Two reports show potential dangers of encryption backdoors. Two reports released in the past week have revealed what most of us had already suspected: that police officers, no matter the country, will abuse their rights and access or keep sensitive information on people who have not yet committed a crime or have not been charged with one officially.
The Associated Press has revealed the first of these two cases, citing a report released yesterday by an independent police monitoring agency that has been keeping an eye on the actions of the Denver city police.
US officers abuse national database for personal reasons
The report shows that, in the past ten years, over 25 Denver police officers have illegally accessed the National Crime Information Center (NCIC) database, which keeps information on US citizens, personal details, and criminal records.
The report cites incidents when police officers used this database for personal reasons, such as to learn a woman’s phone number, run license plates for friends, or even gather intel before the officer themselves committed a crime.
The independent monitoring has agency has also revealed that no officers have been charged for their actions, and that in the past ten years, no policeman has received a penalty harsher than a three-day suspension.
UK police officers forget to delete biometrics data
The second report on police officers abusing their powers, or more accurately, misusing sensitive electronic information, comes from the UK, where the Biometrics Commissioner has released his annual report.
The commissioner notes that British police is not following normal procedures regarding biometrics data, such as fingerprints and DNA evidence.
Once a suspect is released from police custody without being charged or without being placed on bail, UK police procedures dictate that the biometrics data collected on the suspect must be deleted.
Even if the suspect continues to be under an official investigation, if no charges have been filed, this data must be deleted. If police officers want to keep the biometrics data, they have to follow a certain procedure to do so.
The commissioner says that UK police officers are not following this procedure and have built a database of illegally acquired biometrics information, which they are now using within their investigations.
Since this database is set to automatically delete biometrics data, Britain’s Biometrics Commissioner says that police officers have rigged their system in order to retain that information.
Do you still want encryption backdoor?
With the Apple vs. FBI debate still raging on, and with authorities in the US and some other European and Asian countries still thinking about requiring encryption backdoors, these two reports highlight the dangers of such procedures.
So-called key escrow systems, where law enforcement will have a copy of the encryption key were considered unsafe because they could have allowed a hacker to steal a key and then compromise the entire encryption channel.
These two reports are now also showing that the investigators’ human nature will also play a key role. If an encryption backdoor is provided, then there’s nothing standing in the way of a rogue police officer abusing this power.
With many government watchdog agencies in the US decrying the militarization of police forces, giving law enforcement, at any type of level, access to encrypted communications seems like the wrong thing to do right now.