There is talk of weakening Cybersecurity in an attempt to make it easier for authorities to listen in on criminal communications. The two obvious arguments against this are a) weakening security hurts everyone, and b) criminals will simply shift to other methods of communication.
I will discuss both of those points below. But first i need to clarify that by “weakening Cybersecurity” authorities are (i assume but it is not yet know for sure) attempting to install “backdoors” into communicates. I am not suggesting that there is any expectation of authorities to alter encryption to achieve this but rather to listen in while the data is visible to the service provider.
I am not proposing that authorities want to break or control SSL/TLS and/or AES or any other encryption technology to achieve their “backdoor” scheme. That would mean legislating rubbish encryption. These encryption technologies are open standards and anyone can compile and use it. Just because the law says a criminal can not use strong encryption does not mean they will not.
Starting with my first point that “weakening Cybersecurity hurts us all”. I accept that my analogy is poor and extreme but it does get my point across. Consider police insisting that seat belts be outlawed because they find it easier to get criminals out of cars when they are not waring seat belts. The pros and cons speak for themselves in the seat belt analogy. Obviously seat belts do so much good that the minimal bad they do is no reason to abandon them. I will leave that terrible analogy there.
If we have learnt anything in recent times it is that authorities can not keep secrets well. If their access to the data was less restricted than intended (either because criminals used the same “backdoor” as the authorities or because authorities have too much anonymity in regards to their use of the access) we would find ourselves in a very bad situation. The scope of the “backdoor” scheme is not yet known known. If it extends to any communications between two parties passing through a service provider, then that would include my communications with Bank support staff, emails and voice calls with my wife and all communications with my lawyer. I can not see that as useful information to law enforcement.
My second point being “criminals will simply move” is an important one. All efforts to weaken Cybersecurity will be for nothing, cost plenty and achieve greater surveillance on law abiding citizens with no return. Criminals will use another method/medium to communicate. Consider that a criminal organisations favorite messaging application is subject to the “backdoor”. Surely they would pick another method of communicating such as VPN’s, onion ring or (most simple) encrypt the body of emails. Remember that criminals do not need to comply with any legislated limitations on encryption so they can use GPG/PGP encryption, encrypt their emails and be safe from authority interceptions.
I conclude that weakening Cybersecurity in any way hurts those who are not the target of law enforcement and does not do anything to help catch or restrict criminals. The damaging outcomes are a) we all have to live with broken and untrustworthy security and everything that comes with that, and b) criminals side-step the efforts of authorities and this is all for nothing.
I will leave with one last comment. The world needs to trust in Cybersecurity. Our banking system, our health system and our identification systems works because we trust in the integrity of those systems. “Backdoors” open questions on “man in the middle” attacks (or in this case, legislated authority access) and we as a community has gone to great lengths to stop such activity. No good can come from this.
