The Danger When Politicians Feel The Need to “Do Something” on Encryption

posted in: Tech | 0

This time, from Australia, where their anti-encryption law was based, apparently, on a fear that a terrorist attack would occur, and the people blocking this bill would get blamed for it.

Husic acknowledged that the tech industry was upset, explaining that Labor had passed the bill because national security agencies had said it was urgent.

He said the opposition could not rule out an “attempt by the other side of politics to blame us if, God forbid, something should happen over that period of time”.

Not because they had examined it, or because it was a good solution, but because they didn’t want to face the political backlash if something had happened.

Now though, they are facing political backlash, because if data stored in Australia is subject to forced decryption by the government, no one wants to store their data there any more:

Companies and governments are “no longer comfortable” about storing their data in Australia as a result of the encryption legislation, Microsoft has warned.

On Wednesday the company’s president and chief legal officer, Brad Smith, said customers were asking it to build data centres elsewhere as a result of the changes, and the industry needed greater protection against the creation of “systemic weaknesses” in their products.

This is a classic catch-22, and unfortunately an issue that is going to require grownups to have serious conversations and make serious decisions, not blaming one side or the other for not “doing something”. Because here’s the problem in a nutshell.

If encryption to you means “bad people hiding things”, you want a way to get into that data, no matter what. So you pass a law that says companies using encryption have to also have a way to let law enforcement break it.

ALSO  You Can't Secure What You Don't Know Exists

But if you believe in privacy and data protection, and by law most of us in any industry have to take reasonable steps to protect that data, encryption without any backdoors is the best way to accomplish that. If Microsoft wants to sell Office365 to business, for example, the business needs to be assured that no one, even at Microsoft, can get into their private data. If Microsoft is required to have a way to do that for law enforcement, that protection is out the window. We might as well keep the data out of the cloud, and deal with all of the disadvantages of that. Or, demand they only build data storage sites in countries that don’t require this, which is potentially where Australia is going to find itself.

Solving that is going to take more than a slogan that fits in a tweet, or pointing the finger at the other side, but it seems like that’s all politics is today, so I’m not hopeful.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.