In the wake of recent legal battles over the de-encryption of mobile devices, the Department of Justice’s remarks calling for “responsible encryption” are to be expected. But what is “responsible encryption” and how does it mesh with our current security culture? At a time when businesses and individuals alike are seeking to enhance their communications security, why is the government backtracking?
Backdoors And Persistent Access
[pullquote]The majority of battles over digital security have to do with end-to-end encryption; this is essentially a form of data security in which only the sender and recipient can access the content.[/pullquote] In these cases, the companies behind the products can’t hand over data to the authorities because they can’t access it, despite having other controls or pathways into the device.
To the government, end-to-end encryption presents a serious problem. In recent remarks, FBI Director Christopher Wray noted that the FBI has been unable to retrieve data from over 6,900 mobile devices during an 11-month period. This makes it difficult to investigate everything from terrorism to drug trafficking, and the government is frustrated. Ideally, at least according to the DOJ, there would be a backdoor into these devices.
Of course, you can’t have a backdoor and security at the same time. They aren’t compatible. In order to disguise this fact, Deputy Attorney General Rod J. Rosenstein introduced the term “responsible encryption.” But while “responsible encryption” may be a better term, it’s just another way to say the government wants to surveil communications more broadly. And businesses and individuals should be deeply concerned.
Encryption And The Mobile Society
Right now, the government’s call for backdoor surveillance options is just that – a call. It isn’t mandatory or a legal requirement, and that means businesses can continue increasing their security rather than intentionally compromising it. In fact, despite this conflict, the global mobile encryption market is expected to grow 30% through 2022.
[pullquote]For businesses, enhanced encryption currently takes several key forms.[/pullquote] Many are adopting secure apps for communications and those that are email reliant are choosing third-party encryption for an end-to-end experience. In fact, 35% of Office 365 users choose third-party security options in place of or as a supplement to the built-in encryption process provided by Microsoft. That number is likely to increase, rather than decrease in the next several years, as businesses and clients alike become more security savvy.
Mobile encryption is especially likely to show gains in the next several years as more business operations move to mobile devices. This is good news for cloud service providers, as it’s well known that cloud software provides the most up-to-date, secure systems and tend to blend more successfully with external programs.
Small businesses, in particular, are the next major frontier in mobile security and their choices will determine how higher profile businesses perform. For example, Target’s 2013 data breach happened because hackers accessed an HVAC contractor’s data system. To gain important contracts and keep client trust, small businesses will have to opt for greater security, not “responsible encryption.
What businesses and consumers want and what federal law enforcement wants have never been further apart – and they may actually be working at cross processes when it comes to consumer privacy laws. You can’t stop data breaches and build a backdoor and wishful thinking or frustration can’t make it otherwise.
If you are interested in even more security-related stories and information from us here at Bit Rebels then we have a lot to choose from.