Those within the corridors of power argue that cyber security is essential, that the health of our economy is dependent on UK businesses being protected. Evidence of the government's new drive can be clearly seen upon the London Underground and online, through the Cyber Streetwise campaign. This is indeed true, companies of all sizes lose millions of pounds each year due to security incidents, whether these are data breaches, malware infestations, or phishing scams. It is refreshing for researchers to hear that cyber security has been given such great importance, especially as the risks of attacks are so frequently underestimated by those companies not peddling anti-virus products.
However, in another case of the heads of the Whitehall Hydra not acting in unison, David Cameron has recently proposed for data encryption to be broken in order to assist law enforcement and secret intelligence efforts. Whilst it is true that the government has the right to open your physical mail in transit (in special circumstances), implying that forces are prevented from pursuing cases due to encryption is disingenuous. At the other side of the puddle, the National Security Agency (NSA) also appears misaligned with the US National Intelligence Council: the former wishing access to more data, while the latter emphasises the importance of encryption within a Snowden-released 2009 document.
Let me repeat an oft-repeated fact: a backdoor is a backdoor, and a vulnerability is a vulnerability. We have enough implementation errors and design flaws within software when we try and make it bullet-proof; purposely adding security holes into widely-deployed applications is just a bad idea. Once malicious parties understand that software vendors must comply with backdoors to trade effectively, the race is on to find the vulnerability and steal the data. We might sleepwalk into a situation where law enforcement and criminal groups both have access to our personal information, hence leaving the balance unchanged at the cost of our civil liberties.
In essence, you cannot have your cookies and eat them too. We have been trying to make software more secure, more robust, and more reliable for decades, bemoaning that no "silver bullet" exists to solve our woes. What we certainly do not need is to work in the opposite direction, all in the faint hope that the "good guys" will be the only ones intelligent enough to exploit the vulnerabilities. If the intelligence agencies truly have that current advantage, then they shouldn't require everyone else to weaken their security.
However, in another case of the heads of the Whitehall Hydra not acting in unison, David Cameron has recently proposed for data encryption to be broken in order to assist law enforcement and secret intelligence efforts. Whilst it is true that the government has the right to open your physical mail in transit (in special circumstances), implying that forces are prevented from pursuing cases due to encryption is disingenuous. At the other side of the puddle, the National Security Agency (NSA) also appears misaligned with the US National Intelligence Council: the former wishing access to more data, while the latter emphasises the importance of encryption within a Snowden-released 2009 document.
Let me repeat an oft-repeated fact: a backdoor is a backdoor, and a vulnerability is a vulnerability. We have enough implementation errors and design flaws within software when we try and make it bullet-proof; purposely adding security holes into widely-deployed applications is just a bad idea. Once malicious parties understand that software vendors must comply with backdoors to trade effectively, the race is on to find the vulnerability and steal the data. We might sleepwalk into a situation where law enforcement and criminal groups both have access to our personal information, hence leaving the balance unchanged at the cost of our civil liberties.
In essence, you cannot have your cookies and eat them too. We have been trying to make software more secure, more robust, and more reliable for decades, bemoaning that no "silver bullet" exists to solve our woes. What we certainly do not need is to work in the opposite direction, all in the faint hope that the "good guys" will be the only ones intelligent enough to exploit the vulnerabilities. If the intelligence agencies truly have that current advantage, then they shouldn't require everyone else to weaken their security.