No keys under the doormat please Thumbnail
Encryption 12 August 2015

No keys under the doormat please

Christine Runnegar
By Christine RunnegarSenior Director, Internet Trust

The Internet technical and operational communities are coming out in strong support of the paper: Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (KEYS) which concludes:

“… This report’s analysis of law enforcement demands for exceptional access to private communications and data shows that such access will open doors through which criminals and malicious nation-states can attack the very individuals law enforcement seeks to defend. The costs would be substantial, the damage to innovation severe, and the consequences to economic growth difficult to predict… “

You can download and read the KEYS paper here.

On 16 July 2015, the World Wide Web Consortium (W3C) Technical Architecture Group (TAG) issued a finding on End-to-End Encryption and the Web explaining why the TAG supports strong encryption. The TAG also goes on to say:

“As other technical experts have written in [KEYS], it is impossible to build systems that can securely support “exceptional access” capabilities without breaking the trust guarantees of the web platform. Introducing such capabilities imposes known risks that far outweigh any hypothetical benefits.”

Friday, the Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG) published a blog post expressing its support for the use of effective end-to-end encryption, and endorsing the recommendations in the KEYS paper.While acknowledging that end-to-end encryption tends to make the fight against botnets, malware, spam, viruses, DDoS attacks etc. more difficult, M3AAWG said:

“In spite of this, we consider protection of user content and meta-data to be of paramount importance. While we understand the reasons that “exceptional access” could be useful to law enforcement, we believe that it introduces unacceptable risks and that, on balance, business and the public are far better served by keeping secure, unbreakable cryptography available and widely deployed. We concur with the reasons in the experts’ paper.”

Last year, the Internet Architecture Board issued an IAB Statement on Internet Confidentiality stating that encryption should be the norm for Internet traffic, which was strongly supported by the Internet Society’s Board of Trustees.

Similarly, the TAG issued a finding on Securing the Web.

Like the IAB, the M3AAWG, and the W3C, the Internet Society recognizes that encryption, especially pervasive end-to-end encryption, raises practical challenges for law enforcement, network management, intrusion detection, spam prevention, etc. We are taking an active role in facilitating discussions with various communities on how to address these challenges.

For example:

  • The Internet Society is co-sponsoring a workshop with the IAB, GSM Association and AT&T on Managing Radio Networks in an Encrypted World (MaRNEW) Workshop (24-25 September 2015) in Atlanta
  • The Internet Society is organising a workshop at the Internet Governance Forum on Law enforcement in a world where encryption is ubiquitous (10-13 November 2015, date to be determined) in João Pessoa, Brazil.

Share your views with us!

How can law enforcement continue to do its job in a world where encrypted Internet traffic is the norm?

Let us know in the comments below!

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption 22 November 2022

Two Things the US Should Do to Protect the Internet and the Security of Billions of People Online

Adopting the practice of Internet impact assessments is not just an option—it’s a must to protect the Internet we...

Encryption 8 February 2022

A Safer Internet Starts with More Encryption

Security is crucial to a safer Internet, and the only way towards a safer Internet is to take encryption off...

Encryption 19 January 2022

UK Online Safety Bill Set to Weaken Encryption and Put UK Internet Users At Risk

The Internet Society joins the UK England Chapter in calling for a redraft of the UK’s Online Safety Bill...