Embrace “Responsible Encryption” and Rise Above the Privacy vs. Security Debate



by John Robusto

Encryption has never been hotter, with big name brands around the world keen to trumpet their tough stance and protection of customers. Only a few months ago, encryption would have been consigned to the tech or business section – now it’s front page news, with Whatsapp, Apple and Microsoft amongst those making a splash. Thanks to last week’s 60 Minutes segment, Signalling System No. 7 (SS7), a telephony signalling language used by more than 800 telecommunication companies around the world to allow their networks to interoperate, has entered popular vernacular as hackers demonstrated its vulnerability on national television.

With WhatsApp and now Viber announcing end-to-end encryption, tech companies are pulling out all the stops to reassure their customers that the security of their data is of the utmost importance. To counter, in Washington, legislation was recently revealed that could force tech firms to assist law enforcement in unlocking encrypted devices, surely in response to the FBI’s recent wrangling with Apple. In reply, Apple, Microsoft, Google and Amazon published an open letter expressing concerns over a controversial U.S. bill that would require smartphone makers to decrypt their data if requested by the government.

Senator Dianne Feinstein, one of the two key figures behind the bill, explained that “Today, terrorists and criminals are increasingly using encryption to foil law enforcement efforts, even in the face of a court order. We need strong encryption to protect personal data, but we also need to know when terrorists are plotting to kill Americans.”

The match up seems to have been made clear, the battle lines drawn; the tech companies are seeking to protect our privacy, while the government is trying protect our safety. It’s an age old conundrum, and one that completely misses the point. Although privacy is a right, encryption is simply a tool with no moral compass, and is only as virtuous or dangerous as the hands of those it is in.

The WhatsApp model is what we call “irresponsible encryption,” in that it makes the technology available to anyone with a smartphone, with absolutely no discrimination. At a stroke, they have made it immeasurably easier for criminals and terrorists to evade detection and monitoring by law enforcement and security services, thereby putting all of our safety in danger. Is it any wonder then that governments are seeking to respond?

The question isn’t just one of security though – it is important to think of the implications on the economy. For example, WhatsApp’s current encryption approach has made it non-legal in India, a country where they claim to have more than 100 million active users per month. So what are the implications if India decides to shut down WhatsApp, temporarily as Brazil did recently, or permanently? What of the businesses that have come to rely on the service, and the damage to the economy this sudden collapse in communication could inflict?

Even in the unlikely event that there is no legal intervention from the state, organizations must be aware that their employees are using encrypted platforms to discuss business matters, completely off radar. Which could have serious implications for compliance and regulation in sectors such as healthcare and law, to name just two.

The solution then must surely to be more stringent and careful with regards to who has access to encrypted communication technology in the first place – what I refer to as “Responsible Encryption.” At my company, we understand the importance of not allowing the wrong tools to get into the wrong hands, and it is why our platform is not simply made available to all and sundry, regardless of how attractive that might be in terms of short-term revenue. Instead we engage solely only after a thorough screening and vetting process. Companies that take this approach are not only protecting their customers using the platform, but acting in the interest of national and international security.

Until the likes of Whatsapp and Apple are prepared to take responsibility for the distribution and use of their own technologies, they can expect increasing pressure and legislation from governments who are having their hands forced.

John Robusto is the CEO of CSG.

Leave a Reply

WWPI – Covering the best in IT since 1980