No keys under the doormat please Thumbnail
‹ Back
Encryption 12 August 2015

No keys under the doormat please

Christine Runnegar
By Christine RunnegarSenior Director, Internet Trust

The Internet technical and operational communities are coming out in strong support of the paper: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (KEYS) which concludes:

“… This report’s analysis of law enforcement demands for exceptional access to private communications and data shows that such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict… “

You can download and read the KEYS paper here.

On 16 July 2015, the World Wide Web Consortium (W3C) Technical Architecture Group (TAG) issued a finding on End-to-End Encryption and the Web explaining why the TAG supports strong encryption. The TAG also goes on to say:

“As other technical experts have written in [KEYS], it is impossible to build systems that can securely support “exceptional access” capabilities without breaking the trust guarantees of the web platform. Introducing such capabilities imposes known risks that far outweigh any hypothetical benefits.”

Friday, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) published a blog post expressing its support for the use of effective end-to-end encryption, and endorsing the recommendations in the KEYS paper.While acknowledging that end-to-end encryption tends to make the fight against botnets, malware, spam, viruses, DDoS attacks etc. more difficult, M3AAWG said:

“In spite of this, we consider protection of user content and meta-data to be of paramount importance. While we understand the reasons that “exceptional access” could be useful to law enforcement, we believe that it introduces unacceptable risks and that, on balance, business and the public are far better served by keeping secure, unbreakable cryptography available and widely deployed. We concur with the reasons in the experts’ paper.”

Last year, the Internet Architecture Board issued an IAB Statement on Internet Confidentiality stating that encryption should be the norm for Internet traffic, which was strongly supported by the Internet Society’s Board of Trustees.

Similarly, the TAG issued a finding on Securing the Web.

Like the IAB, the M3AAWG, and the W3C, the Internet Society recognizes that encryption, especially pervasive end-to-end encryption, raises practical challenges for law enforcement, network management, intrusion detection, spam prevention, etc. We are taking an active role in facilitating discussions with various communities on how to address these challenges.

For example:

  • The Internet Society is co-sponsoring a workshop with the IAB, GSM Association and AT&T on Managing Radio Networks in an Encrypted World (MaRNEW) Workshop (24-25 September 2015) in Atlanta
  • The Internet Society is organising a workshop at the Internet Governance Forum on Law enforcement in a world where encryption is ubiquitous (10-13 November 2015, date to be determined) in João Pessoa, Brazil.

Share your views with us!

How can law enforcement continue to do its job in a world where encrypted Internet traffic is the norm?

Let us know in the comments below!

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption 19 October 2021

Global Encryption Day – Help us Champion Strong Encryption

The first ever Global Encryption Day takes place on 21 October, 2021. An initiative from the Global Encryption Coalition...

Encryption 14 October 2021

Advocacy Groups Must Stand Up for Encryption—While They Still Can

Encrypted messaging is indispensable for advocacy groups that use the technology to stand up for their communities. As new...

Encryption 13 September 2021

Make the Switch for Global Encryption Day 

Global Encryption Day on 21 October 2021 will put strong encryption firmly in the spotlight around the world to...

Join the conversation with Internet Society members around the world