As the Apple vs. FBI debate rages on, authorities in several countries across the world are pondering over the legal and other complications associated with enforcing mandatory encryption backdoors on device manufacturers. However, two new reports have emerged now that almost explicitly highlight the intrinsic risks associated with any such move by the government.
Released last week, both these reports shed light into the bitter reality that the vast majority of the general public had always feared for: that law enforcement agencies, regardless of where they are from, almost always end up abusing their power when it comes to accessing or storing sensitive personal info on people who are yet to commit a crime and/or haven’t been officially charged yet.
The findings of one of these two reports, first revealed by the Associated Press, is based on the observation of the modus operandi of the Denver city police by an independent police monitoring agency.
The report shows that as many as 25 or more Denver police officers had illegally access the National Crime Information Center (NCIC) database in the past 10 years. The NCIC database keeps personal details, criminal records and other info on US citizens.
What’s even more worrying is the fact that some of these police officers had accessed the database for personal reasons such as learning a woman’s phone number, or to gather intelligence before they themselves committed a crime. None of these officers were, however, charged for their actions.
The second report, meanwhile, highlights how police officers in the UK were found misusing sensitive electronic information. According to this annual report (PDF) submitted by the Biometrics Commissioner’s office, the British police was not following the standard procedures with regard to biometrics data such as DNA evidence and fingerprints.
Worse still, some of the police officers had illegally acquired biometric information which they later conveniently used in their investigations.
Both these reports essentially back the skepticism expressed by many security experts as well as ordinary citizens that encryption backdoors could eventually lead to mass infringement of privacy and security. For example, the so-called key escrow systems that allow law enforcement agencies to have a copy of the encryption key could allow cyber criminals to steal a key and subsequently compromise the entire encryption channel.