Tech companies have focused heavily on privacy and security over the past decade and many have rolled out products with improved encryption. Although encryption can come in many forms and varies by product or service, its intent is always to protect data confidentiality. But, not everyone is in favor of strong encryption. The industry has fought hard in recent years to fend off government efforts to implement backdoors in the name of justice and law enforcement.
In his latest column for Help Net Security, WatchGuard’s senior security analyst, Marc Laliberte, argues that these “anti-encryption” measures are too devastating to justify. While you’d be hard-pressed to find a single person against helping governments and law enforcement entities put actual criminals behind bars, the collateral damage of compromising encryption is too great. Here’s a brief excerpt from the story:
“There’s simply no such thing as a “good guys only” backdoor. Eventually, a cyber-criminal will get their hands on the “golden key” or exploit the intentional chink in the armor to break their way in. The NSA losing its stockpile of Windows zero-day vulnerabilities in 2016 should be clear proof that we shouldn’t be so quick to trust government agencies to act responsibly with security.
Organizations rely on encryption to protect their intellectual property. Journalists rely on encryption to protect themselves and their sources from oppressive governments. You can probably imagine the amount of resources a hostile nation state would pour into finding such a backdoor if it existed.
What if we took a step back and examined the encryption debate using a physical safe as an analogy? People use safes to store important documents and items that they want to keep out of the hands of criminals. At the same time, people can also use them to store evidence of crimes. Should safe manufactures be required to intentionally add a weak point to every safe or create a master key? Or should law enforcement be required to go through legal channels to compel owners to give up their keys?”
Read the full article at Help Net Security and for more information security news, commentary and best practices, subscribe to Secplicity here.