Beware of false promises and threats to encryption security online.
It’s easy to understand why United States Federal Bureau of Investigation (FBI) Director Christopher Wray would ask companies to provide a means for law enforcement to access private data and communications.
“We’re all for strong encryption and… we are not advocating for ‘backdoors,'” he said at recent cyber security conference. “We’ve been asking for providers to make sure that they, themselves, maintain some kind of access to the encrypted data we need, so that they can still provide it in response to a court order.”
We all want to thwart criminals from using the Internet for harm. But here’s the catch: despite Wray’s claims, there is no way to comply with his request without breaking the security we all rely on to keep people, communications, and data safe online.
No matter what you call it, a backdoor is a backdoor. Any method that gives a third-party access to encrypted data creates a major vulnerability that weakens the security of law-abiding citizens and the Internet at large.
Encryption is essential to security online.
Consider how it contributes to the global effort to contain the COVID-19 pandemic. Encryption protects the electricity grids and secures the IT infrastructure of our hospitals. It protects the financial transactions of those forced to do online banking and shopping in self-isolation. It also enables billions of people around the world to work safely from home.
For some people, encryption is always especially critical to personal safety. This includes members of the LGBTQ+ community and active military personnel. End-to-end encryption can help protect them from bodily harm or even death.
Don’t be fooled by false promises. We must be wary when people point to ‘new’ ways to access confidential information online. Threats to encryption – our most effective way to secure private data and communications online – go by many names.
To help you get your facts straight, we’ve developed some fact sheets explaining commonly-used weasel terms for proposed techniques to access private data and communications that threaten our safety online:
We explain what they are, how they threaten encryption, and the potential unintended consequences for digital security and the global Internet.
It’s important to remember that strong encryption is a critical part of keeping people and data safe online, and making sure the Internet can continue to evolve as a force for good.
Part of championing a strong Internet is about understanding its greatest threats and challenges; the other is acting to defend it. Join the global movement working to promote #strongencryption as our strongest digital tool to keep people and information safe online.
 https://arstechnica.com/information-technology/2018/04/why-ray-ozzies-plan-for-unlocking-encrypted-phones-wont-solve-the-crypto-wars/; https://www.lawfareblog.com/principles-more-informed-exceptional-access-debate