Netherlands opposes backdoors, but encryption still under assault

Netherlands opposes backdoors, but encryption still under assault

The Dutch government has officially declared its opposition to any restrictions on the development or use of encryption products, even as Dutch lawmakers are weighing legislation that could mandate backdoor government access to encrypted communications.

In a 4 January 2016 letter to the Dutch parliament, the head of the Ministry of Security and Justice, Ard van der Steur, explained the government’s reasons for endorsing strong encryption, which sound quite similar to those cited by technologists such as Apple’s Tim Cook, the most high-profile critic of backdoors.

According to a translation of the letter, provided by Dutch cybersecurity consultant Matthijs R. Koot, van der Steur points to the uses of encryption for protecting the privacy of citizens, securing confidential communications by government and businesses, and ensuring the security of internet commerce and banking against cybercrime.

Privacy of communications is also a protected right under the Dutch constitution, and a fundamental right protected by the European Convention on Human Rights and the Charter of Fundamental Rights of the EU, van der Steur’s letter says.

The minister acknowledges that criminals and terrorists may also use encryption, making it difficult if not impossible for law enforcement and intelligence services to monitor their communications in defense of national security and public safety.

But van der Steur also observes that encryption is widely available and requires “little technical knowledge, because encryption is often [an] integral part of the internet services that they too can use.”

But because today’s communications products and services use unbreakable encryption, demands that technology companies hand over decrypted data would essentially require weakening encryption to provide backdoors.

Van der Steur notes that any “technical doorways” [backdoors] in encryption would undermine the security of digital systems, making them “vulnerable to criminals, terrorists and foreign intelligence services.”

As fellow Naked Security writer Paul Ducklin put it in a recent article we published about the risks of deliberately weakening cryptographic systems:

[M]andatory cryptographic backdoors will leave all of us at increased risk of data compromise, possibly on a massive scale, by crooks and terrorists…

…whose illegal activities we will be able to eavesdrop and investigate only if they too comply with the law by using backdoored encryption software themselves.

Van der Steur agrees very strongly:

[Backdoors] would have undesirable consequences for the security of communicated and stored information, and the integrity of IT systems, which are increasingly important to the functioning of society.

In his conclusion, van der Steur states:

The government endorses the importance of strong encryption for internet security, for supporting the protection of citizens’ privacy, for confidential communication by the government and companies, and for the Dutch economy.

Therefore, the government believes that it is currently not desirable to take restricting legal measures concerning the development, availability and use of encryption within the Netherlands.

A VICTORY IN THE CRYPTO WARS?

The debate over encryption backdoors goes back to the 1980s and 1990s, was revived in the past two years by law enforcement officials like FBI Director James Comey, and has intensified since the 13 November 2015 terrorist attacks in Paris.

While efforts to pass legislation in the US and UK mandating backdoors have so far been unsuccessful, some advocates fighting against backdoors are worried the Crypto Wars have gone global.

China recently passed an anti-terrorism law that compels technology companies to decrypt data upon request of the government; while in Pakistan, the government’s demand for backdoor access to BlackBerry customer data led the company to pull out of the country entirely.

Concerns over proposed surveillance legislation in the UK has led Apple to take unusually bold steps to oppose passage of the Investigatory Powers Bill.

Apple submitted a letter to the bill’s oversight committee saying language in the draft bill could force Apple to “weaken security for hundreds of millions of law-abiding customers,” in order to allow security services to eavesdrop on encrypted communications such as iMessage.

In the US, Republican Senator Richard Burr, chairman of the Senate Intelligence Committee, has indicated that he wants to propose legislation requiring companies to decrypt data at the government’s request.

Even in the Netherlands, the government’s recent pro-encryption stance is not a complete victory for opponents of backdoors.

As Koot noted on his blog, the pro-encryption policy isn’t guaranteed to remain policy in the future, and Dutch law already requires technology companies to decrypt data sought in targeted investigations.

Meanwhile, the Dutch parliament is considering updating a 2002 security and intelligence law to compel bulk decryption of communications, Koot reports.

The war over backdoors has yet to be lost or won, and it is far from over.

Recommended

U.S.Defense Secretary Ashton Cater Doesn't Believe in Encryption Backdoors

Secretary of Defense Ashton Carter came out against supporting encryption back-doors at a conference panel on Wednesday. At the RSA information security conference in San Francisco, Carter told a packed room that he supported strong encryption and thought back-door access to encrypted communication as unrealistic. During his talk on the Apple vs. FBI case, which ...

Encryption May Hurt Surveillance, but Internet Of Things Could Open New Doors

Tech companies and privacy advocates have been in a stalemate with government officials over how encrypted communication affects the ability of federal investigators to monitor terrorists and other criminals. A new study by Harvard's Berkman Center for Internet and Society convened experts from all sides to put the issue in context. The report concluded that ...

Tech big guns confront U.K. parliament on backdoors, encryption

A group of high tech corporate powerhouses has gathered together to protest a law proposed by the U.K. government that would allow an array of legal and intelligence agencies the ability to access computer data through backdoors and decryption. Facebook, Google, Microsoft, Twitter and Yahoo submitted a letter, dated December 21, 2015, to the parliamentary ...

Microsoft, Google, Facebook to U.K.: Don’t weaken encryption

Microsoft, Google and Facebook are urging U.K. officials not to undermine encryption as they work on laws that would authorize forcing communications service providers to decrypt customer traffic. In a joint written submission to the U.K. Parliament the three U.S.-based companies lay down several areas of concern, which, if not addressed, they say could damage ...

暂无评论

发表评论

您的电子邮件地址不会被公开,必填项已用*标注。

This site uses Akismet to reduce spam. Learn how your comment data is processed.