Data Foundry CTO, Edward Henigin, participated as a panelist at the INCOMPAS telecommunications conference in Washington D.C. on April 12. The assembled panel of security experts sought to bring the industry’s attention to the anti-encryption debate that has sparked in Washington and around the country due to Apple’s refusal to unlock the iPhone encryption for the San Bernardino case. The recent release of the Burr-Feinstein bill proposing law enforcement be given access to data in an “intelligible” format upon court order also provoked a wave of anger and disbelief throughout the tech community.
Encryption is Essential for Remote Business Transactions
Incompas security panel left to right: Alan Hill, Incompas; Edward Henigin, Data Foundry; Mike O’Malley, Radware; and Nicole Bucala, RSA
“We ought to come at the conversation framing the question, not ‘I’m encrypting something because I have something to hide, but because I have something that is valuable,’” Mr.Henigin proposed to the INCOMPAS audience. Some are inclined to believe that encrypted data is a cause for suspicion rather than merely a digital means to protect our assets.
This is why encryption is so essential for the business community and the U.S. economy in general. No business will be conducted over the Internet if there is no encryption, period. Encryption is essential to online banking, purchasing and the exchange of other sensitive data. Law enforcement wants to keep encryption in place while having access to a backdoor or a key to read encrypted data. There are two major problems with this approach.
The government’s backdoor isthe hacker’s front door.
We support law enforcement in its investigations and bringing criminals to justice. However, it’s naïve to think that law enforcement would continue to be the only ones to have access to this key. Some government and law enforcement officials seem to be in denial of the fact that they can’t keep this key to themselves, no matter how hard they try. History has proven that cyber criminals will find a way to access the decrypted data no matter what. As Data Foundry CEO Ron Yokubaitis says, “the government’s back door is the hacker’s front door.”
It’s already a grueling task to try to create software without any security vulnerabilities. For instance, Apple puts a great deal of effort in on both the hardware and software side to create a secure platform. Even with these security efforts by some of the industry’s best and brightest, the FBI was still able to hire hackers who found a security vulnerability that could be exploited and were able to hack into the iPhone for the San Bernardino case. Ergo, it is a costly mistake to assume that a backdoor for law enforcement would ever be 100 percent secure.
Anti-Encryption Laws Deny Rights to Privacy
The other main concern is the lack of privacy for all other individuals and business that would come with handing out encryption keys. With access to an encryption key, law enforcement could see everyone’s information, not just a potentially guilty party’s information. It’s not like a traditional search warrant that permits law enforcement to enter a suspect’s home or vehicle. Handing over an encryption key is like allowing access to the suspect’s home and all of his neighbor’s homes at the same time.
Data Foundry and its sister companies are strongly against anti-encryption laws because of what they would mean for online business communications and transactions and the U.S. economy in general. We are also opposed to the negative effects they would have on the privacy of citizens and companies that are not involved in law enforcement investigations.