Skip to main content
banner image
venafi logo

Security vs. Encryption: Do Governments Know Enough to Decide?

Security vs. Encryption: Do Governments Know Enough to Decide?

government encryption control debate
November 28, 2017 | Guest Blogger: Matt Pascucci

Why are government officials who know next to nothing about encryption so eager to mandate encryption backdoors?

The ability for law enforcement or governments to access encrypted data to assist with ongoing investigations is a debate taking center stage in the media yet again. Both policy makers and law enforcement officials have called to weaken encryption in efforts to ease their burden when investigating criminals or people of interest. The concern then comes into play that by weakening the encryption on a device it also introduces the risk of malicious acts being directed to similar technology from a more nefarious perspective. Once a backdoor is created within the encryption an individual no longer has any expectation of privacy moving forward.

Policy makers are openly debating against the use of encryption on our devices and we recently heard Amber Rudd, UK’s home secretary, state that, “I don’t need to understand how encryption works to understand how it’s helping the criminals.” When officials in a place of authority, who have decision making or influencing power, make similar statements about encryption we in the security industry need to assist from an educational standpoint.

Yes, there are malicious people using encryption for illegal acts and there will always be individuals bending technology for their own mischievous purposes. This, however, doesn’t mean we should remove the ability to protect ourselves and is exactly the reason why putting a backdoor into encryption is a bad idea.

There are exponentially more people using encryption to protect themselves and their privacy from being subjected than those looking to harm others. We put bolt locks on doors to keep out those we don’t want to enter. If criminals are using bolt locks to prevent law enforcement from entering, it’s not the locks fault.

We, as citizens, should strive towards embracing privacy as a human right. Privacy is a liberty and encryption is a way of enabling it. Allowing a government or law enforcement the ability to bypass these privacy-enabled features allows them to forever have the access to a person's private life.

Many people take the approach that they’re not a criminal and have no reason to hide anything. This is the wrong side of the debate to stand on. You don’t need to be a criminal to want or need encryption. When allowing such intrusive power into your personal data and devices to an authority is making the assumption that these authorities won’t abuse their power, or have their access compromised.

We’ve seen malicious regimes in government today and in the past, like the Stasi, that made it their purpose to spy on their citizens. Once power is given it’s historically very difficult to have it taken back. If a key was given to allow others to access the data of another there’s no guarantee that this key won’t be accessed by a malicious third party.

We can look at the examples of both the NSA and CIA having their hacking tools breached in the past year. By allowing government authorities this level of access they’ll be under constant attack for this key or another method of bypassing encryption to numerous people. The past track record of governments holding sensitive data and abusing their access is far from stellar. This also assumes that governments or regimes won’t in time change ideologies to allow more intrusive clandestine operations.

By giving up our privacy it doesn’t automatically make us more secure. The influx of privacy and security is consistently at play and we should first look at other ways to achieve the same goals before we start looking to punch holes into encryption. We’ve seen multiple cases call for Apple to assist with breaking into their phones, but the government can still gather much of this data with warrants to the ISPs and social media accounts on the person of interest.

With this being said, the misconception that encryption is a major factor limiting investigations is misleading. By allowing a backdoor into encryption it would cause more harm than it would help and the privacy of data and lives, depending on what country you live in, would be put at risk.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

IoT and machine identities

IoT and Machine Identity Protection: Getting Smarter about Securing Smart Technologies

About the author

Guest Blogger: Matt Pascucci
Guest Blogger: Matt Pascucci
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat