Skip to main content
banner image
venafi logo

The Encryption Contradiction: Key Players Fight on Both Sides [Encryption Digest 40]

The Encryption Contradiction: Key Players Fight on Both Sides [Encryption Digest 40]

war on encryption
May 7, 2020 | Katrina Dobieski


Major players take sides in the encryption debate, and not uncommonly, both sides. While it remains to be seen if encryption itself will come down on the side of big business, consumer rights, government oversight or cyber criminals, everyone has some skin in the game and is out to play. The work-from-home landscape has only added to the melee, so we’re re-including some quick tips to stay safe. Also, find out what the future could hold for medical deployment as more of our lives are given to new technology—and the IoT has yet to be regulated. Encryption becomes the unexpected juggernaut between what we have and what we want, and at a time when it couldn’t be more important, it’s being tugged at both ends.

 

 

The Encryption Contradiction: Key Players Fight on Both Sides

 

Pick a side, any side.


This time five years ago saw now-FBI Director Christopher Wray litigating on behalf of Facebook, and all the privacy issues surrounding it. While details have been less than forthcoming, what can be pieced together is that WhatsApp (owned by Facebook) had some sort of run-in with the US government over the matter of user data privacy, and Wray argued for Facebook, as an attorney of the hired firm King & Spalding.
 

Interestingly, three years ago Senator Richard Blumenthal launched the Consumer Privacy Protection Act, along with Senator Patrick Leahy (D-Vt.), who was quoted to say that privacy /data security “is about protecting our privacy and even our national security.” Now Senator Blumenthal backs the anti-encryption, anti-privacy bill known as the EARN IT Act.
 

King & Spalding argued for WhatsApp in the little-known privacy debacle, and now represent NSO group, an Israeli cyber-arms dealer who was once accused of hacking WhatsApp in a Facebook-filed lawsuit. Facebook is now arguing that because King & Spalding once represented them, and necessarily “involved the provision and exchange of WhatsApp’s highly confidential information,” there would be some “serious ethical concerns for their representation of NSO today.”
 

With all the twisted lines of an incestuous Greek tragedy, it could be said that another one of the hush-hush issues of American politics and power is becoming user data encryption.
 

While companies fight for our data, the public sector pushes back. Rallying again for private-sector oversight, the Democrats pushed through a privacy agenda backed by Senators Diane Feinstein (D-Calif.) and Richard Blumenthal (D-Conn.), which included the COPRA Act, late last year. Said Senator Blumenthal, “I know from having fought for stronger privacy protection over decades, federal action is woefully overdue and urgently necessary now." Incidentally, both senators are also behind the EARN IT Act, an attempt to legislate government mandated backdoors.

On the surface, quite the dilemma.


Senator Richard Blumenthal, supporter of both the COPRA and EARN IT Acts 

While it may seem like a contradiction that Senators Feinstein and Blumenthal are simultaneously fighting to support and oppose encryption, the key lies in who holds it—literally the encryption key.

 

Legislation like the Consumer Privacy Protection Act belies a mistrust in public entities, while the EARN IT act seems to advocate for more data control in the hands of government. One could easily support both and be vying for the same thing.


In either event, encryption is still being pulled both ways, by both sides, and we hope it won’t break.
 

With data surpassing oil in value (old news), what’s left to decide is who gets it—and how much.
 

Three years ago, that might have been the private sector. Today, it’s up for debate. Consumers have yet to realize their potential as “wealth holders”, but there’s no denying the issue will be argued. Potentially, by the same lawyers.

Related Posts:

 

Hide Your Kids, Hide Your WIFI: WFH Encryption Challenges


The work from home landscape may seem like a bleak no-man's-land of new crypto threats and cyber mines. But, it’s not without hope. If properly used (i.e., if used) encryption was made for moments like this.
 

The Challenges

  • Data comingling: We email our family, chat our bosses, facetime doctors and access sensitive work information over the same internet connection, on the same devices, with basic home provisions. Time to upgrade?
     
  • Personal IP addresses looking to authenticate: Existing networks will have a lot of new and often personal IP addresses standing in line waiting for authorization. The foot traffic alone will draw a lot of unwanted eyes, so keep in mind that cybercriminals could be lurking in the unencrypted abyss. Until all internet highways and byways are secure (we’re still trying to push for unilateral HTTPS here), companies might want to start looking into more encrypted options.
     
  • Infrastructure Providers have a special burden: With the whole world relying on the internet, who does the internet rely on? While this hasn’t changed from at-office days, the landscape certainly has. Black hats need only find one weak link in the employee chain of IBM, AT&T or any number of internet infrastructure companies and the fragility of the system reveals itself. What is sent carelessly over an unencrypted channel could have dire consequences.
     

This global work-from-home situation could be encryption’s finest hour. Ironically, it’s also its most vulnerable. The past few months have been a field day for cyber attackers, and bills like the EARN IT act threaten to weaken the encryption that could save us. While transitioning to a more mobile work force, let’s make sure moving one step forward doesn’t bring us two steps back.

Related Posts:


 

Medical Implants: Yet Another Reason to Encrypt the IoT

 

We’ve mentioned encryption safety on the home front, but upon reemergence from crisis mode, the IoT will likely be one of the industries to thrive. Not surprisingly, how we take our medicine might be an interest of top concern.
 

Daré Biotech is pushing the bounds in IoT technology, releasing a microchip drug “designed to store and precisely deliver hundreds of therapeutic doses over months or years in a single implant.”
 

The Bill and Melinda Gates Foundation backed firm can implant a device within patients that releases pre-stored contraceptives from the chip into the body. According to the website, “The implant is intended to be operated by the patient to deliver medication on demand or on a pre-determined schedule that can be activated or deactivated wirelessly, as required.”


Bill Gates, Founder of the Bill and Melinda Gates Foundation that funded the Daré Biotech microchip project

 

Wireless control of in-body contraceptives is just one reminder of how crucial encryption is to the upcoming wave of IoT devices—and an eye-opener to the new landscape.
 

As Venafi’s CEO Jeff Hudson explains, securing devices is not just about smart doorbells; as machines take over more of our integral tasks (even bodily functions), the stakes become higher.
 

 

 

We’ve seen IoT medical devices before, and as we covered in our story of remote-controlled insulin pumps, encryption levels on these machines have yet to be standardized or regulated. In a worst-case scenario, the unencrypted wireless connections of these devices were breached, showing the potential for hackers to injected potentially lethal amounts of insulin into the patient. Drug-releasing microchips connected to wireless networks would need to be under the same scrutiny.
 

And far better encryption.
 

As the IoT landscape evolves to include human health, encryption the machine identities of every device becomes not only a matter of protocol, but of life and death.
 

Related Posts:



 

Like this blog? We think you will love this.
microsoft-office-macro-ban-backtrack
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more