The Silent Web: Is Encryption Here to Stay?
Everyone wants encryption of IM, chat and email…
What's your secret? Encrypted instant messaging is the latest trend, from apps like BlackBerry Messenger (BBM), Telegram and Signal to Wire, Wickr and Surespot. Not forgetting Apple's iMessage and FaceTime. Before we know it, everything will be encrypted. It mostly already is.
Encryption often crops up when talking about criminals, usually painted as a tool for terrorism, but that's just spin from power grabbing politicians – we already live in an encrypted world. ATMs, phone calls, bank transfers, even the files we sync with Dropbox – it's all encrypted. It's got to be. The trend towards encrypted messaging apps is just the latest part of the jigsaw.
"Previously accessible only to those in the upper realms of technology and security, encryption has gone mainstream," says Jacob Ginsberg, Senior Director at email encryption company Echoworx. "We're seeing everything from apps and platforms being purpose-built specifically for encryption, to mainstream sites and messaging platforms choosing to now embrace it."
The dangers of inserting backdoors
As shown with the case of Apple's resistance to the use of the All Writs Act to demand that the company unlock the iPhone of one of the terrorists involved in the San Bernadino shooting, security services are increasingly demanding unfettered access to encrypted private messages and devices.
But when governments wave the 'national security' flag, it doesn't convince anyone in the communications business. "Shutting down free, encrypted messaging platforms only harms consumers, not the perpetrators," says Darran Rolls, CTO at indeependnt identity and access management provider SailPoint. "Offenders will just move to other forms of communication – mediums built with bomb-proof crypto that embeds messages in the low bits of images published on the likes of Instagram." Rolls thinks that rather than open up a revolving backdoor, consumers should have more encryption, not less.
Backdoors equal corporate insecurity
There's also the small matter of corporate security, with the Stuxnet malwaredebacle firmly in mind. "We saw the US government creating a vulnerability that leveraged misused keys and certificates for its own means, which was soon hijacked and put to use in the worst possible way – an attempt to tamper with critical infrastructure," says Kevin Bocek, Chief Security Strategist at trust protection platform Venafi. Inserting a government 'backdoor' effectively created a blueprint for terrorists.
"Today's backdoors are tomorrow's vulnerability," says Ginsberg. "The average person today has access to technology that only governments could have got hold of not so long ago … there is almost a guarantee that any backdoors put in today will be accessible to terrorists or hackers a few years from now."
What company wants governments – which have a very poor track record on privacy and security – in charge of corporate security? "The gates to backdoors rust quickly with time," adds Ginsberg.