Connect with us

Hi, what are you looking for?


Data Protection

Security Experts Warn Against Encryption Backdoors

A group of computer code experts said Tuesday that law enforcement cannot be given special access to encrypted communications without opening the door to “malicious” actors.

A group of computer code experts said Tuesday that law enforcement cannot be given special access to encrypted communications without opening the door to “malicious” actors.

A research report published by the Massachusetts Institute of Technology challenges claims from US and British authorities that such access is the policy response needed to fight crime and terrorism.

Providing this kind of access “will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend,” said the report by 13 scientists.

The paper was released a day after FBI Director James Comey called for public debate on the use of encrypted communications, saying Americans may not realize how radical groups and criminals are using the technology.

Comey argued in a blog post that Islamic State militants are among those using encryption to avoid detection.

The New York Times, which reported earlier on the study, said Comey was expected to renew a call at a congressional hearing for better access to encrypted communications to avoid “going dark.”

The computer scientists said, however, that any effort to build in access for law enforcement could be exceedingly complex and lead to “unintended consequences,” such as stifling innovation and creating hostility toward new tech products.

Advertisement. Scroll to continue reading.

“The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict,” the report said.

“The costs to developed countries’ soft power and to our moral authority would also be considerable.”

In the 1990s, there was a similar debate on the “clipper chip” proposal to allow “a trusted third party” to have access to encrypted messages that could be granted under a legal process.

The clipper chip idea was abandoned, but the authors said that if it had been widely adopted, “it is doubtful that companies like Facebook and Twitter would even exist.”

The computer scientists said the idea of special access would create numerous technical and legal challenges, leaving unclear who would have access and who would set standards.

“The greatest impediment to exceptional access may be jurisdiction,” the report said.

“Building in exceptional access would be risky enough even if only one law enforcement agency in the world had it.”

The British government is considering legislation to compel communications service providers, including US-based corporations, to grant access to British law enforcement agencies.

“China has already intimated that it may require exceptional access,” the report said.

“If a British-based developer deploys a messaging application used by citizens of China, must it provide exceptional access to Chinese law enforcement?”

Among the report’s authors are Daniel Weitzner, director of the MIT Computer Science and Artificial Intelligence Laboratory, and well-known MIT cryptographer Ronald Rivest.

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...