The FBI was recently engaged in a public battle with Apple over access to a terrorist’s smartphone. Supported by some of the world’s largest tech companies, including Google and Facebook, Apple resisted a court order to hack the security features on an iPhone belonging to one of the San Bernardino attackers. Law enforcement officials believed the phone may have contained important information, but civil rights activists were worried the move could set a dangerous precedent.
The crux of the matter is that it is technologically impossible to build a backdoor into encryption systems without potentially making the whole system vulnerable. If the FBI or the NSA can use a backdoor, then so can foreign intelligence agencies, criminals, or terrorists themselves.
We had a comment from Hugo who argues this question raises many important issues. In a democratic state, should intelligence agencies necessarily be guaranteed access to the private activity of all citizens (even if a judge’s approval is required first)? Who is liable if a citizen becomes the victim of cybercrime due to one of these backdoors?
To get a response, we spoke to Heli Tiirmaa-Klaar, Cyber Security Policy Advisor for the European External Action Service (EEAS). She argued that a balanced approach between civil liberties and security was required:
Well, this is a very difficult question which is now being discussed everyday with law enforcement, especially in the context of the recent terrorist attacks. We know that cyber-systems are sometimes used for malicious purposes, and quite a lot of organised crime has moved to cyberspace or is using cyberspace for its purposes. So, there should be some sort of balanced approach to encryption that would react to the needs of law enforcement if it’s really necessary, but of course it shouldn’t be done at the expense of civil liberties. And several EU countries are currently passing laws and discussing how to find this balance.
Should backdoors be built into encryption to counter terrorism? Would backdoors help intelligence services monitor potential threats and ensure our safety? Or would this make ordinary citizens more vulnerable to cybercrime? Let us know your thoughts and comments in the form below and we’ll take them to policymakers and experts for their reactions!