IEEE official stance in support of strong encryption
- Transfer
Even in my rather narrow circle of communication, consisting mostly of techies, there are people who do not understand why the requirements to provide access to correspondence by weakening encryption or introducing backdoors into cryptographic protection mechanisms is another step that doesn’t pursue the wrong interests, which are declared. This translation is for them and for those who also do not see threats in these initiatives.
IEEE supports the unrestricted use of strong encryption to protect the confidentiality and integrity of transmitted and stored data. We oppose government efforts to restrict the use of strong encryption and / or the granting of exclusive access credentials using mechanisms such as backdoors or a key deposit system designed to facilitate government access to encrypted data.
Governments have a legal basis for law enforcement and the protection of national interests. IEEE believes that the requirement of deliberate creation of backdoors or deposit schemes - no matter how well-intentioned are behind it - does not satisfy these interests and leads to the creation of vulnerabilities that threaten both unforeseen and quite predictable negative consequences.
Strong encryption is essential to protect individuals, businesses, and governments from malicious cyber activity. Encryption protects the confidentiality and integrity of stored and transmitted data. Virtually all online commerce relies on encryption to protect data.
Exclusive access mechanisms can pose risks by allowing attackers to use weakened systems or embedded vulnerabilities for criminal purposes. If attackers know about the existence of exclusive access mechanisms, this will allow them to concentrate on finding and using them. Centralized key depositing schemes would create the risk that an adversary will be able to compromise the security of all participants, including those who were not originally targeted. As a result, the risk of successful cyber-theft, cyber-espionage, cyber-attack and cyber-terrorism can increase. The consequences of malicious cyber activity for individuals and societies can take many forms:
In addition, by increasing the risk of maliciously changing data, unrestricted access mechanisms can reduce confidence in data authenticity and lead to mistakes in making decisions and miscalculations.
Exclusive access mechanisms will not prevent attackers from taking advantage of the strong encryption created specifically for them or available in countries where there are no requirements for creating exclusive access mechanisms. Devices and systems with a high level of information security and / or for sure not having exclusive access mechanisms exist now and will always be available to intruders that law enforcement and intelligence agencies want to monitor.
Efforts to restrict strong encryption or introduce key deposit schemes in consumer products can have a long-term negative impact on the privacy, security, and civil rights of people affected by such regulation. Encryption is used throughout the world, and not all countries and institutions will comply with the security policies of exclusive access mechanisms. A goal deemed by one country to be lawful and consistent with its national interests may be considered by other countries as illegal or violating their standards or interests. Thus, jurisdictional issues may become the biggest obstacle to the work of exclusive access mechanisms.
Law enforcement agencies have a number of other investigative tools that provide access to systems and data when this is warranted. Methods include legal mechanisms for accessing data stored in clear text on corporate servers, targeted exploits for individual devices, forsensics for computers of suspects, and forcing suspects to provide keys and passwords.
Exclusive access mechanisms may prevent regulated companies from innovating and competing in the global market. The requirement of providing exclusive access can give companies that are not obliged to fulfill it, the ability to create products and services that look to customers in the global market more reliable than they deserve.
IEEE seeks to develop technology credibility through transparency, the creation of technical communities, and building partnerships between regions and countries. Measures that reduce information security or contribute to the abuse of secure information systems will inevitably damage this trust, which in turn will impede the ability of technology to achieve much more significant social benefits.
The Institute of Electrical and Electronics Engineers - IEEE (Eng. Institute of Electrical and Electronics Engineers) is the largest technical professional organization dedicated to promoting technology for the benefit of mankind. Due to frequently cited publications, conferences, technology standards, professional and educational activities, IEEE is an authoritative source in many different areas: from aerospace systems, computers and telecommunications to biomedical engineering, power engineering and consumer electronics.
IEEE supports the unrestricted use of strong encryption to protect the confidentiality and integrity of transmitted and stored data. We oppose government efforts to restrict the use of strong encryption and / or the granting of exclusive access credentials using mechanisms such as backdoors or a key deposit system designed to facilitate government access to encrypted data.
Keys deposited
Принцип бэкдора заключается в том, что третья сторона имеет механизм для независимого и негласного расшифровывания передаваемых данных. В попытке защитить приватность и предотвратить незаконное использоване бэкдора создан концепт депонированных ключей, предполагающий необходимость тайного сотрудничества независимых участников с правоохранительными органами для обеспечения доступа к бэкдору в целях расшифровки передаваемой информации.
Мнение ENSIA о шифровании: сильное шифрование гарантирует наше цифровое самоопределение, Европейское агентство по сетевой и информационной безопасности (ENSIA), Декабрь 2016, стр. 7.
Governments have a legal basis for law enforcement and the protection of national interests. IEEE believes that the requirement of deliberate creation of backdoors or deposit schemes - no matter how well-intentioned are behind it - does not satisfy these interests and leads to the creation of vulnerabilities that threaten both unforeseen and quite predictable negative consequences.
Safety basis
Strong encryption is essential to protect individuals, businesses, and governments from malicious cyber activity. Encryption protects the confidentiality and integrity of stored and transmitted data. Virtually all online commerce relies on encryption to protect data.
New risks
Exclusive access mechanisms can pose risks by allowing attackers to use weakened systems or embedded vulnerabilities for criminal purposes. If attackers know about the existence of exclusive access mechanisms, this will allow them to concentrate on finding and using them. Centralized key depositing schemes would create the risk that an adversary will be able to compromise the security of all participants, including those who were not originally targeted. As a result, the risk of successful cyber-theft, cyber-espionage, cyber-attack and cyber-terrorism can increase. The consequences of malicious cyber activity for individuals and societies can take many forms:
- direct financial losses;
- identity theft;
- theft of intellectual property and business-sensitive information;
- damage to critical infrastructure;
- threat to national security;
- reputational damage;
- loss of profits, such as loss of productivity;
- and even the threat of life, when computer systems supporting vital functions are turned off.
In addition, by increasing the risk of maliciously changing data, unrestricted access mechanisms can reduce confidence in data authenticity and lead to mistakes in making decisions and miscalculations.
It will not help
Exclusive access mechanisms will not prevent attackers from taking advantage of the strong encryption created specifically for them or available in countries where there are no requirements for creating exclusive access mechanisms. Devices and systems with a high level of information security and / or for sure not having exclusive access mechanisms exist now and will always be available to intruders that law enforcement and intelligence agencies want to monitor.
Jurisdiction issues
Efforts to restrict strong encryption or introduce key deposit schemes in consumer products can have a long-term negative impact on the privacy, security, and civil rights of people affected by such regulation. Encryption is used throughout the world, and not all countries and institutions will comply with the security policies of exclusive access mechanisms. A goal deemed by one country to be lawful and consistent with its national interests may be considered by other countries as illegal or violating their standards or interests. Thus, jurisdictional issues may become the biggest obstacle to the work of exclusive access mechanisms.
Alternative methods
Law enforcement agencies have a number of other investigative tools that provide access to systems and data when this is warranted. Methods include legal mechanisms for accessing data stored in clear text on corporate servers, targeted exploits for individual devices, forsensics for computers of suspects, and forcing suspects to provide keys and passwords.
Unfair competition
Exclusive access mechanisms may prevent regulated companies from innovating and competing in the global market. The requirement of providing exclusive access can give companies that are not obliged to fulfill it, the ability to create products and services that look to customers in the global market more reliable than they deserve.
IEEE seeks to develop technology credibility through transparency, the creation of technical communities, and building partnerships between regions and countries. Measures that reduce information security or contribute to the abuse of secure information systems will inevitably damage this trust, which in turn will impede the ability of technology to achieve much more significant social benefits.
About IEEE
The Institute of Electrical and Electronics Engineers - IEEE (Eng. Institute of Electrical and Electronics Engineers) is the largest technical professional organization dedicated to promoting technology for the benefit of mankind. Due to frequently cited publications, conferences, technology standards, professional and educational activities, IEEE is an authoritative source in many different areas: from aerospace systems, computers and telecommunications to biomedical engineering, power engineering and consumer electronics.