Skip to main content
banner image
venafi logo

Why Are Governments Afraid of Encryption?

Why Are Governments Afraid of Encryption?

encrypted backdoors
January 3, 2018 | Guest Blogger: Bob Covello

Why are government officials who know next to nothing about encryption so eager to mandate encryption backdoors?

This topic came up the other day while I was chatting with one of my security colleagues who posited a very fascinating concept:

“You know, the government has already broken all the encryption algorithms”.

I was shocked when I heard this, and the mere thought made me extremely uncomfortable.

Fortunately, we do not have to believe such a theory: it is easily disproved by the number of high-ranking officials who are arguing for encryption backdoors. Once those encryption algorithms are broken, the rhetoric will fall mysteriously silent. Imagine if, however, my friend is right and the government has in fact broken encryption. The fact that they have not made decryption keys available to all the victims of ransomware would make them complicit in the largest digital criminal enterprise in recent memory.

Many folks simply do not understand encryption at all, so it seems like a mysterious bit of witchcraft. Some incorrectly argue that only it protects the criminals. The best and worst part about encryption is that its foundation rests in math. That is good because math is agnostic; it is bad because too many people fear math.

One need not blame the politicians alone for the chatter about allowing special decryption access for law enforcement. Former FBI director Jim Comey spoke at a law enforcement conference a couple of years ago, and when he spoke about the “going dark” problem, most folks in the room nodded affirmatively at the need for the government to have a back door into encryption.

It is easy for a person to declare encryption as a bad thing simply due to its unfamiliar and highly complicated process. So what? This is not the real issue. I do not expect anyone to understand encryption in order to recognize its value. Most people do not know anything about how their own heart operates, so why would we expect anyone to understand something as arcane as encryption?

What people understand is the need for safety and security, and the anti-encryption song of our officials is all that is available to promote that feeling. What is needed is a reasoned and strong counterpoint that is equally compelling.

As InfoSec folks, we need to avoid the technical aspects of encryption when we are explaining it outside of our circles. There are few things more eye-glazing than when we start to wax technical with a non-technical audience. I usually tell my non-technical friends that encryption is exactly like any scrambled message that we have all experimented with in our youth. More recently, it is like some of the language in many hip-hop songs. That is a language in dire need of decoding! In its simplest form, encryption is just a way to keep secret messages secret.

The arguments by the people in charge include:

  • The encryption back door could only be executed via a court order;
  • The encryption keys would be stored securely; and
  • This would make us all safer.

These are all trivial, and unfortunately, laughable to the InfoSec community, and worse, to the criminal enterprises who make their living breaking all of these rules. Stop for a moment, put on your security hat and think how each of these safeguards are easily circumvented. We have already seen examples, from the loss of sensitive data in recent data breaches, as well as other failures in security and the administration of justice.

To answer the question of why government officials who know next to nothing about encryption are so eager to mandate encryption backdoors: because that is the convenient solution. However, we all know that convenience over security is never a good idea.

Our guest blogger Bob Covello is a 20-year technology veteran and InfoSec analyst with a passion for security topics. Follow him on Twitter @BobCovello

Related blogs

Like this blog? We think you will love this.
Featured Blog

EARN IT Act Is Back and So Is Debate Over End-To-End Encryption

The Eliminating Abusive and Rampant Neglect of Interactive T

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Guest Blogger: Bob Covello
Guest Blogger: Bob Covello

Bob Covello is a 20-year technology veteran and InfoSec analyst with a passion for security topics.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud

Venafi Cloud manages and protects certificates

* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
* Please fill in this field
* Please fill in this field
* Please fill in this field

End User License Agreement needs to be viewed and accepted

Already have an account? Login Here

get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more