Cybersecurity experts from CipherCloud, STEALTHbits Technologies, and Virsec today commented on the ENCRYPT Act (Ensuring National Constitutional Rights for Your Private Telecommunications), that would preempt state and local government efforts. The billwas introduced yesterday by Reps. Ted Lieu (D-Calif.), Mike Bishop (R-Mich.), Suzan DelBene (D-Wash.) and Jim Jordan (R-Ohio), to create a single, standardized national policy.
“The trend towards government access to your encrypted data has picked up speed. Many states within the U.S. are moving forward on policies that would essentially enable “back doors” into encrypted data sets. At the top of their well-intended agenda is support for law enforcement on a variety of challenges including, of course, terrorism. This new legislation for a national encryption policy is trying to avoid the various states from implementing their own legislation and instead, position one clear and more easily implemented national policy.
Despite the noble objective of nationally standardized encryption in support of law enforcement and counter-terrorist activity, the use by government of forced disclosure, whether at the state level or the federal level, can move the control of your data into someone else’s hands. “Back doors,” or special API’s that access your data at various points of being used within applications, can also easily circumvent basic protection such as “at rest” encryption for your databases.
The only way to maintain firm control over your confidential data is to implement Zero Trust end-to-end encryption. This level of protection, for example, will not allow anyone using a backdoor into one of your 3rd party provided cloud applications to access your data without your explicit knowledge, and approval. Only your decision to deliver your data encryption keys to the requesting party will expose the data.”
“The re-introduction of legislation to not force technologies to implement security backdoors is an unfortunate necessity. Undoubtedly any backdoor that is introduced will be available to both law enforcement and bad actors alike, collectively making us less secure.”
.
Willy Leichter, Vice President of Marketing at Virsec:
“It seems like a positive move to have a standardized national encryption policy. However, this doesn’t solve the basic collision of interests around encryption – law enforcement wants broader access, while privacy experts (and most of the security industry) don’t want to neuter the effectiveness of encryption. This group seems to understand that encryption is a fundamental building block of most digital business, and weakening it, for whatever reasons, can be disastrous.”
ISBuzz Team embodies the collaborative efforts of the dedicated staff at Information Security Buzz, converging a wide range of skills and viewpoints to present a unified, engaging voice in the information security realm. This entity isn't tied to a single individual; instead, it's a dynamic embodiment of a team diligently working behind the scenes to keep you updated and secure. When you read a post from ISBuzz Team, you're receiving the most relevant and actionable insights, curated and crafted by professionals tuned in to the pulse of the cybersecurity world. ISBuzz Team - your reliable compass in the fast-evolving landscape of information security
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.