Cybersecurity experts from CipherCloud, STEALTHbits Technologies, and Virsec today commented on the ENCRYPT Act (Ensuring National Constitutional Rights for Your Private Telecommunications), that would preempt state and local government efforts. The billwas introduced yesterday by Reps. Ted Lieu (D-Calif.), Mike Bishop (R-Mich.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio), to create a single, standardized national policy.
Anthony James, CMO at CipherCloud:
“The trend towards government access to your encrypted data has picked up speed. Many states within the U.S. are moving forward on policies that would essentially enable “back doors” into encrypted data sets. At the top of their well-intended agenda is support for law enforcement on a variety of challenges including, of course, terrorism. This new legislation for a national encryption policy is trying to avoid the various states from implementing their own legislation and instead, position one clear and more easily implemented national policy.
Despite the noble objective of nationally standardized encryption in support of law enforcement and counter-terrorist activity, the use by government of forced disclosure, whether at the state level or the federal level, can move the control of your data into someone else’s hands. “Back doors,” or special API’s that access your data at various points of being used within applications, can also easily circumvent basic protection such as “at rest” encryption for your databases.
The only way to maintain firm control over your confidential data is to implement Zero Trust end-to-end encryption. This level of protection, for example, will not allow anyone using a backdoor into one of your 3rd party provided cloud applications to access your data without your explicit knowledge, and approval. Only your decision to deliver your data encryption keys to the requesting party will expose the data.”
Gabriel Gumbs, Vice President of Product Strategy at STEALTHbits Technologies:
“The re-introduction of legislation to not force technologies to implement security backdoors is an unfortunate necessity. Undoubtedly any backdoor that is introduced will be available to both law enforcement and bad actors alike, collectively making us less secure.”
.
Willy Leichter, Vice President of Marketing at Virsec:
“It seems like a positive move to have a standardized national encryption policy. However, this doesn’t solve the basic collision of interests around encryption – law enforcement wants broader access, while privacy experts (and most of the security industry) don’t want to neuter the effectiveness of encryption. This group seems to understand that encryption is a fundamental building block of most digital business, and weakening it, for whatever reasons, can be disastrous.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.