Message to Amber Rudd: Undermining encryption makes us less safe
Craig Stewart of Venafi believes that governments need to stop characterising the security technology as the enemy
Credit: Yui Mok/PA Archive/PA Images
Encryption is firmly on the national agenda. Over the past few months, home secretary Amber Rudd has made no secret of the fact she thinks tech companies, such as WhatsApp, are not going far enough when it comes to stopping extremist groups using the technology for nefarious ends. This culminated in Rudd claiming that she didn’t need to understand encryption in order to combat it – a statement which led to the slapping of foreheads all across the security industry.
The home secretary is no doubt well-meaning. In her capacity as leader of the Home Office, the national security buck stops with her, so it’s no wonder that she’s acting with a duty to preserve public safety in mind. Yet her recent comments indicate a lack of understanding of even the most basic facts about encryption, as well as a worrying disregard for its importance as the lynchpin security of our digital economy.
Citizens should be concerned that Rudd seems to see encryption as part of the problem. In fact, encryption is one of the most vital defences that we have at our collective disposal. When applied properly, it’s what keeps our data safe from compromise, whether that’s sensitive patient data at an NHS Trust, or voting-registration details.
More broadly, it’s fundamental to the success of the British economy, whether for banking, trading, or e-commerce. The encrypted software in Rudd’s crosshairs is just the tip of the iceberg. She needs to understand that encryption can’t simply be applied or removed on a whim. The nature of effective encryption demands that breaking it is impossible and any government backdoor would leave digital systems just as accessible to cybercriminals as they would be to law enforcement. Rudd wrongly suggested this as “a theory” – it is a mathematical fact.
Given the extent to which the public sector relies on encryption to safeguard valuable public data, the home secretary would be well advised to consider the tech firms’ position more closely before jumping to conclusions – particularly since there’s no evidence that weakening encryption through the use of backdoors would actually make us safer.
This debate rumbles on.
Rudd won’t be the last to take aim at WhatsApp and other tech firms that use encryption to protect consumer privacy. With every terrorist incident, pressure on the tech firms will mount as our leaders continue to jump to conclusions without understanding the facts.
This needs to stop. Encryption isn’t the enemy, and the government should stop framing it as such. Even if we were to leave aside the public’s priorities on the issue, undermining encryption makes us less safe and weakens our economy, which depends on a wide range of secure digital transactions.
Rudd, for one, would do well to learn the fundamentals of encryption before commenting on the issue again.
Work also begins on developing a framework for identity products after Verify enters private ownership
Singapore nabs top spot in Government AI Readiness Index
No more RAG ratings as centralised risk registers replaced with individual memoranda of understanding with each company
Data watchdog asks for feedback on revamped code of practice
Sharon Hobson of Riverbed explains why the key to justifying an investment in cloud technology is visibility of network performance