We all know that people running for political office will make many promises that they have no intention of ever fulfilling. But a key battleground of the recent US presidential election was related to cybersecurity: Hillary Clinton’s emails, the FBI versus Apple, hacking the Democratic National Party and more. So what does the Trump administration mean for enterprise security, and the cybersecurity industry?
“So we have to get very, very tough on cyber and cyber warfare,” is the closest we got from Trump during debates. But given his vocal position on forcing Apple to crack the encrypted iPhone used by the San Bernardino shooter, it’s not unreasonable to expect him to support the forced inclusion of back doors in encrypted software and devices for the benefit of US law enforcement. Similarly, his choice for attorney general probably wouldn’t have been the IT sector’s first choice. Senator Jeff Sessions has disagreed with Silicon Valley companies on a range of cybersecurity issues, in particular mandates for encryption backdoors.
Backdoors to security solutions have become an increasingly contentious issue in recent years. We’ve previously published articles on the topic, explaining how we’re no longer just dealing with legitimate court orders for surveillance, which lead to a clearly documented process through ISPs, telcos or network operators. Now, large-scale, government-sponsored surveillance projects like PRISM have been uncovered.
Backdoors to encryption and other security offer law enforcers a legitimate way of investigating suspected criminal activity – but they also offer malicious parties a potential open door for carrying out such activity. If cybercriminals are able to identify and access such backdoors, then they can potentially get in and out of a network without alerting security tools or leaving any trace of their actions. This isn’t the same as criminals identifying an accidental vulnerability and taking advantage of it. Backdoors undermine the careful fabric of trust on which all cybersecurity is built, and they take power away from the businesses and individuals that have installed such security solutions in good faith.
It remains to be seen exactly what impact the Trump administration will have on cybersecurity, but it seems more than feasible, based on statements made so far and the known views of the new attorney general, that technology companies could be forced to install backdoors in their security solutions – and as a result cause irreparable damage to the fragile relationships of trust on which cybersecurity relationships are built.
This is why, as we have publicly stated, Clavister will never install backdoors in any of our solutions, for any reason. As a Swedish company, it is vital for us to be able to demonstrate complete freedom from any form of governmental control over our products – our customers’ trust depends on it.