Crypto Wars: Encryption is a Double-edged Sword
Earlier last month, conflict between the US administration and technology companies were locked in a debate on whether companies like Google and Apple should enable users to encrypt their digital communications in such a way that not even the FBI could decrypt the information. In other words, the administration wants encryption to be more "law-enforcement friendly".
According to a judicial hearing, FBI Director James Comey stated that while encryption benefits the digital lives of users and supports the fundamental rights of people, companies who “do not retain access” to consumers’ information can endanger lives by preventing investigative tools from following critical terrorist leads. Consequently, strong encryption methods can make investigations more difficult for law enforcement agencies because service providers don’t have access to actual communications—the lack of which could impede criminal investigations even when served with a warrant.
This matter extends to the existing and possible implementation of end-to-end user encryption, which makes it impossible to intercept digital messages. In response, leading technologists argue that the entreaty being sought by law enforcement officials is technically impractical and would expose consumers and businesses to a considerable risk of data breaches and identity theft.
The Duality of Encryption
Encryption itself is supposedly a good thing. It was developed to protect data from unauthorized access. Essentially, encryption safeguards a user’s identity and privacy. When using encryption, users can somehow rest assured that phone calls, email messages, online purchases, and other online activities are safely protected from any potential intruder.
[READ: Encryption 101: What It Is, How It Works, and Why We Need It]
In light of Edward Snowden’s revelations about the NSA’s unwarranted mass surveillance, the increasing need to encrypt communications and data have prompted many companies to roll out stronger end-to-end encryption methods. In the past, companies were mandated to unlock phones for law enforcement, but amid growing public concerns about government surveillance and data breaches, the companies prevented their own capacity to decrypt data stored in devices, as it weakened security.
Unfortunately, while encryption was designed for good intentions, it does have a dark side. Apart from the political issues surrounding the dilemma, cybercriminals have also used strong encryption methods to develop unbreakable crypto-ransomware variants, which they use to force victims to pay a ransom fee or lose access to their files.
[READ: Crypto-Ransomware: When Encryption Breaks Bad]
This could be tricky though, as paying the ransom does not guarantee that the victim can actually recover their files, and even the use of anti-malware software to resolve a crypto-ransomware infection has proved futile.
Given the likelihood of this situation, users are encouraged to back-up their files regularly and to use proper security measures such as scrutinizing suspicious emails, and avoiding embedded links to prevent getting infected. Ultimately, user awareness could go a long way in security data and communications.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases