Skip to main content
banner image
venafi logo

Is the War on Encryption a Fight Between Privacy and Safety?

Is the War on Encryption a Fight Between Privacy and Safety?

war on encryption
January 31, 2018 | Guest Blogger: Kim Crawley

In regards to a recent shooting in Texas church, United States Department of Justice Deputy Rod Rosenstein said that consumer encryption that blocks law enforcement “costs a great deal of time and money. In some cases, it surely costs lives. That is a very high price to pay.”

If you believe the claims of government officials when they say encryption “surely costs lives,” you have to trust that the government always has your best interests in mind. History has demonstrated that they don’t, and George Orwell is rolling in his grave.

The FBI tried to make Martin Luther King Jr. kill himself. American Immigration and Customs Enforcement regularly destroys the lives of ordinary and harmless people. Edward Snowden’s revelations revealed that the NSA has spied on millions of people for no good reason. Individuals and enterprises need strong encryption to protect their rights and privacy from possibly hostile parties which includes cyber criminals, other companies, and government agencies. The US Department of Justice doesn’t like that. Knowledge is power and they want all the power they can get.

Trying to catch a mass murderer is actually a noble thing for law enforcement to do. But even if everything that governments and law enforcement agencies try to do was equally noble, individuals still need strong encryption, even if it poses a barrier to cops. Weakening cryptographic systems for law enforcement, such as sharing keys or developing software backdoors, weakens encryption for all purposes. Bruce Schneier said it best:

“When it's done right, strong encryption is unbreakable encryption. Any weakness in encryption will be exploited — by hackers, criminals, and foreign governments. Many of the hacks that make the news can be attributed to weak or — even worse — nonexistent encryption.

The FBI wants the ability to bypass encryption in the course of criminal investigations. This is known as a ‘backdoor,’ because it's a way to access the encrypted information that bypasses the normal encryption mechanisms. I am sympathetic to such claims, but as a technologist I can tell you that there is no way to give the FBI that capability without weakening the encryption against all adversaries as well. This is critical to understand. I can't build an access technology that only works with proper legal authorization, or only for people with a particular citizenship or the proper morality. The technology just doesn't work that way. 

If a backdoor exists, then anyone can exploit it. All it takes is knowledge of the backdoor and the capability to exploit it. And while it might temporarily be a secret, it's a fragile secret. Backdoors are one of the primary ways to attack computer systems.”

The war on encryption isn’t a fight between privacy and safety. It’s a fight between privacy for safety and governments wanting more power. When governments and law enforcement agencies are able to spy or search with greater ease, benefitting ordinary people is only occasional and perhaps coincidental.

Encrypt everything you can. I encrypt my hard drives and my phone. I visit HTTPS websites instead of HTTP websites. I use a VPN. Enterprises, politicians, and ordinary citizens must fight to maintain our access to cryptographic technology. Don’t listen to parties which may not have your best interests in mind, who try to seduce you with fear.

“They who can give up essential Liberty to obtain a little temporary Safety, deserve neither Liberty nor Safety.” - Benjamin Franklin

Related blogs

Like this blog? We think you will love this.
Featured Blog

What Is Encryption Key Management?

Why Is Key Manag

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Kim Crawley
Guest Blogger: Kim Crawley

Kim Crawley writes about all areas of cybersecurity, with a particular interest in malware and social engineering. In addition to Venafi, she also contributes to Tripwire, AlienVault, and Cylance’s blogs. She has previously worked for Sophos and Infosecurity Magazine.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more