For several years, enterprises have been told to encrypt sensitive, mission-critical information to protect against cybercriminal intrusion. Recently, however, some organizations are changing their tune about encryption, noting that the security measure could be providing more than a defense against hacking – it could also be providing a safe place for black hats to mask their malicious activities and hide from law enforcement.
In January 2015, United Kingdom Prime Minister David Cameron kicked off a crusade against encryption for just these reasons, pushing for the technology – which makes it nearly impossible to decipher protected messages between senders and receivers without a key – to be made illegal in the U.K. This raises a number questions pertaining to the security of sensitive data as well as the fight against cyber terrorism. In the wake of Cameron’s announcement, many are wondering what an encryption-free world would look like, and how businesses and other users would safeguard their important content from prying eyes.
Cameron seeks to abolish encryption
According to Full-Time Whistle contributor David Jackman, Cameron’s remarks about encryption came shortly after a series of violent attacks in Paris that were reportedly carried out by Islamic extremists. Cameron argues that without encryption standing in the way, law enforcement might be able uncover more information that could aid in their investigation.
Jackman noted that if Cameron wins the upcoming election, he will likely push for encryption on a number of popular applications to be illegal. These could very well include Facebook, Skype, FaceTime and several other widely used platforms that are known for protecting communications with encryption.
“The Prime Minister didn’t name any specific apps or services directly or how they would go about preventing citizens from downloading these apps, but he did mention that those with encrypted data would not meet the new legislative surveillance standards,” Jackman wrote. “Cameron believes that this encryption poses as a major challenge law enforcement services’ efforts against the growing threat of terrorism and other crimes in the U.K.”
U.S report calls for increased encryption use
At the same time, however, a U.S. cybersecurity report that was recently made public noted that slow deployment of encryption could be putting federal and private systems at risk for attacks. According to The Guardian contributor James Ball, the report specifically noted the danger of online intrusion from malicious parties in Russia, China and those associated with criminal groups.
“[T]he document from the U.S. National Intelligence Council, which reports directly to the U.S. director of national intelligence. made clear that encryption was the ‘best defense’ for computer users to protect private data,” Ball wrote.
The cybersecurity report pointed out a significant imbalance existing between cybercriminals’ attack capabilities and defensive abilities, which comes as a result of the “slower than expected adoption … of encryption and other technologies.”
Encryption has long been a go-to security measure, particularly as instances of data breaches and other attacks continue to rise: Current estimates place the cost of cybercrime to the global economy at $400 billion annually. The report supports the technology, noting that when encryption is bolstered with two-factor authentication, it is one of the top strategies to prevent intrusion.
Encryption: Not always about hiding
Despite Cameron’s sentiments, many other major organizations support the use of encryption for protection. In fact, Kaspersky Lab contributor Serge Malenkovich noted that the protection measure isn’t solely employed when users have something to hide. Instead, many individuals leverage encryption as a means to ensure privacy.
“When discussions regarding encryption and protection start, people often say, ‘I have no secrets, nothing to hide,'” Malenkovich wrote. “However, they typically mean, ‘I believe no one will bother to dig into my smartphone or laptop to find something valuable.'”
In this day and age, this could not be farther from the truth. In the current threat environment, it’s not just large enterprises that are being targeted by cybercriminals, but individual users and their devices as well. Oftentimes, hackers will look to create a complete profile of an individual that can be sold on underground marketplaces, and the more information they have about a person, the more valuable it is. In this way, hackers may target individuals to gain a more complete picture with as much personal information as possible.
However, Malenkovich noted that sometimes users leverage encryption to safeguard information that they might not be ready to expose to others, whether valuable to hackers or not.
“A document saved on a home PC desktop or a cell phone left in a living room could quickly become an object of examination for those around you,” Malenkovich noted. “Maybe there is nothing bad saved, but you still may not be willing to share.”
Regulatory standards require encryption
In addition to ensuring privacy, encryption is also used in a number of industries due to regulatory standards. The Payment Card Industry Data Security Standard, for example, requires that retailers and companies dealing with customer payment card information encrypt these details when they are being transmitted across open, public networks, the SANS Institute noted.
In this way, encryption is much more than a protection measure that is nice to have – it is required by law in order to ensure compliance with regulatory guidelines.
Overall, although Cameron noted that encryption could be providing a safe haven for cybercriminal activities, the technology is also vital in protecting information belonging to businesses, federal organizations and individual users. While authorities may push to prevent the use of encryption in the U.K. in the future, chances are good that other countries including the U.S. will keep this security measure in place to help better safeguard sensitive, mission-critical data.