Have you stayed up to date with the ongoing debate about the encryption “problem”?
On the surface, it is a relatively simple argument. On one side, the government wants to have access to a “master decryption key” to solve the problem of spies and terrorists who communicate using encrypted messages. On the other side, the citizenry wants to preserve encryption because it protects all of our online transactions, and sometimes we like to share a private message as well.
Well, that was easy, wasn’t it?
Unfortunately, there are more than two sides to this story. As an example, consider these additional options to add to the debate:
Citizens who believe that they have nothing to hide, so they do not have to encrypt anything. Clearly, that is a position that has not been very well thought-through by those who hold it. None of these well-intended upstanding citizens would want their tax returns, banking transactions, or medical records transmitted or stored in clear text. When put in those terms, it is easy to dispense with this “nothing to hide, therefore, nothing to fear” conversation.
Another side to consider is the contradictory nature of governments who want a backdoor into encryption, yet seek to protect privacy at the same time. Germany is proceeding to pass legislation for encryption backdoors on all new devices, yet the German data protection agency has previously ordered Facebook to stop collecting WhatsApp user data.
Of course, yet another side is the one used by the criminals to protect their secret, nefarious plots.
The true problem with the entire debate is that it is difficult, if not impossible to separate the idea of privacy and encryption. If we remove technology from the equation, the problem is illuminated in a slightly different manner.
In most civilized nations, the government may only infringe on a person’s privacy under very controlled circumstances. One circumstance is the case where a person has no reasonable expectation of privacy. Two people plotting a crime on a crowded commuter train should not expect any privacy. However, a person expects privacy in his own home, and governments are prohibited from violating that right without a court order, warrant, or other official authorization.
Let’s imagine a hypothetical situation where the government is looking for a document in my home, yet I keep this important document written in code. Would that give them the right to demand the decryption key? Why is it any different when the conversation is moved into the digital realm? The last time I checked, I am not involved in any criminal enterprise, but that is not the reason I use encryption.
As I mentioned in a previous blog post: The privacy afforded through encryption is not a new development of the internet and it should not be treated as such. Encryption has been used in peace and war since the beginning of time, and civilization has moved forward despite the use of encryption.
The most salient argument that can be made is that even if the government is given a backdoor to the widely used encryption methods, the folks who want to subvert those efforts will create a new encryption algorithm free of that backdoor. Crime fighting is definitely a bit tougher in this digital age, but it is not impossible. Overcoming encryption is only one piece of the crime-fighting puzzle. Maintaining privacy is a broader and more important concern. Can the debate be shifted more towards strengthening privacy rather than weakening encryption?
Related blogs
Lorem ipsum dolor sit amet, consectetur elit.
Thank you for subscription
Scroll to the bottom to accept
VENAFI CLOUD SERVICE
*** IMPORTANT ***
PLEASE READ CAREFULLY BEFORE CONTINUING WITH REGISTRATION AND/OR ACTIVATION OF THE VENAFI CLOUD SERVICE (“SERVICE”).
This is a legal agreement between the end user (“You”) and Venafi, Inc. ("Venafi" or “our”). BY ACCEPTING THIS AGREEMENT, EITHER BY CLICKING A BOX INDICATING YOUR ACCEPTANCE AND/OR ACTIVATING AND USING THE VENAFI CLOUD SERVICE FOR WHICH YOU HAVE REGISTERED, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ENTERING INTO THIS AGREEMENT ON BEHALF OF A COMPANY OR OTHER LEGAL ENTITY, YOU REPRESENT THAT YOU HAVE THE AUTHORITY TO BIND SUCH ENTITY AND ITS AFFILIATES TO THESE TERMS AND CONDITIONS, IN WHICH CASE THE TERMS "YOU" OR "YOUR" SHALL REFER TO SUCH ENTITY AND ITS AFFILIATES. IF YOU DO NOT HAVE SUCH AUTHORITY, OR IF YOU DO NOT AGREE WITH THESE TERMS AND CONDITIONS, YOU MUST NOT ACCEPT THIS AGREEMENT AND MAY NOT USE THE SERVICE.
You shall not access the Service if You are Our competitor or if you are acting as a representative or agent of a competitor, except with Our prior written consent. In addition, You shall not access the Service for purposes of monitoring its availability, performance or functionality, or for any other benchmarking or competitive purposes, and you shall not perform security vulnerability assessments or penetration tests without the express written consent of Venafi.
This Agreement was last updated on April 12, 2017. It is effective between You and Venafi as of the date of Your accepting this Agreement.
The Venafi Cloud Service includes two separate services that are operated by Venafi as software as a service, each of which is separately licensed pursuant to the terms and conditions of this Agreement and each of which is considered a Service under this Agreement: the Venafi Cloud Risk Assessment Service or the Venafi Cloud for DevOps Service. Your right to use either Service is dependent on the Service for which You have registered with Venafi to use.
This License is effective until terminated as set forth herein or the License Term expires and is not otherwise renewed by the parties. Venafi may terminate this Agreement and/or the License at any time with or without written notice to You if You fail to comply with any term or condition of this Agreement or if Venafi ceases to make the Service available to end users. You may terminate this Agreement at any time on written notice to Venafi. Upon any termination or expiration of this Agreement or the License, You agree to cease all use of the Service if the License is not otherwise renewed or reinstated. Upon termination, Venafi may also enforce any rights provided by law. The provisions of this Agreement that protect the proprietary rights of Venafi will continue in force after termination.
This Agreement shall be governed by, and any arbitration hereunder shall apply, the laws of the State of Utah, excluding (a) its conflicts of laws principles; (b) the United Nations Convention on Contracts for the International Sale of Goods; (c) the 1974 Convention on the Limitation Period in the International Sale of Goods; and (d) the Protocol amending the 1974 Convention, done at Vienna April 11, 1980.
In the meantime, please explore more of our solutions
In the meantime, please explore more of our solutions
This site uses cookies to offer you a better experience. If you do not want us to use cookies, please update your browser settings accordingly. Find out more on how we use cookies.