Skip to main content
banner image
venafi logo

Who Will Be Responsible for Responsible Encryption Attacks?

Who Will Be Responsible for Responsible Encryption Attacks?

responsible encryption
October 20, 2017 | Eva Hanscom

Sad but true: many government officials have difficulty accepting the importance, and necessity, of encryption. Although it’s a foundational component of every responsible organization, each day seems to bring a new threat to encryption technology from well-meaning, but ill-informed government officials.

The latest attack on encryption tools comes from US Deputy Attorney General Rod Rosenstein. Earlier this month, Rosenstein gave a speech at the US Naval Academy where he admonished private tech companies for using “warrant-less encryption.” Instead, Rosenstein wants organizations to embrace “responsible encryption.”

But what, exactly, is responsible encryption?

“Responsible encryption, according to the lawmakers who demand it, would require companies to create a secret key, or back door, that would make it possible to read coded data,” writes Alfred Ng, a reporter for CNET. “Only the government could access the key, so that with the proper warrant or court order, law enforcement could read through messages. The key would be kept secret—unless hackers stole it in a breach.”

Not only does Rosenstein believe responsible encryption exists, he insists that it allows organizations to keep their communications private and provide government access at the same time. “Responsible encryption can protect privacy and promote security without forfeiting access for legitimate law enforcement needs supported by judicial approval," he said in his speech.

Cyber security experts, however, are skeptical of Rosenstein’s remarks. Many believe his concept of responsible encryption is simply wishful thinking.

“Tinkering with encryption is like trying to fly a plane without understanding the basics of lift and gravity: it’s a terrible idea, and will cause a lot of unintended damage” said Kevin Bocek, chief security strategist for Venafi. “We have no reason to believe that law enforcement can to a better job at stopping cyber criminals than a bank with legions of security professionals. It’s simply impossible for there to be any kind of ‘good’ backdoor which will only be available to law enforcement, and not to cyber attackers.”

Ultimately, we need to call “responsible encryption” for what it really is: the desire for government mandated backdoors. Sadly, Rosenstein’s comments represent a continued disconnect between security professionals and government officials. And this mistrust can have disastrous results.

For example a recent Venafi survey revealed that 91% of the security professionals believe cybercriminals could take advantage of government-mandated encryption backdoors. In addition, 72% do not believe that encryption backdoors would make their nations safer from terrorists.

The question bears repeating: how can we educate our government officials about the dangers of encryption backdoors?

After all, the next government comment that threatens encryption is just around the corner. And, who knows if that threat may be acted upon, whether we like it or not.

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

man sitting on chair and thinking

Venafi Study: Are Financial Service Organizations More Likely to Suffer Certificate-Related Outages?

accessec, APIIDA, Crypto4A, Difenda

Six Groundbreaking Machine Identity Protection Developers Gain Funding

code signing certificates, Code Signing, Stuxnet, ShadowHammer

Study: How Well Are You Protecting Code Signing Certificates?

About the author

Eva Hanscom
Eva Hanscom

Eva Hanscom writes for Venafi's blog and is an expert in machine identity protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat