Opinion: Yet Another Encryption Kerfuffle

Posted on by John Salomon
Broken padlock. This image was AI-generated.

This Time it’s Ukraine…

Recorded Future reports that “Signal has stopped responding to requests from Ukrainian law enforcement regarding Russian cyber threats”.

https://therecord.media/signal-no-longer-cooperating-with-ukraine

This comes hot on the heels of ongoing spats in Sweden, where law enforcement demands backdoors into secure messaging apps like Signal and WhatsApp, France, where a controversial amendment to the “Narcotrafic” law would have mandated encryption backdoors in order to simplify surveillance of drug traffickers, the UK, where the Home Office is engaged in a struggle with Apple to disable certain encryption functionalities for UK iCloud users, and others.

As with the European Union’s now-dead “Chat Control” legislative proposal, CyAN has consistently opposed encryption back doors. They are dangerous, and will damage confidence in secure commerce, voting, privacy, and other cornerstones of a strong, free, and democratic civil society.

Speaking as a very strong sympathizer of Ukraine’s cause: Signal is being consistent about ensuring the integrity of end to end encryption. Law enforcement should focus on endpoints.

Any highly secure, anonymous tool will be used by bad actors, it is inevitable. Keeping such tools secure is as much in Ukraine’s interests as in everyone else’s; if Signal is willing and able to help anyone access messages, then Russians will also figure out a way to get in (that’s bad, by the way.)

Law enforcement and intelligence agencies have a history of demanding access to encrypted data at rest and in transit, usually for perfectly understandable reasons and founded in good intentions. This is an extremely dangerous slippery slope, and the damage from such access is far greater than any benefits.

I want Ukraine to prevail, and to win its fight for freedom and independence against Russian aggression. I recognize that Russia is a hotbed, even state sponsor, of cyberattacks, fraud, and other menaces to our prosperity and stability, and I applaud Ukraine’s tireless efforts as part of a broader global coalition fighting these. I also fully recognize that the country is in a desperate situation; it’s completely rational and understandable that Ukrainian agencies would want any advantage they can muster in what is an existential struggle for the country. Legal, social, and economic niceties tend to take a back seat when someone is bombing your civilians and infrastructure without provocation.

That said, having the luxury of not having to face such a direct threat (yet?) we can afford to take a more strategic view. Not having access to encrypted messages of Russian cybercriminals may hamper Ukrainian countermeasures; it will not cripple their capabilities. At the same time, it doesn’t matter where and why a precedent for accessing secure, private communications is set – once the door is open, it will not close. The ongoing flurry of legislative, law enforcement, and intelligence agency demands for encryption backdoors needs constant vigilance and opposition; just because we may strongly sympathize with a cause doesn’t mean we should allow it to be a justification for something that is potentially much more damaging in the long term.

backdoor Cybercrime cybersecurity encryption law enforcement