Encryption And Its Role In National Security – ISBuzz News

The recent terrorist activity in the UK has reignited the debate about the use of encryption online. With news that the British Prime Minister, Theresa May, is calling for new regulation of the Internet, effectively demanding the abolition of encryption, David Emm, Principal Security Researcher at Kaspersky Lab commented below.

Download Free

David Emm, Principal Security Researcher at Kaspersky Lab:

Recent terrorist activity in the UK has reignited the debate about the use of encryption online. Some politicians have appealed to Internet companies to provide a way for government to inspect the communications of those suspected of criminal activity, for example terrorists. Others have even called for a blanket ban on end-to-end-encryption altogether.

The requirement for application vendors who use encryption to provide a way for government or law enforcement agencies to see through encryption, poses some real dangers. Creating a backdoor to decipher encrypted traffic is akin to leaving a key to your front door under the mat outside. Your intention is for it to be used only by those you have told about it. But if someone else discovers it, youd be in trouble. Similarly, if a government backdoor were to fall into the wrong hands, cybercriminals, foreign governments or anyone else might also be able to inspect encrypted traffic thereby undermining not only personal privacy, but corporate or national security. It would effectively create a zero-day (i.e. unpatched) vulnerability in the application.

This places application vendors in an invidious position. In response to growing privacy concerns in recent years, more vendors have implemented encryption to secure their customers communications. Theyre unlikely to be happy about switching to a snoopable form of encryption as illustrated by the stand-off between Apple and the FBI last year.

A blanket ban on encryption would be just as dangerous. Law-abiding citizens and organisations would seek to comply with such legislation compromising their privacy. But cybercriminals would either make use of encryption capabilities developed in another country (i.e. beyond the reach of the UK government), or implement encryption for themselves.

Theres an inherent tension between privacy and security. This isnt going to disappear, although the emphasis may shift depending on the geo-political situation and security context at any given time. Theresa May must surely be conscious of the fact that theres no way to restrict the use of encryption to honest, law-abiding citizens. However, at the same time, the government has made it clear that it wants organisations in the UK to protect themselves from cybercriminals and other would-be intruders. There are steps organisations can take to do this such as running fully updated software, performing regular security audits on their website code and penetration testing their infrastructure. However, since no company can guarantee 100 per cent that its systems will not be breached, encryption is essential to ensure that such a breach doesnt result in the loss of sensitive information. The best way for organisations to combat cyber-attacks is by putting in place an effective cyber-security strategy before the company becomes a target.

Continue reading here:
Encryption And Its Role In National Security - ISBuzz News

Related Posts

Comments are closed.