The protection of confidentiality and the integrity of communications and stored data is more important than the investigation of crime and terrorism, according to an official Dutch government statement on encryption.
Published by the Ministry of Security and Justice and signed by the security and business ministers, the five-page paper runs through the arguments for enhanced encryption and the impact that this has on police and intelligence services investigating serious and organised crime and acts of terrorism.
It says the use of encrypted communications by terrorists ahead of last year's attacks in Paris is a strong argument in favour of building backdoors into encryption technology. However, it adds, the ubiquity of the encryption technology means it is almost impossible to put the genie back in the bottle.
“The Dutch situation cannot be seen in isolation from the international context,” the statement read (taken from a Google Translation). “Strong encryption technology is increasingly available worldwide or already integrated into products or services. Given the widespread availability and use of advanced encryption techniques and the transnational nature of the data traffic, the prospects for action at national level is limited.”
This statement would appear to put the Dutch government at odds with the position of the UK government, as outlined in its draft Investigatory Powers Bill which would require communication service providers to provide a means by which messages could be decoded on demand.
Signed by the Minister of Security and Justice, G. A. van der Steur, and the Minister of Economic Affairs, H.G.J. Kamp, the document makes the point that the Dutch government, which is increasingly providing services to its citizens through digital communications, has a duty to preserve the integrity of that data which would be made more difficult if encryption protocols were designed with backdoors.
While acknowledging the impact it would have on intelligence gathering, Steur and Kamp concluded that on balance it was more important to gain the economic and social advantages of encryption: “The government recognises the importance of strong encryption for Internet security, to support the protection of the privacy of citizens, for confidential communication of the government and companies, and for the Dutch economy. Therefore, the government believes that it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption within the Netherlands.”
Dr Nithin Thomas, co-founder and CEO of SQR Systems, approved of the Dutch government position. “Creating backdoors in encryption technology would just as readily create access for hackers as it would intelligence services, leaving everything from individual financial data to national secrets at risk,” he said.
He favours ensuring that individuals and organisations control their own data. “This would allow them to comply with legal needs during investigations and criminal proceedings without compromising security. This requires communications service providers to re-think their communications security architecture and corporate policy to enable them to deal with legal intercepts,” Thomas said.
He added: “By passing responsibility for lawful disclosure to the individuals and organisations that own the data, we will remove the need to damage the protection that encryption affords. This will also create more trust between users and authorities, with the process becoming more transparent rather than occurring behind closed doors.”
Cindy Provin, president of Thales e-Security, told us: “This move by the Dutch government is certainly a step in the right direction, especially in today's modern world. Backdoors that provide access to law enforcement are great in theory but in reality has the potential to introduce huge vulnerabilities. If it became known that such backdoors existed, as it surely would, the likelihood of this being exploited by hackers is unarguable. With today's sophisticated attacks, the reality is that bad guys will exploit the ‘backdoors'.”