An EU-wide ban on so-called backdoors in software would reduce pressure on companies to allow governments a secret way into a system, as well as strengthen cybersecurity across Europe, according to a digital industry body.
Backdoors are ways of bypassing normal authentication processes in software, which allow people to gain access to users’ data.
Alex Whalen, a senior policy manager at Digital Europe, a membership organisation representing the digital technology industry, says that companies often come under pressure from governments to provide backdoors or decryption keys in their products.
‘Understandably, from the point (of view) of government, there’s a lot of concern about being able to protect society and the barriers they face with encryption technology,’ he said. ‘But that’s something that our members don’t want to budge on at all, they don’t want to provide backdoors or give keys or in any way weaken encryption.’
He was speaking in response to an independent scientific opinion about how to shore up cybersecurity in Europe, which was published on 24 March by the EU’s Scientific Advice Mechanism (SAM). In it, the authors – a selection of leading European scientists from a range of disciplines – recommend that ‘neither backdoors nor other ways of weakening encryption should be introduced’.
The report said a general no-backdoor policy could be crucial to small businesses, who may find it hard to resist government-mandated backdoors and could easily lose trust and customers as a result.
‘If you start weakening encryption or you provide backdoors … hackers will find a way to utilise those backdoors.’
Alex Whalen, Senior Policy Manager, Digital Europe
Whalen also points out that the deliberate bypassing of authentication would, in fact, decrease security. ‘If you start weakening encryption or you provide backdoors, although the intention might be great and positive for the government, hackers will find a way to utilise those backdoors. For companies that’s certainly something they … can’t allow for their customers.’
The recommendation was one of 10 coming out of the report, which covered issues of data protection and privacy as well as cybersecurity. It does not recommend specific policies, but rather is designed to be used as a basis for updating the EU’s cybersecurity strategy, the current version of which dates from 2013.
An updated policy is considered critical to complete the EU’s digital single market to allow digital companies to operate across borders by removing regulatory barriers.
One of the other key issues that emerged from the report was training – both for end users and professionals – to ensure that cybersecurity is not undermined.
Fabrizio Gagliardi, from the Association for Computing Machinery, which represents 15 000 computing professionals in Europe and 100 000 worldwide, agreed that more education and training is vital to ensure that people are aware of their responsibilities.
‘The weakest component very often is the user, the human factor. Of course you need an infrastructure that is well-designed, but you also need educated users. Any student needs to be educated to a minimum in rules or sets of principles because if they don’t learn very early on then … they will have a relaxed attitude towards security, privacy (and) data protection.’
The scientific opinion recommends that the EU works to promote data-literacy education and build people’s awareness on cybersecurity. However, it also cautions against piling blame on users at the expense of creating more secure systems.
‘Calling for knowledgeable and responsible users should not be used as a step towards imparting blame to users for issues beyond their awareness, control or power,’ says the report.
Agustín Reyna, a senior legal officer with the European Consumer Organisation (BEUC), agrees. 'There is a lack of awareness about the risks and there is room for consumer education, clearly. But the responsibility shouldn't be put on the shoulders of the consumer in the sense that providing information is not itself enough to clear from any type of liability the suppliers or the developer.
'There are things that are out of control of consumers in terms of security, particularly in relation to data breaches that happen at service level. We have to work much more on where we define the lines.'
The report also recommends that the EU works to promote lifelong cybersecurity training among professionals and educate systems engineers to develop a security skills base in Europe.
As for next steps forward, Gagliardi says that the important thing is to ensure that the scientific opinion is acted upon.
‘It’s only by keeping hammering the authorities, the policymakers, on the importance of the programme that something will happen. That is one (piece of) advice I could give to SAM – keep insisting. Come back in one year ... and ask: “What have you done to follow our recommendations?” ’
If you liked this article, please consider sharing it on social media.
The independent scientific opinion on cybersecurity in the European digital single market contains a number of recommendations to make it easier and safer for people and businesses to operate online in the EU. It was compiled by drawing on existing scientific reports and literature, consultations with experts and feedback from policy, industry and civil society stakeholders.
The recommendations address making systems more secure, empowering users, strengthening Europe’s cybersecurity industry, and improving the coordination and sharing of information across Europe.
The full report is available here: https://ec.europa.eu/research/sam/index.cfm
The only way for Europe to recover from the coronavirus crisis and build a better future is to work together and the pandemic has made that clearer than ever, according to EU Commissioner Mariya Gabriel. She told Horizon about the biggest impacts of the pandemic on research and innovation and her vision for where EU-funded research is headed.
European governments need to provide investment on a ‘wartime footing’ to stimulate a post-coronavirus economic recovery, but also need to redefine economic success to incorporate climate and social goals, the European Research and Innovation Days conference has heard.
In three decades of diving at locations including the Red Sea and Great Barrier Reef, Gal Eyal has seen coral reefs transform in front of his eyes.
Imagine lying on a green hill watching the clouds go by on a beautiful day. The clouds you’re probably thinking of are cumulous clouds, the ones that resemble fluffy balls of cotton wool. They seem innocent enough. But they can grow into the more formidable cumulonimbus, the storm cloud. These are the monsters that produce thunder and lightning. They are powerful, destructive and intensely mysterious. They may also be getting a lot more common, which makes understanding their workings – and their effects on the human world, including how we construct buildings or power lines – more important than ever.
Scientists are studying past conditions to understand which corals migrated to deeper waters.
A lack of knowledge about thunderstorms means we could be overengineering our tallest buildings.
Dr Kate Rychert studies ocean plate structures.