To meet the goal of increasing safety for its citizens, sometimes a government will put a particular type of technology under the microscope. At the moment the country in the throes of this is the UK, with the specific technology coming under attack being encryption.
The official in the UK most vocal about encryption is British Home Secretary Amber Rudd, who has been making lots of headlines about the topic in the last couple of months. Her comments can be confusing at times.
On the one hand, she has stated that encryption plays a fundamental role in protecting British citizens online, and that the government supports strong encryption and has no intention of banning it. On the other, she has also said, “there is a problem in terms of the growth of end-to-end encryption.”
In addition, Rudd has come out rather strongly against extremely popular communications tools such as WhatsApp. She fears that the popular tool – which end-to-end encrypts all of its messages - gives terrorists and other criminals a way to evade authorities and surreptitiously communicate with one another.
While it is of course Rudd’s duty to ensure the safety of British citizens from terrorists and other criminals, there is also no question that there will be a price to pay by curbing the use of encryption, especially for businesses and eCommerce growth.
What is Encryption?
As a provider of Public Key Infrastructure (PKI) technology and Digital Certificates, GlobalSign has its finger on the pulse of how encryption is being used by our customers to foster business. We thought it would be good to give our definition of encryption.
In case you’re not very familiar with encryption, it is a very widely trusted technology enabling tens of millions of legitimate, law-abiding businesses around the world. Encryption protects financial details and passwords, as well as billions of devices, from cars and refrigerators to medical devices.
Strong end-to-end encryption involves encoding messages or data so only the intended recipient can read it. In fact, the process of encryption is so complex it could take years for even the world’s most powerful computers to break the code.
When executed appropriately and correctly, encryption supports the digital economy, so there is no real basis to limit its use. As it relates to the UK, the technology community all agrees that were encryption to be limited there, it would severely impact how business runs today.
Secretary Rudd would like the ability to bypass encryption via the “backdoor” method to allow the government to grab encryption information that bypasses the normal encryption mechanisms. She believes that installing a backdoor in an encrypted app or phone isn’t equivalent to persuading tech providers to open up.
The challenge here is that breaking encryption is quite an effort, and that in general it would have an extremely negative impact on business.
On top of it, once a backdoor is created it can be exploited by anyone – including terrorists, who are known to be very creative in finding new ways to communicate with one another. So creating one doesn’t seem like it would have the intended effect anyway.
And, there are even more compelling reasons for the UK to leave encryption rules unchanged. In May 2018, the General Data Protection Regulation (GDPR) goes into effect, and that is when UK businesses will need the ability to communicate with customers securely and ensure the security and privacy of EU citizen data. But without encryption, it may be more difficult to achieve this.
Encryption is Critical to Everyday Business
Encryption is now so ubiquitous, dropping it, or even watering it down, would impact businesses on a broad scale, as well as in specific markets. Here’s a look at four markets that have unique needs:
- Law: It’s possible attorneys could soon be expected to encrypt privileged client data to comply with professional responsibilities.
- Healthcare: The UK’s Data Protection Act requires the protection of personal health information.
- Hospitality: UK laws have made it imperative to encrypt sensitive data such as credit card numbers, social security numbers and other sensitive information to prevent loss or unauthorized use.
- Retail: eCommerce providers must comply with PCI DSS, the worldwide Payment Card Industry Data Security Standard, to process card payments securely and reduce card fraud. Among its 12 requirements, encryption is one of the most important, as it is necessary for protecting stored data, as well as ensuring secure transmissions of credit card holder data.
These are just four markets, but there are of course many others that rely on encryption every single day to protect information that could be considered proprietary. Encryption also enables trust between users and organizations to conduct secure and safe business. Without encryption, users will be less likely to transmit financial and sensitive data online, which would set our digital economy back in time.
We realize there are many considerations to ensure safety, and the important role technology plays there. However, it’s clear that encryption is a very necessary tool for protecting data. We are hopeful that Secretary Rudd, and the UK government, will strike the right balance so that encryption can continue protecting its people and businesses.
We'd love to hear your thoughts and opinions on this topic in the comments below or feel free to contact us on Twitter, @globalsign.