Sophos designs products to help enterprises of all sizes and types – including businesses, schools, universities, governments, hospitals, and law enforcement agencies – protect and safeguard their valuable IT infrastructure and sensitive data.
Our ethos and development practices prohibit “backdoors” or any other means of compromising the strength of any of our products – network, endpoint or cloud security – for any purpose, and we vigorously oppose any law that would compel Sophos (or any other technology supplier) to intentionally weaken the security of its products.
Recently, encryption technologies that protect trillions of transactions and exabytes of critical digital information every day have been under scrutiny. Encryption has been in widespread use for the last 20 years and provides the foundation for the trust and security of digital and online services that improve the lives of billions of people all over the world.
We agree with the Information Technology Industry Council: “Weakening security with the aim of advancing security simply does not make sense.”
Sophos bases its position on the following principles:
Governments should not undermine the effectiveness of legitimate technology.
No one government has the ability to demand that backdoors be put into reputable security software by every single vendor in the world. Moreover, even if they did, the simple truth is the bad guys will find an encryption or other tool they can use from some other, less reputable vendor (or create their own). The end result is the same: enormous additional risk and vulnerabilities to law abiding citizens, without meaningfully preventing the actions of the bad guys. Backdoors for some would mean backdoors for all, including repressive regimes, malicious insiders, foreign spies, and criminal hackers. Industry experts and non-experts alike with an awareness of the consequences have consistently warned that either outlawing encryption or introducing backdoors in security products will only cause criminals and terrorists to create and use proprietary forms of uncontrolled encryption, subjecting only the law abiding among us to eavesdropping or compromised security.
Encryption protects the fundamental rights individuals should have to privacy and security.
Encryption protects individuals from identity theft, extortion, and political or religious persecution. Backdoors in encryption would undermine freedom of speech and the freedom to conduct our affairs without interference or fear.
Encryption is essential for effective cybersecurity.
In today’s connected society, even with all the sophisticated technology used to defend against online threats, we cannot be protected against cyberattacks without strong encryption. Today’s cyberattacks are becoming more complex, with sophisticated attackers using multiple points of entry and creative, persistent attacks in their efforts to penetrate even top of the line security systems. Encryption is the last line of defense in a holistic cybersecurity strategy that requires multiple layers of protection.
Encryption is vital for our modern, internet-driven global economy.
Strong encryption is essential to the integrity of internet commerce and banking. It protects organizations from industrial espionage and damaging data loss. Ubiquitous, strong encryption ensures consumer trust by preventing online fraud and theft of financial and personal information. Encryption is a key element of the communications technologies that foster economic growth, enable dramatic gains in efficiency and productivity, and expand access to and participation in the global economy. The implementation, enforcement, and management of backdoors would be impractical and enormously costly to technology companies, stifling innovation and harming their competitiveness in the global economy.