The Dutch government has come out decisively in favour of strong encryption with no “back doors”, in contradiction to demands made by British prime minister David Cameron.
Cameron has been pushing for back doors in encryption products that can supposedly only be used by law enforcement to enable them to read secure messages, including text messages, emails and internet traffic. The UK government claims that this is needed to fight terrorists and organised crime.
Privacy and security specialists, however, suggest that even if such back doors are not abused by governments themselves, then they will provide weaknesses that could potentially be exploited by hackers and agencies working for other governments.
The Dutch government has announced that it will oppose such plans, with the Netherlands’ executive cabinet endorsing “the importance of strong encryption for internet security to support the protection of privacy for citizens, companies, the government, and the entire Dutch economy”.
Ard van der Steur, the Dutch minister of security and justice, added in a statement: “The government believes that it is currently not desirable to take legal measures against the development, availability and use of encryption within the Netherlands.”
Weakening encryption, he continued, would expose internet traffic to criminals, terrorists, and other foreign intelligence agencies, rather than enabling law enforcement to protect against such threats.
The strong stance taken by the Dutch government has been widely supported by the IT industry, which is fighting a rear-guard action against government attempts to weaken IT security.
“Dutch security and justice minister Ard van der Steur is correct in asserting that strong encryption is vital to the privacy and security of the entire country,” said Dr Nithin Thomas, co-founder and CEO of secure data transmission software vendor SQR Systems, a spin-out from Bristol University.
He continued: “Creating back doors in encryption technology would just as readily create access for hackers as it would intelligence services, leaving everything from individual financial data to national secrets at risk.
“Rather than pursuing any approach that would make current encryption technology less secure, we must ensure that the organisations and individuals that own the data are able to access and control it themselves. This would enable them to comply with legal needs during investigations and criminal proceedings without compromising security.”
Last month, the Dutch parliament voted to provide €500,000 in funding to the OpenSSL project, the open source implementation of SSL and TLS cryptographic protocols, which are widely used across the internet.
The OpenSSL project hit the buffers in April 2014 when major vulnerabilities in the core software were uncovered by Finnish security company Codenomicon and it was subsequently discovered that the software was being maintained by only a handful of developers.