Encrypted communications have long been the bane of law enforcement and those in the intelligence communities. As privacy concerns mount, thanks in part to the Snowden revelations, leveraging strong encryption for messaging and data storage is no longer the realm of geek speak. It is an expected feature and is quickly becoming a differentiating feature. iOS now encrypts data by default and Android while lagging behind, is fighting to get there.
Popular chat applications like WhatsApp tout encryption as a key feature and Apple’s iMessage app, which features end-to-end encryption and no central key store, is often referenced by law enforcement when arguing for a ‘back door’. 2016 will be the year this battle comes to a head. While politicians used to dance gingerly around the topic given the privacy abuses exposed by the Snowden revelations, recent terrorist attacks have brought this issue front and center. Multiple pieces of legislation are sure to be introduced that will propose weakened encryption protocols or procedures to grant law enforcement access to decrypted communications as needed. As we’ve learned however, you can’t be ‘mostly secure’ any more than you can be ‘kind of pregnant’.
Weakening encryption to benefit law enforcement will also reduce security for everyone and if the US government mandates a ‘backdoor’, you can be rest assured that China, Russia, [pick a country] will be demanding the same for their citizens. This is one battle that will have serious repercussions for years to come. Here’s to hoping that Apple, Google, Microsoft, Yahoo! and the like manage to prevail.
Should be another action packed year on the cyber security front. See you next year!
Contributed by: Michael Sutton, CISO, Zscaler