In late June, two pieces of legislation were introduced to the U.S. Congress, each offering its own requirements for mandating encryption backdoors—which would effectively put an end to end-to-end encryption. The LAED Act, introduced by three Republican senators, would force tech companies to assist the government in decrypting user data if so ordered by a court, while the bipartisan EARN IT Act would establish a government commission for security best practices headed by longtime encryption opponent Bill Barr. Both bills have met staunch opposition from encryption advocates, who astutely note that intentionally weakening encryption capabilities only makes it easier for cybercriminals to accomplish their goals.
Encryption Backdoors Help Law Enforcement—and Cybercriminals
One of the primary justifications for encryption backdoors is to help law enforcement search the electronic devices of accused criminals or terrorists. A prominent example of when such a law might come into play is the 2015 San Bernardino terror attack. In the aftermath of this incident, the FBI demanded that Apple help the agency unlock the perpetrator’s iPhone by creating a new version of iOS that would allow an unlimited number of password guesses until successful. Apple refused, citing both consumer privacy and concerns that such a piece of software would present a public danger if it ever was leaked.
Read the complete article by Attivo Networks CTO Tony Cole on Security Boulevard.