An EU-wide ban on so-called backdoors in software would reduce pressure on companies to allow governments a secret way into a system, as well as strengthen cybersecurity across Europe, according to a digital industry body.
Backdoors are ways of bypassing normal authentication processes in software, which allow people to gain access to users’ data.
Alex Whalen, a senior policy manager at Digital Europe, a membership organisation representing the digital technology industry, says that companies often come under pressure from governments to provide backdoors or decryption keys in their products.
‘Understandably, from the point (of view) of government, there’s a lot of concern about being able to protect society and the barriers they face with encryption technology,’ he said. ‘But that’s something that our members don’t want to budge on at all, they don’t want to provide backdoors or give keys or in any way weaken encryption.’
He was speaking in response to an independent scientific opinion about how to shore up cybersecurity in Europe, which was published on 24 March by the EU’s Scientific Advice Mechanism (SAM). In it, the authors – a selection of leading European scientists from a range of disciplines – recommend that ‘neither backdoors nor other ways of weakening encryption should be introduced’.
The report said a general no-backdoor policy could be crucial to small businesses, who may find it hard to resist government-mandated backdoors and could easily lose trust and customers as a result.
‘If you start weakening encryption or you provide backdoors … hackers will find a way to utilise those backdoors.’
Alex Whalen, Senior Policy Manager, Digital Europe
Whalen also points out that the deliberate bypassing of authentication would, in fact, decrease security. ‘If you start weakening encryption or you provide backdoors, although the intention might be great and positive for the government, hackers will find a way to utilise those backdoors. For companies that’s certainly something they … can’t allow for their customers.’
The recommendation was one of 10 coming out of the report, which covered issues of data protection and privacy as well as cybersecurity. It does not recommend specific policies, but rather is designed to be used as a basis for updating the EU’s cybersecurity strategy, the current version of which dates from 2013.
An updated policy is considered critical to complete the EU’s digital single market to allow digital companies to operate across borders by removing regulatory barriers.
One of the other key issues that emerged from the report was training – both for end users and professionals – to ensure that cybersecurity is not undermined.
Fabrizio Gagliardi, from the Association for Computing Machinery, which represents 15 000 computing professionals in Europe and 100 000 worldwide, agreed that more education and training is vital to ensure that people are aware of their responsibilities.
‘The weakest component very often is the user, the human factor. Of course you need an infrastructure that is well-designed, but you also need educated users. Any student needs to be educated to a minimum in rules or sets of principles because if they don’t learn very early on then … they will have a relaxed attitude towards security, privacy (and) data protection.’
The scientific opinion recommends that the EU works to promote data-literacy education and build people’s awareness on cybersecurity. However, it also cautions against piling blame on users at the expense of creating more secure systems.
‘Calling for knowledgeable and responsible users should not be used as a step towards imparting blame to users for issues beyond their awareness, control or power,’ says the report.
Agustín Reyna, a senior legal officer with the European Consumer Organisation (BEUC), agrees. 'There is a lack of awareness about the risks and there is room for consumer education, clearly. But the responsibility shouldn't be put on the shoulders of the consumer in the sense that providing information is not itself enough to clear from any type of liability the suppliers or the developer.
'There are things that are out of control of consumers in terms of security, particularly in relation to data breaches that happen at service level. We have to work much more on where we define the lines.'
The report also recommends that the EU works to promote lifelong cybersecurity training among professionals and educate systems engineers to develop a security skills base in Europe.
As for next steps forward, Gagliardi says that the important thing is to ensure that the scientific opinion is acted upon.
‘It’s only by keeping hammering the authorities, the policymakers, on the importance of the programme that something will happen. That is one (piece of) advice I could give to SAM – keep insisting. Come back in one year ... and ask: “What have you done to follow our recommendations?” ’
If you liked this article, please consider sharing it on social media.
The independent scientific opinion on cybersecurity in the European digital single market contains a number of recommendations to make it easier and safer for people and businesses to operate online in the EU. It was compiled by drawing on existing scientific reports and literature, consultations with experts and feedback from policy, industry and civil society stakeholders.
The recommendations address making systems more secure, empowering users, strengthening Europe’s cybersecurity industry, and improving the coordination and sharing of information across Europe.
The full report is available here: https://ec.europa.eu/research/sam/index.cfm
Artificial intelligence (AI) and cyber security should be priorities in future EU industrial research policy in order to reinvigorate industry and recover jobs that have been lost abroad, according to Professor Jürgen Rüttgers, a former research minister in Germany.
A team of experienced science divers has created the world’s first submersible touchscreen for a tablet computer, whose applications are already helping marine scientists, law enforcement, explorers and other professionals toil beneath the waves and could usher in a new era of underwater ICT.
In 1984, after HIV was identified as the cause of AIDS, the US secretary of health, Margaret Heckler, declared a vaccine would be found within two years. Reports of a mysterious virus predominantly affecting gay men had been growing across the US and, with awareness rising, the World Health Organization had held its first conference to address the global situation earlier that year. But there was still little understanding of how the disease evolved and spread.
From droughts and forest fires to floods and big freezes, extreme weather events are on the rise. But to what extent are these linked to climate change? Just months before the world’s first wind monitoring satellite enters orbit, scientists have finalised a climate model with exceptional resolution, and the new tools will help identify how climate change impacts weather-related natural disasters like storm surges, hurricanes and heatwaves.
Two teams of scientists are racing to develop effective prevention.
Scientists are exploring the link between severe weather and climate change.
Co-author of Stephen Hawking's final paper talks about how their work goes beyond Einstein.