The right to encrypt
-
Created: Sunday, 06 January 2019 09:35
Image Credit: Ylanite Koppens from
Pexels
Encrypting is the abilty to encode information so that it can not be viewed without a decryption key. Encryption is important to protect the confidentiality and integrity of data, and many people will not find it suprising that there are countries that seek to ban their citizen from encrypting there data. In a world where devices are interconnected by the internet, the protection of data is as strong as the weakest link. We all can point to reasons why a business may need to encrypt the data of their customers, but what about the general populus? The justification in many cases is for national security. What happened to prohibiting unreasonable searches and seizures, or the right to due process?
What prompted the knee jerk reaction to prohibit encryption methods are the various examples of criminals utilizing these technologies to mask communications or their data. Criminials by definition do not obey the law, but law abiding citizens do. The actions of a business that creates encryption tools can be legislated, but it is next to impossible to legislate the actions of an open-source community. Selectively banning these tools will sprout new tools that will circumvent the law, leaving more places to hide. The only method is a full ban that will likely not stop criminial from using these tools anyways.
In a previous post, I mentioned that anyone will ever store PII (personal identifiable information) on an electronic device, can benefit from data encryption. We expect our institutions (i.e., hospitals, banks, or schools) to prevent the nondisclosure of your personal information. In a digital age, most people will store personal information on an electronic device, or at least the passwords to this personal information. This information requires the same level of protection no matter where the data resides. History has also proven that if backdoors are created, they can be exploited, by anyone with the knowledge to do so. We often look at cyberspace as if the rules would be any different than the physical space.
Some will use the arguement these institutions store large amounts of data, making them a target for many attackers. I will agree with this position and add that these organizations also have staff or the resources to address and mitigate cyber threats or vulnerabilities. The general population does not have access to the resources or the wealth of knowledge that it takes to secure their personal devices. Encryption would be a last effort prevent the disclosure of personal information. The general population oftentimes are subject to malware or other threats that could compromise their information. Ask any person that has ever worked at repair facility how often they have found malware on the devices of average people.
