​Open source encryption? Now Netherlands votes to help fund security projects

In what some might see as swimming against the political mainstream, the Netherlands parliament has just decided to back open-source web security with hard cash.

password encryption

Dutch MP Kees Verhoeven: "Encryption allows private communication ... and enables journalists, researchers, lawyers and others ... to protect their sources, customers or partners."

Image: Shutterstock

While November's Paris attacks prompted US and European governments to revisit the debate over back-door policies to soften data encryption, the Netherlands lower house has voted to fund projects to strengthen it.

In total, the Dutch lower house agreed to spend €500,000 ($547,000) to support the open-source OpenSSL, LibreSSL, and PolarSSL web-security projects.

A security back-door policy would require websites to give governments a way of accessing otherwise encrypted data. But this new spending project signals that the Netherlands is more interested in improving existing security tools than developing new ways of weakening them.

Kees Verhoeven, who sponsored the bill, believes better data encryption is essential for protecting people's basic right to privacy.

"Encryption allows private communication ... and enables journalists, researchers,lawyers and others ... to protect their sources, customers or partners," Verhoeven told the Dutch cybersecurity website Security.NL.

david gewirtz

Encryption is not the enemy

A 21st century response to terror

Read More

OpenSSL is the security protocol that developers use to protect internet users from data theft. It is an open-source project that provides web developers the coding tools to implement the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) security protocols as well as a coding library that creates crypto-tools.

LibreSSL and PolarSSL also provide libraries with code to implement TLS and SSL protocols, and developers can use these as alternatives to OpenSSL. All three projects rely on volunteers to maintain the open-source coding libraries, and donations, like the one that the Dutch lower house has agreed to give, sustain their work.

OpenSSL's widespread popularity can make websites more vulnerable to cyberattacks. Most mainstream websites use OpenSSL, like Pinterest, and Tumblr, who were attacked by the Heartbleed bug last year.

The same code secures Facebook's and Twitter's sites. Once familiar with infiltrating one site's OpenSSL setup, hackers could replicate the damage on other sites that implement OpenSSL.

Supporting work on alternative projects, such as LibreSSL and PolarSSL, can prevent Heartbleed-like attacks by preventing developers from using a homogeneous solution for protecting data.

Read more about encryption