Thursday 3 December 2015

To Encrypt or Not to Encrypt? That Is Not the Question

encryption, ProtonMail, Silent Circle, Information Technology Industry Council
[Source: EFF Photos]
If there were need for further proof that 2015 has become Orwell’s 1984, look no further than the renewed debate over encryption prompted by the recent Paris bombing. For every claim that this is the reason why encrypted communications must be stopped exists a counterclaim pointing out that the Islamic State did not necessarily even rely on encrypted communications to carry out their attacks.

The release of an ISIS security manual—providing a host of suggestions for safely accessing email, publishing pictures and using the Internet—has intensified the scrutiny several leading technology providers find themselves under. Rather than let their services be written off as facilitating acts of terrorism, SumRando Cybersecurity applauds the companies that have taken advantage of this opportunity to reframe the encryption conversation.

In a statement released last week, ProtonMail co-founder and CEO Andy Yen clarified that the company is standing by its tagline of “secure email with absolutely no compromise”:
“But even if the communications were encrypted, it is illusory to believe that you can block terrorists from communicating by banning encryption. With or without ProtonMail, terrorists will continue to have encrypted email capabilities, in the same way that they will continue to have access to weapons regardless of a ban on assault rifles. What we do know for sure is that banning encryption would certainly lead to an increase in cyberattacks, data breaches, and an end to online banking and online shopping. This is not to mention the numerous dissidents, journalists, and activists whose lives will be put at risk…We must remember that ISIS doesn’t just use ProtonMail, they also use Twitter, mobile phones, rental cars. We couldn’t possibly ban everything that terrorists use without disrupting democracy and our way of life, and in effect achieving the goal of terrorism.”

Similarly, President and CEO Dean Garfield of the Information Technology Industry Council (ITI), the “global voice of the tech sector”, responded:
Encryption is a security tool we rely on everyday to stop criminals from draining our bank accounts, to shield our cars and airplanes from being taken over by malicious hacks, and to otherwise preserve our security and safety. We deeply appreciate law enforcement's and the national security community’s work to protect us, but weakening encryption or creating backdoors to encrypted devices and data for use by the good guys would actually create vulnerabilities to be exploited by the bad guys, which would almost certainly cause serious physical and financial harm across our society and our economy. Weakening security with the aim of advancing security simply does not make sense.”

Bill Conner, President and CEO of Silent Circle, actively dissociated his company from terrorism while also acknowledging the need for ubiquitous encryption in everyday life:
Of course, encryption plays an important part of maintaining digital security in everyday life—from online banking and corporate intellectual property to the communications of our governments and intelligence services. But when tragic and abhorrent events happen, the focus inevitably turns to whether encryption is being used for hostile purposes instead…So, we will continue to be transparent in how we protect your communications and how we vet our members, but we will also continue to advocate the responsible use of end-to-end encryption to protect the legitimate concerns of businesses, governments and individuals.”

The Paris attacks and the released ISIS security manual are currently being leveraged to fuel a side on the encryption debate that lacks perspective. In truth, encryption is an important and fixed feature of the landscape we all live in. Think about it: What would your day be like without encryption? (Hint: You might think twice about using the ATM, checking your PayPal account or booking a flight.)

Want to know more about the encryption debate? Read on!

SumRando Cybersecurity is a South Africa-based VPN, Web Proxy and Secure Messenger provider. Surf secure and stay Rando!

No comments:

Post a Comment