Technology
Encryption Backdoors
Do They Create More Concerns Than Good?
Written by Peggy Keene
As technology continues to become increasingly intertwined with a citizen’s daily life, companies continue to push to buy, sell, transfer, and collect personal information. Today, analytics and information on a consumer is king, and as such, more and more companies push to have access to such data, and with that access, governments and law enforcement agencies have increasingly looked to gain access as well, through encryption backdoors.
Balancing User Privacy, Targeted Advertising, and Encryption
Backdoors
Security experts and privacy law proponents have long touted privacy
concerns about unintended access or data breaches. With each new year,
company privacy policies or government legislation has been rolled out
to strike a balance between affording any user a meaningful level of
protection without completely denying access to the wealth of personal
data collected on consumers. But while companies often claim that their
collection of analytics is at an aggregate level or that any data they
do collect is used to curate the experience of a user through targeted
advertising, it still stands that the overall wealth of information
collected about users has been increasingly pursued by a number of third
parties that often now include government agencies and/or foreign
powers.
And as such, while privacy experts have seen a sharp increase in the demand for stronger encryption, there has been a correlating demand for easier access to such data in the form of encryption backdoors.
An encryption backdoor is generally defined as a deliberate weakness created by the service provider to allow for easy access to the encrypted data. In this case, the backdoor would be purposely coded to allow for the requesting party, often law enforcement or government agencies in most cases, to have access to encrypted data that may exist on one’s personal devices like laptops or cellphones.
The Resistance Against Backdoors
Many governments and law enforcement agencies have made strong cases for
how encryption backdoors can prevent terrorist acts or allow for
meaningful intervention by law enforcement agencies. However, privacy
experts often warn that encryption backdoors can still have the opposite
effect if the weaknesses end up being exploited by foreign hackers or
even terrorist cells.
As a result, many high-profile companies have stated that the risk of including an encryption backdoor is too high, and as such, have instead moved to strengthen end-to-end encryption in products, which basically renders communications inaccessible to the provider altogether.
Key Takeaways on the
Use of Encryption Backdoors
As personal information has become king, there has been increased
pressure for service providers to incorporate encryption backdoors for
easy access by governments and/or law enforcement agencies. The response
for such calls has been divided, which has ultimately resulted in:
-
stronger end-to-end encryption by resistant companies;
-
compliance by some companies that have strong relationships with the requesting agency or government; and
-
an increase in hacking attempts and data breaches as it relates to encrypted data. TBJ
PEGGY KEENE is an associate of Chamblee Ryan and of counsel to Klemchuk. Her practice focuses on intellectual property and internet law, insurance litigation, and data privacy. She has also served as in-house counsel in the telecommunications industry.