Skip to main content
banner image
venafi logo

More than Two Sides to the Encryption Debate

More than Two Sides to the Encryption Debate

encryption debate
February 8, 2018 | Guest Blogger: Bob Covello
Have you stayed up to date with the ongoing debate about the encryption “problem”?

On the surface, it is a relatively simple argument. On one side, the government wants to have access to a “master decryption key” to solve the problem of spies and terrorists who communicate using encrypted messages. On the other side, the citizenry wants to preserve encryption because it protects all of our online transactions, and sometimes we like to share a private message as well.

Well, that was easy, wasn’t it?

Unfortunately, there are more than two sides to this story. As an example, consider these additional options to add to the debate:

Citizens who believe that they have nothing to hide, so they do not have to encrypt anything. Clearly, that is a position that has not been very well thought-through by those who hold it. None of these well-intended upstanding citizens would want their tax returns, banking transactions, or medical records transmitted or stored in clear text. When put in those terms, it is easy to dispense with this “nothing to hide, therefore, nothing to fear” conversation.

Another side to consider is the contradictory nature of governments who want a backdoor into encryption, yet seek to protect privacy at the same time. Germany is proceeding to pass legislation for encryption backdoors on all new devices, yet the German data protection agency has previously ordered Facebook to stop collecting WhatsApp user data.

Of course, yet another side is the one used by the criminals to protect their secret, nefarious plots.

The true problem with the entire debate is that it is difficult, if not impossible to separate the idea of privacy and encryption. If we remove technology from the equation, the problem is illuminated in a slightly different manner.

In most civilized nations, the government may only infringe on a person’s privacy under very controlled circumstances. One circumstance is the case where a person has no reasonable expectation of privacy. Two people plotting a crime on a crowded commuter train should not expect any privacy. However, a person expects privacy in his own home, and governments are prohibited from violating that right without a court order, warrant, or other official authorization.

Let’s imagine a hypothetical situation where the government is looking for a document in my home, yet I keep this important document written in code. Would that give them the right to demand the decryption key? Why is it any different when the conversation is moved into the digital realm? The last time I checked, I am not involved in any criminal enterprise, but that is not the reason I use encryption.

As I mentioned in a previous blog post: The privacy afforded through encryption is not a new development of the internet and it should not be treated as such. Encryption has been used in peace and war since the beginning of time, and civilization has moved forward despite the use of encryption.

The most salient argument that can be made is that even if the government is given a backdoor to the widely used encryption methods, the folks who want to subvert those efforts will create a new encryption algorithm free of that backdoor. Crime fighting is definitely a bit tougher in this digital age, but it is not impossible. Overcoming encryption is only one piece of the crime-fighting puzzle. Maintaining privacy is a broader and more important concern. Can the debate be shifted more towards strengthening privacy rather than weakening encryption?

Related blogs

Like this blog? We think you will love this.
Featured Blog

What Is Encryption Key Management?

Why Is Key Manag

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Bob Covello
Guest Blogger: Bob Covello

Bob Covello is a 20-year technology veteran and InfoSec analyst with a passion for security topics.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more