Skip to main content
banner image
venafi logo

Who Will Be Responsible for Responsible Encryption Attacks?

Who Will Be Responsible for Responsible Encryption Attacks?

responsible encryption
October 20, 2017 | Emil Hanscom

Sad but true: many government officials have difficulty accepting the importance, and necessity, of encryption. Although it’s a foundational component of every responsible organization, each day seems to bring a new threat to encryption technology from well-meaning, but ill-informed government officials.

The latest attack on encryption tools comes from US Deputy Attorney General Rod Rosenstein. Earlier this month, Rosenstein gave a speech at the US Naval Academy where he admonished private tech companies for using “warrant-less encryption.” Instead, Rosenstein wants organizations to embrace “responsible encryption.”

But what, exactly, is responsible encryption?

“Responsible encryption, according to the lawmakers who demand it, would require companies to create a secret key, or back door, that would make it possible to read coded data,” writes Alfred Ng, a reporter for CNET. “Only the government could access the key, so that with the proper warrant or court order, law enforcement could read through messages. The key would be kept secret—unless hackers stole it in a breach.”

Not only does Rosenstein believe responsible encryption exists, he insists that it allows organizations to keep their communications private and provide government access at the same time. “Responsible encryption can protect privacy and promote security without forfeiting access for legitimate law enforcement needs supported by judicial approval," he said in his speech. 

Cyber security experts, however, are skeptical of Rosenstein’s remarks. Many believe his concept of responsible encryption is simply wishful thinking.

“Tinkering with encryption is like trying to fly a plane without understanding the basics of lift and gravity: it’s a terrible idea, and will cause a lot of unintended damage” said Kevin Bocek, chief security strategist for Venafi. “We have no reason to believe that law enforcement can to a better job at stopping cyber criminals than a bank with legions of security professionals. It’s simply impossible for there to be any kind of ‘good’ backdoor which will only be available to law enforcement, and not to cyber attackers.”

Ultimately, we need to call “responsible encryption” for what it really is: the desire for government mandated backdoors. Sadly, Rosenstein’s comments represent a continued disconnect between security professionals and government officials. And this mistrust can have disastrous results.

For example a recent Venafi survey revealed that 91% of the security professionals believe cybercriminals could take advantage of government-mandated encryption backdoors. In addition, 72% do not believe that encryption backdoors would make their nations safer from terrorists.

The question bears repeating: how can we educate our government officials about the dangers of encryption backdoors?

After all, the next government comment that threatens encryption is just around the corner. And, who knows if that threat may be acted upon, whether we like it or not.

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Emil Hanscom
Emil Hanscom

Emil is the Public Relations Manager at Venafi. Passionate about educating the global marketplace about infosec and machine-identity issues, they have consistently grown Venafi's global news coverage year over year.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more