Skip to main content
banner image
venafi logo

The War on Encryption: Who Decides What ‘Private’ Really Means?

The War on Encryption: Who Decides What ‘Private’ Really Means?

war on encryption
April 19, 2018 | Guest Blogger: Hywel Curtis

The extent to which private communications, particularly encrypted personal devices and messages, should remain so under certain circumstances is an intensive area of debate between government and industry.

Many on the government side believe that limiting privacy by creating an ‘encryption backdoor’ to access a device’s protected data will help them make citizens safer. It is believed that if law enforcement personnel can exclusively access private messages and devices during investigations, then they will be able to prosecute more effectively and better prevent further crimes or attacks.

German lawmakers have been pushing forward legislation, partly motivated by an increase in terrorism, demanding a form of backdoor in any smart, encrypted device; from mobile phones to driverless cars. Likewise politicians in the US and Australiahave argued for manufacturers to enable decryption processes that could be carried out by officials following the appropriate legal permissions being granted.

On the surface the arguments in favour of encryption backdoors often seem reasonable, but many manufacturers and cybersecurity experts make the case that their very existence would actually reduce the overall security of device owners. It is believed that some politicians and law enforcement actors don’t fully understand exactly how backdoors work, and the risks they bring, and simply see them as the most convenient solutionto a challenging problem.

Many in the cybersecurity industry believe that it is very difficult, if not impossible, to create a backdoor that onlygovernments can access. Instead, they argue that it is privacy itself that provides greater safety, and that backdoors would make tempting targets for hackers to try and exploit, either directly or via the government operatives or systems holding the keys.

Also, the ability of government agencies to keep these keys secure has been called into question. Both the CIA and NSA suffered breaches of their own hacking toolsin 2017, and it’s been shown that government officials don’t personally always follow the best security practices. Stories about Hillary Clinton’s controversial email use and the multiple accusations of Russian-directed email hacking in the US hardly need re-stating, but MPs in the UK have also admitted to poor cybersecurity practices such as sharing computer logins with staff.

In addition, some fear that it isn’t just carelessness or attacks by hackers that could lead to encryption backdoors being compromised, but that intelligence agencies or government actors could intentionally abuse the capabilities.

Although backdoor proponents argue that they would never be used without a court order many critics are sceptical whether this standard would realistically be maintained, particularly in politically-sensitive investigations or espionage. They also point out that investigators can already collect a lot of information by using warrants to access social media accounts or data held by ISPs.

And the support for backdoors by government actors is by no means universal; the European Commission (EC) for example is so far siding with industry in the debate, advocating that determining the meaning of privacy should be down to the individual. The EC has said that using backdoors weakens the general security of cyberspace, though they have proposed that member states share information on how to crack encrypted devices.

With all of these issues in play it seems that the debate over who defines privacy will run and run, with tragic events such as the Sutherland Springs and San Bernadino mass shootingsoccasionally thrusting it back into the public spotlight. Ultimately an increase in understanding and engagement on both sides is needed for effective cybersecurity solutions to be developed; solutions that value both safety and privacy. And that will work in the real world.

Hywel Curtis is an experienced communications consultant and content strategist based in the UK. He specialises in helping businesses in the science and technology sectors around the world to grow and develop through better communication. Hywel is on Twitter here

Related blogs

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

cyber spider on keyboard

Beware of Cyber Attackers “Living off the Land”

internet of things, iot, malware, data protection, shadow iot

How to Secure Your Company’s Shadow Internet of Things (IoT)

Automated Security Internet of Things

Why You Need Automated Security for the Internet of Things (IoT)

About the author

Guest Blogger: Hywel Curtis
Guest Blogger: Hywel Curtis

Hywel Curtis is an experienced communications consultant and content strategist based in the UK. He specialises in helping businesses in the science and technology sectors around the world to grow and develop through better communication.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more