The argument whether encryption is a human right or a threat to national security goes back to the early days of the Internet in the 1990s and is still going strong today.
We are not as naive as to think that this article alone will once and for all put an end to that debate, but hopefully, it will shine some light upon it and help you see both sides of the argument - the law enforcement agencies, who are vying for strict control of encryption technologies, and the privacy advocates, who are adamantly against any backdoor access.
So, without trying to add any unnecessary oil to the fire that is the encryption debate, let's try to find out is encryption a threat to national security or not.
Why are Law Enforcement Officials Against Encrypted Data?
So what do intelligence agencies have against end-to-end encryption?
Well, it's really simple. Fully encrypted communications and the sensitive data in them cannot be easily read by federal agencies.
This admittedly does make their job more difficult and there have been instances where criminals and terrorists alike have used encrypted traffic to better cover their activity.
After all, the whole idea of end-to-end encryption is to not allow anyone without private keys to find out what sensitive information is stored in such communication.
However, law enforcement officials often argue that encryption can be used to hide criminal activity, which is why they argue for backdoor access and even go as far as to try and force technology companies to weaken their security by providing encryption backdoors that would allow easier law enforcement access.
One such attempt made by the FBI when they tried to force Apple to do this and unlock the encrypted device of one of the perpetrators in the Inland Regional Center in San Bernardino in California terrorist attack failed.
Responding to the court order, Apple refused to weaken its encryption standards, stating that it threatens the security of their customers and called for a public discussion on the issue.
You can check our stance on backdoor encryption and whether your own government can force private companies to provide it in this article.
Why Weak Encryption and Not Strong is a Threat to National Security?
Encryption is a threat to national security interests, but only if we're talking about weak encryption.
This is because requiring that technological companies provide backdoor access to encrypted data would actually decrease national security by:
- Weakening encrypted communications that can then be accessed by foreign countries. Let's not be naive, the old Cold War might have ended with the break of the Soviet Union, but there is a new, cyber Cold War going on today and countries like Russia and China present a serious cyberthreat to the United States.
- Lowering data security and protection of the information over foreign networks and that national security agency relies on.
Just like hackers are constantly trying to get the data of Internet users, the same goes for foreign adversaries who want to access sensitive information held by the government.
The security threat from foreign adversaries is manifested in:
- The cyberattacks that hackers are using to discover the vulnerabilities and weaknesses in the data systems to gain access to the information of importance to the national security.
- Attacking the transport layer of the electronic communication on which sensitive information travels and that encryption protects.
How Encryption Enhances Your Data Security?
Of course, it is quite wrong to claim that only criminals use encryption programs.
More and more, private citizens do this as well in an attempt to protect their own data and electronic communication.
It doesn't mean that you should be subject to criminal investigations just by encrypting your stored data.
You might want to simply prevent someone unauthorized like hackers from accessing your private data such as medical data or financial data
Or you might be a whistleblower or a journalist and need strong encryption to protect the sensitive information that you have from a government agency.
Whichever the case, encryption is the key to ensuring data integrity and encryption systems in reality lowers security risks instead of raising them as the opponents claim.
Are There Alternative Approaches That Don't Rely on Weakening Encryption?
Several countries, like the United Kingdom, Australia and India have either passed or proposed laws that can compel service providers to grant exceptional access to encrypted information when law enforcement requires it.
In the US, the "Lawful Access to Encrypted Data Act" aims to do very much the same, but this would only cause an opposite effect and in particular:
- Weaken the overall national security
- Give malicious actors a better chance to access encrypted data
- As well as discourage any investment in and development of encryption products.
So what would be some acceptable solutions that would work for both advocates and opponents of encryption?
Enforcing tech companies to create backdoors that will provide government access to encrypted information would only serve to increase data insecurity for both the country and its citizens and would leave them susceptible to cyberattacks.
The solution lies in better cooperation between law enforcement agencies and the national security agency on one side and tech companies on the other.
For instance, we mentioned Apple's refusal to give the FBI access to an encrypted device of a terrorist, but it would be wrong to assume that the service provider is not willing to work with the law enforcement when it comes to investigating criminal activity when necessary.
They do, but not at the price of weakened encryption.
Law enforcement should find alternative means of investigation that don't require handing them encryption keys so they can have unlimited access to citizens' private information. This can be accomplished by increasing their own capabilities and manpower.
That said, in cases where the investigation merits, technology companies should abide by valid warrants and court orders provided by law enforcement to grant access to encryption data.
The encryption debate will continue as more and more people realize the importance of securing their data online. Hopefully, however, this article managed to shine some light on it and help you better understand everyone's position.
Are you looking to protect your email data? Sign up to Liverado.