Encryption is one of the most controversial topics in the IT industry, and one we've blogged about in the past. It's also one that more and more of our clients and customers are asking us about. In the wake of costly hacks like the one at Target in recent years, businesses want to understand more about how to keep their critical information safe.
To those outside the industry, it seems like encryption wouldn’t be terribly controversial. If encryption can keep hackers out, then we should use it, right?
Not so fast. Let's take a closer look.
The source of a lot of controversy around the subject of encryption has to do with security backdoors. Security backdoors provide a method for authorities – such as government, police or software vendors – to get past the encryption and security methods that are supposed to keep your information safe, as part of a law enforcement investigation. The idea of security backdoors is that when software vendors leave the backdoor open for law enforcement, this will allow the powers that be to keep us all safe from criminals.
The challenge here is that when we leave a security backdoor open for people who might use it to keep it safe, we are also leaving it open for the bad guys – the hackers of the world – to exploit this information to attack our personal and business information. In an attempt to protect ourselves from one threat, we open ourselves to another.
Tolar Systems believes that law enforcement backdoors make all data less safe.
Many within the technology industry agree on this. The New York Times recently reported that since the Wikileaks scandal, technology companies like Apple, Microsoft and Google have been moving to fully encrypt more of their customer and corporate data after learning that the United States and British governments had been “siphoning off” communications and hacking into customer systems.
These governments have argued that this prevents law enforcement from gathering the information it needs to stop terrorists, kidnappers and others from harming the public. Technology experts, on the other hand, argue that it is impossible to secure information in such a way that friendly governments could access it, without also leaving it vulnerable to attacks by hackers and malicious government attacks.
There are also privacy concerns. Although these backdoors are intended to allow law enforcement to access user information only with a warrant, there are still concerns about how compatible these backdoors are with fourth amendment concerns. In the United States, Fourth Amendment of the Constitution guarantees freedom from unreasonable search and seizure.
What constitutes an unreasonable search and seizure when it comes to your online information? If Uncle Sam is always watching, who’s to say others with less honorable intentions aren’t also watching?
Should I Encrypt?
Now we come to the question our customers want answered, “should I encrypt my company’s data?”
Tolar Systems, along with many technology experts, says that sensitive customer financial information should be encrypted – but with the caveat that even encryption may not be enough to keep your data safe. Hackers will always be working towards trying to break down encryption to access as much data as possible. And unfortunately, if governments are able to mandate that technology companies should provide access via a security backdoor to law enforcement officials – that information will be significantly less safe than it should be. Vigilance and monitoring are also necessary to keep online data safe from attack.
Do you have questions about encryption? We'd love to answer them in a future blog. Please contact us and let us know.