way, encryption protects the individual against information theft, since modern encryption systems cannot, as a general rule, be broken. A backdoor, however, is a covert method of bypassing normal authentication or encryption that is built into the software. And backdoors are at the center of the debate pitting our ability to enforce the law against our right to privacy.   

 

A double-edged sword

Today, encryption is a vital part of the internet and the average person encounters it many times every day – whenever you enter personal information into a web form, read your email or check your social media feed. The data you transfer is sent to a server for processing and, once encrypted, it is secured against thieves, fraudsters, and prying eyes. For the individual, encryption therefore provides significant safety advantages – because no one can access, alter, or appropriate confidential information once encrypted. 

However, like all technology, encryption can be exploited by criminals. They often use encrypted messaging services to communicate with one another, safely beyond the reach of law enforcement. And because of that, encryption has been the subject of intense debate in recent years.  

Over the course of the last year, US authorities have been applying pressure to tech giants to incorporate backdoors into their encryption software – a universal key that can unlock encrypted data. The authorities have emphasized that such backdoors would only be used following proper legal channels – for criminal investigations, such as organized crime, and national security concerns, such as terrorism. This came in the wake of a polarizing case in the US where federal investigators and Apple executives collided over a locked iPhone containing data from a suspected terrorist, raising both legal and technical questions. 

Several EU countries, including Germany and France, have also come forward with demands for their police units to be given access to encrypted information. The UN has been opposed to such demands for a long time, emphasizing that protection of secure online communication, specifically by encryption or anonymity, falls under rights to privacy and freedom of opinion and expression. 

Encryption has therefore become a great double-edged sword, protecting private life on the one hand, but making it harder for authorities to gather information about illegal activities, such as terrorism and drug-related crime, on the other. 

 

Technology leaders put under pressure

The encryption debate is nothing new, but it becomes the center of attention every time an act of terrorism or some other serious offense involving the use of electronic communication for organizing occurs. From the point of view of technology corporations, creating backdoors for their encryption software would be a breach of their data security policy and undermine the safety of their users' data. In addition, it would set the stage for more oppressive governments to get access to encrypted content – a potentially slippery slope towards human rights abuses. 

So far, the world's tech giants – Apple, Google, Facebook – have refused to build backdoors for their encryption software, often citing that the intelligence services will not be the only ones using it to gain access. Other threat actors, too, would be able to get access, which could develop into a threat against the general structure and stability of the internet. In March 2019, Facebook announced that it would henceforth attach greater importance to the sanctity of private life and ensure that users can communicate with one another using an encrypted service. 

In fact, several tech giants have stepped up encryption efforts since the former Intelligence Officer Edward Snowden revealed how the American National Security Agency (NSA) was party to a massive – and also illegal – monitoring program spanning many countries during the summer of 2013. 

Encryption is a fundamental component of a secure digital society. And precisely therein lies the dilemma. No tenable model to restrict or weaken encryption exists that will not affect all those who deserve protection just as much as those who use it for criminal activity. What is more, even if law-abiding corporations are legally compelled to weaken their encryption systems, criminals will still be using unbreakable encryption software.

When using the e-Boks platform all communication happens via secure, encrypted data channels and fully in accordance with the GDPR. Learn more about the e-Boks platform.

 

Let us tell you about our platform for digital communication.

 

Contact us

  • For more than 20 years, we have helped public authorities and businesses securely digitise their communication flows.
  • We proudly provide the governments of Denmark, Greenland, Norway, Sweden and Ireland with national digital post solutions.
  • Well-renowned international banks, insurance companies and energy service providers have chosen to use the e-Boks platform instead of pursuing their own solutions.

Explore more insights & success stories