Stay informed of free updates
Just register at Cybersecurity Myft Digest – Delivered directly in your reception box.
The writer is president of the encrypted messaging service signal
Imagine that a government telling a automotive business to secretly weaken the effectiveness of the brakes on all the cars it sells, recklessly putting the safety of millions of people. It would be an unthinkable undergraduate of public security.
Unfortunately, this is what is happening in the United Kingdom in cybersecurity, where Apple was forced to remove confidentiality and protection of vital security of end -to -end encryption of its safeguard storage service – exposing people and infrastructure to significant vulnerabilities.
Apple is not the villain here. It was not a slight choice. The company has invested billions of dollars in cryptographic research and development and occurs as a friendly company.
But Apple was packed in a corner after receiving an order from the British government to ask it to rewrite and weaken basic confidentiality technology, in deliberately engineering vulnerabilities not only in the United Kingdom, but in the world, in order to grant government access to the rear door to client cloud storage data.
The government has also ordered the company to say to anyone, using the so-called “snoopers charter” to keep the order and degradation of the security it has mandated, secret.
Instead of complying, Apple has stripped the encryption of backups in the United Kingdom alone and launched a legal complaint. It is a reduction in misdeeds, but it is always harmful. If you are in the United Kingdom, your iCloud backups – lots of things like sensitive commercial documents, intimate photos, evidence and financial files – are now vulnerable to hacks, violations, flights and requests from the hostile government that Apple may or may not resist.
For those outside the United Kingdom, the news is always bad. Communication does not remain within the jurisdictional limits. Everything you have shared with friends or peers in the United Kingdom now lacks the protection of end-to-end encryption. This photo that you sent to a friend, or the confidential information that you have shared with a consideration, is now vulnerable.
If this is what Apple can be submitted, we must also take a break and shiver, because we contemplate which other technological societies can have received such a secret order, and instead of fighting, behaving silently. Business leaders in particular should be concerned about what it could mean for them, and the confidence they have exercised in cloud servers, software and other critical systems that could be secretly subject to reckless endangerment.
The United Kingdom is an integral part of a dangerous trend that threatens the cybersecurity of our global infrastructure. Sweden legislators recently proposed a law that would oblige communication providers to strengthen door vulnerabilities. France is about to make the same mistake when it votes on the inclusion of “ghost participants” in secure conversations via rear doors. “Cat control” legislation haunts Brussels.
Basic infrastructures such as air traffic control, medical devices and emergency operations are based on hardware and calculation software. The use of strong encryption to protect security and confidentiality is therefore a question of national security.
The threat is not hypothetical. Last year, the US government revealed that Typhon of Salphon’s attacks on American telecommunications systems, in which China’s affiliated nation-state hackers had access to call files, text messages and other more intimate information for millions of Americans. Potential victims included President Donald Trump. How did the pirates do this? They exploited the integrated “rear doors” in telecommunications systems.
The fundamental question is simple: encryption is that mathematics and mathematics do not discriminate between a government investigator and a criminal pirate – a rear door is a rear door and if it is there, anyone can enter.
There is also a contradiction at stake. If politicians dream of making the United Kingdom a technological center, they should not work to undermine the foundations of cybersecurity, on which a viable technology industry is based.
The government should withdraw its erroneous mandate. Instead of surreptitiously cutting the brake cables on the technological car, it should strive to strengthen the safety and intimacy of the technology that forms the nervous system of our world. Business leaders must also play a role, clearly indicating that these dangerous measures are unacceptable and by pushing companies whose technology they linked to deploy encryption, and other protections, without which their interests and those of their customers will be vulnerable.
We have sold so many fundamental operations of our lives and institutions to technology, we must recognize that the encryption strong is not the enemy of security – it East security. The argument that weakening encryption will make one of us is as bad as dangerous.
