The security debate is raging stronger than ever. In addition to beefing up a physical security presence in major cities, there is growing concern over the use of technology to garner support for and perpetrate crimes on massive scales. Agencies and companies are scouring networks to determine what is being missed and how. In particular, there are legitimate and understandable fears regarding the use of encryption to obfuscate sensitive data and confidential messages. Unfortunately, rogue groups and unsavory characters are utilizing sophisticated encryption methods to avoid detection as they plan attacks with catastrophic consequences.
Despite repeated calls from various federal agencies and state governmental offices to weaken encryption for the sake of security, the technology sector maintains that encryption workarounds or backdoor maneuvers would not be appropriate. After all, encryption is used to protect a range of sensitive data, such as social security numbers, banking information, medical records, and flight data, among many other pieces of information. Encryption is a necessary part of any comprehensive security strategy, for both the public and private sector, and it is central to overall cybersecurity. As the Information Technology Industry Council put it, "Weakening security with the aim of advancing security simply does not make sense."
Rather than eliminate or erode encryption methods, or any other security measure for that matter, public and private actors must focus on understanding existing technology, its evolution, and how it may be misappropriated or misused. Here are the two reasons that weakening encryption just isn’t a viable security solution:
Weakening Encryption Creates a Slippery Slope
As encryption is weakened, more and more data is susceptible to becoming compromised. Just as hackers and organized criminals are able to manipulate technology to carry out their exploits, they will also find a way to take advantage of any weakened security measures. The notion that only the “good guys” will benefit from backdoor methods of busting encryption is a false and unsafe assumption. It is better to improve upon (and keep secret) decoding efforts or other surveillance methods than it is to potentially expose important data.
Encryption is Often the Saving Grace
In the event a company or agency’s data is breached and hackers manage to access or download any information, encryption very well may be the last level of protection. Once a hacker infiltrates a network, whether via stolen passwords, sneaky methods, or sheer luck, there is very little that a company or agency can do to protect the data if it is not encrypted. Thus, if current encryption techniques are weakened, there will no longer be that final layer of protection and more companies and agencies are likely to succumb to breaches with major repercussions.
Ultimately, the tech industry must engage in developing technology to facilitate security rather than hinder it.