Following the news that Silicon Valley companies are planning to make further use of encryption, please find comment below from David Emm, Principle Security Researcher at Kaspersky Lab.
David Emm, Principal Security Researcher at Kaspersky Lab
The news that Silicon Valley companies are planning to make further use of encryption to increase privacy comes as no surprise. They have already shown support for Apple in its battle with the US government over encryption; and this demonstrates how important this is for them.
Having a backdoor in a product or software is all well and good for law enforcement reasons, but it’s a bit like leaving a key under your door mat for your friend. It’s great for letting your friend in, but there is no guarantee it’s just your friend who will find it, and not a burglar too. In the case of Apple’s feud with the FBI, if governments insist that products have backdoors in products, what is to stop rogue organisations discovering these backdoors and using them for nefarious purposes? It is for this reason that government calls for a way to access encrypted data are flawed, and could potentiallyundermine not only individual privacy, but corporate or national security.
There is and always has been an inherent tension between privacy and security. This isn’t going to disappear; and although the weight may shift between the two, depending on the geo-political situation and security context at any given time, the key issue for society is to try and balance the two. However, it’s not possible to achieve this with weak encryption. Encryption is vital to the security of online transactions, and is a key tool of personal and corporate security. For this reason, it is dangerous to undermine it.