When it comes to explaining the reality of encryption to the US Congress, Bob Lord, Yahoo’s Chief Security Officer, is an ideal candidate. With two decades working in cryptography and security, as well as an impressive collection of classic cryptography machines, he is someone that the lawmakers should listen to when it comes to the encryption bill being debated in congress. Several other governments are also proposing similar legislation.
As Lord points out in the interview, your data is under attack from a myriad of sources, from criminal groups to nation states and these threats are increasing. With all these attacks, it’s vital that a user’s data is secured. If your data is stolen, you won’t care where the attack comes from:
“There is a real danger, a growing danger, and the danger to these average people comes from a variety of different places. It can come from Eastern European criminal syndicates; it can come from foreign nation-states.…….
We’ve seen a number of interesting health care attacks in the last year. Some of them we can’t entirely understand — there were some that didn’t seem to be monetized, it didn’t seem like the attackers started to make money on identity theft, which is what you’d expect them to do. And so we may conclude from that they either didn’t bother, but that doesn’t seem reasonable, or that their motivations might have been something different, it may have been nation-state kinds of attacks. So your info does get swept up to these kinds of attacks, even if you think that you in particular are not worthy of a nation-state attack, even if you think you have nothing to hide, and even if you think you have nothing to protect.”
In written testimony to a US House Committee, Amit Yoran, President of RSA, argues that while encryption will make things more difficult for law enforcement, this is more than balanced by the absolute need for good data security:
“To be clear, when used properly and in isolated and well-protected systems, strong encryption does make it difficult for law enforcement to access content. Encryption poses a similar challenge to our national security and intelligence community. But it also poses the same challenge to every foreign intelligence service, terrorist, criminal, hacker, industrial spy, and other bad actor attempting to affect our national security, public safety and individual rights. Strong cryptography is a foundational building block for good cybersecurity. We would simply cease to function as a technology-enabled society without it.”
Lord, Yoran and others in the industry are adding to the quality of the debate on the proposed encryption legislation. Of course there will be cases where encryption makes it more difficult for law enforcement to access content, but weakening encryption by providing backdoors to law enforcement is not the answer.