Writing in the Daily Telegraph recently, British Home Secretary Amber Rudd stated that real people do not need such high levels of security as offered by end-to-end encryption (E2EE), going on to add that real people often prefer ease of use and a multitude of features to perfect, unbreakable security. This statement couldnt be further from the truth.
Encryptions benefits are far-reaching and essential in a world where most of our business and personal communications happen digitally. To cite just a few examples, E2EE allows people to communicate safely with one another in nations with oppressive regimes, enables LGBTQ individuals to stay in touch in countries where homosexuality is illegal, provides a way for doctors to share confidential patient information and ensures journalists can protect their sources.
Our online lives also necessitate an enormous and ever-increasing amount of personal data sharing, further driving a need for E2EE. For example, our personal details, credit card and other banking information and medical records are frequently shared online, increasing risk, as unsecure communication can be captured by a whole host of malicious actors such as sniffers on public WiFi networks, malware apps and ISP-level tracking.
In addition, our personal data has become the centre of a new economy, with retailers tracking and storing information on our shopping habits in data repositories, while social media has fuelled us to share our photographs, plans, whereabouts, and feelings on a daily basis. This has driven advertisers to utilise detailed and very personal information to target consumers, with vast resources spent collecting such information, all without transparency, policy, or oversight.
Furthermore, the volume of digital threats is increasing; Google saw a 32 per cent increase in the number of website hacks in 2016. Such breaches have enormous ramifications for both businesses and consumers, with investors losing 42 billion from hacking attacks on UK businesses since 2013.
The combination of these factors has powered demand for E2EE. As weve seen with the surge adblocker downloads, an increasing number of consumers are looking to escape the barrage of adverts and stop their personal communication passing through data mines, causing more and more people to turn to E2EE.
However, the most notable demand for strong encryption has stemmed from businesses, which until recently have lacked a user-friendly E2EE business communications tool. Companies have therefore been forced to rely on tools which lack a rich user experience and functionalities that are vital for business communications. Alternatively, they have had to use non-E2EE solutions such as Slack and Skype for Business that use transport layer security protocol that has been the subject of a number of high profile attacks.
As these breaches demonstrate, not using an E2EE tool leaves businesses chats, files and calls at the risk of being exploited by hackers who can compromise the servers and get hold of these details, as well as open to access by service providers.
At Wire, weve seen three distinctive drivers for E2EE from businesses:
The need to protect customer data (healthcare companies, businesses in the legal and financial sectors, tax advisors and private banking) The need to protect intellectual property amidst fears of growing industrial espionage, in particular with companies from the pharmaceutical, automotive and industrial sectors The need to protect their internal communications (government institutions and M&A departments of large corporations, etc.), and communication with customers, the real people
These drivers have fuelled a change in the communications landscape, and prompted us to launch a dedicated E2EE business platform.
The spate of high profile hacks during the past few years has shown the enormous damage a breach can do to a business customers, reputation and revenue; Oxford Economics found that companies share prices fall by an average of 1.8 per cent on a permanent basis following a severe breach where large amounts of sensitive information is lost. While this percentage may seem low, for FTSE 100 companies this would equate to an average of 120 million.
In addition, E2EE will be a vital tool for companies next year when the newGeneral Data Protection Regulation(GDPR) comes into force in May 2018. This will require companies to enforce greater levels of protection on their customer data, and securing communications channels is a vital part of this process.
Breaching GDPR could lead to fines of up to 20 million euros or 4 per cent of the annual global turnover, whichever is greater, demonstrating the importance of adhering to the regulations.
Digital Minister Matt Hancock also recently announced that firms could face steep fines of up to 17 million, or 4 per cent of global turnover, should they fail to protect themselves from cyber-attacks. In spite of Rudds comments regarding encryption, should businesses opt to communicate through non-secure channels, they could be perceived as not protecting themselves from breaches, and thus potentially at risk from fines.
As these use cases demonstrate, contrary to Rudds statement, real people and businesses not only want the high level of security offered by E2EE, they need it, and are demanding it, and these demands will only increase as technology advances. For example, were likely to soon witness a need for E2EE for the Internet of Things, and for the management of self-driving cars.
Fortunately some governmental institutions recognise the need to embrace E2EE. In June the EU Parliamentary Commission on Civil Liberties, Justice and Home Affairs highlighted the need for safe and secure communication, and recommended a ban on any attempt to weaken E2EE by any member state.
This proposal would forbid the use of so-called backdoors that allow the reading of encrypted messages, and places the EU in conflict with the UK government, with Rudd previously expressing the belief that technology companies should provide authorities with access to encrypted messages.
However, despite insistence by Rudd that such a backdoor would enable the UK to keep its citizens safe from some threats, it exposes them to a wealth of others. Building in a backdoor for the authorities would invalidate the encryption, and leave it wide open to exploitation from anyone.
Against a backdrop of growing digital threats, E2EE has become more important than ever, and its benefits should not be ignored. Instead of looking to remove encryption, governments, businesses and real people should look to utilise it and unlock the vast amount of benefits it can bring. E2EE is an essential building block of the ecosystem that protects consumers and businesses from privacy invasion and threats, and it is time it was recognised as such.
Alan Duric, Co-Founder, CEO, WireImage Credit: Yuri Samoilov / Flickr
- Which Types of Encryption are Most Secure? - February 7th, 2019
- JSON Object Signing and Encryption (JOSE) - February 4th, 2019
- What Is Encryption, and How Does It Work? - January 26th, 2019
- The Pitfalls of Facebook Merging Messenger, Instagram, and ... - January 26th, 2019
- Encryption: Avoiding the Pitfalls That Can Lead to Breaches - January 14th, 2019
- Encryption | Information Technology Services - December 31st, 2018
- Encryption - Investopedia - December 16th, 2018
- How to Protect Data at Rest with Amazon EC2 Instance Store ... - December 9th, 2018
- Next Generation Encryption - blogs.cisco.com - December 4th, 2018
- 3 Different Data Encryption Methods - DataShield blog - November 22nd, 2018
- Security and encryption | Documentation | Turtl - November 18th, 2018
- Encryption | General Data Protection Regulation (GDPR) - November 16th, 2018
- Using Encryption and Authentication Correctly (for PHP ... - November 13th, 2018
- Encryption | SANS Security Awareness - November 9th, 2018
- Types of Encryption | Office of Information Technology - November 5th, 2018
- Use Your own Encryption Keys with S3s Server-Side ... - October 29th, 2018
- What is Tokenization vs Encryption - Benefits & Uses Cases ... - October 12th, 2018
- Device Encryption | it.ucsf.edu - October 12th, 2018
- 5 Common Encryption Algorithms and the Unbreakables of the Future - September 15th, 2018
- Top 5 best encryption software tools of 2018 | TechRadar - August 26th, 2018
- New EBS Encryption for Additional Data Protection | AWS ... - August 22nd, 2018
- Best Encryption Software 2018 - Encrypt Files on Windows PCs - August 20th, 2018
- Download BestCrypt Volume Encryption 3.78.05 / 4.01.09 Beta - July 26th, 2018
- End-to-end encryption - Wikipedia - July 24th, 2018
- Download Symantec Encryption Desktop 10.4.0 Build 1100 - July 15th, 2018
- HTTPS - Wikipedia - July 10th, 2018
- AES encryption - June 20th, 2018
- Encrypt email messages - Outlook - June 20th, 2018
- Download Sophos Free Encryption 188.8.131.52 - softpedia.com - June 19th, 2018
- Does Skype use encryption? | Skype Support - June 16th, 2018
- Encryption- Computer & Information Security - Information ... - May 25th, 2018
- Enable BitLocker on USB Flash Drives to Protect Data - May 25th, 2018
- Transparent Data Encryption (TDE) - msdn.microsoft.com - April 12th, 2018
- Encryption Software Market - Global Forecast to 2022 - March 24th, 2018
- What AES Encryption Is And How It's Used To Secure File Transfers - March 24th, 2018
- Encryption vs. Cryptography - What is the Difference? - March 24th, 2018
- Energy-efficient encryption for the internet of things | MIT News - February 16th, 2018
- The Best Encryption Software - TopTenReviews - February 16th, 2018
- File-Based Encryption | Android Open Source Project - February 7th, 2018
- Beyond Encryption | Secure Enterprise email using existing ... - February 1st, 2018
- Azure Search enterprise security: Data encryption and user ... - January 26th, 2018
- Skype finally getting end-to-end encryption | Ars Technica - January 13th, 2018
- FBI chief says phone encryption is a 'major public safety issue' - January 13th, 2018
- Encryption and Export Administration Regulations (EAR) - December 27th, 2017
- Key (cryptography) - Wikipedia - December 21st, 2017
- security - Fundamental difference between Hashing and ... - December 15th, 2017
- What Is Encryption? | Surveillance Self-Defense - December 4th, 2017
- Comodo Disk Encryption Download - softpedia.com - December 1st, 2017
- Encryption - Simple English Wikipedia, the free encyclopedia - November 24th, 2017
- BitLocker Drive Encryption Overview - technet.microsoft.com - November 23rd, 2017
- The Encrypting File System - technet.microsoft.com - November 18th, 2017
- FBI cant break the encryption on Texas shooters smartphone - November 13th, 2017
- DOJ: Strong encryption that we dont have access to is ... - November 13th, 2017
- DOJ Fires Up New War With Apple Over Encryption - November 12th, 2017
- Security Awareness - Encryption | Office of Information ... - October 15th, 2017
- Data Encryption and Decryption (Windows) - October 14th, 2017
- Trumps DOJ tries to rebrand weakened encryption as responsible ... - October 11th, 2017
- How to encrypt (almost) anything | PCWorld - September 22nd, 2017
- Private Internet Access | VPN Encryption - September 21st, 2017
- Encryption Substitutes | Privacy | Encryption - September 21st, 2017
- Data Encryption: Hardware & Software Security: Online ... - September 21st, 2017
- How To Enable BitLocker Drive Encryption In Windows 10? - September 21st, 2017
- PGP Encryption Tool - iGolder - September 21st, 2017
- encryption - How to encrypt String in Java - Stack Overflow - September 21st, 2017
- Encryption Software Market, Size, Trends and Forecast 2020 - September 21st, 2017
- Encryption Definition - Tech Terms - September 20th, 2017
- Why You Should Be Encrypting Your Devices and How to Easily Do It - Gizmodo - September 6th, 2017
- Black Hats, White Hats, and Hard Hats The Need for Encryption in Mining and Resources - Australian Mining - September 6th, 2017
- How can enterprises secure encrypted traffic from cloud applications? - TechTarget - September 6th, 2017
- Encryption Explained - Arizona Daily Wildcat - September 6th, 2017
- News in brief: Call to link encryption to ID; Facebook maps everyone ... - Naked Security - September 2nd, 2017
- 'Independent' gov law reviewer wants users preemptively identified before they're 'allowed' to use encryption - The Register - September 2nd, 2017
- High-Dimensional Quantum Encryption Performed in Real-World ... - Futurism - September 2nd, 2017
- It's Time to Replace Your Encryption-Key Spreadsheet - Data Center Knowledge - September 2nd, 2017
- Legislation to limit smartphone encryption 'may be necessary,' deputy AG Rosenstein says - Washington Times - August 31st, 2017
- Cloud Encryption Market by Component, Service Model, Organization Size, Vertical And Region - Global Forecast to ... - Markets Insider - August 31st, 2017
- Cipher Suites: Ciphers, Algorithms and Negotiating Security Settings - Hashed Out by The SSL Store (registration) (blog) - August 31st, 2017
- Encryption in Office 365 - Office 365 - August 29th, 2017
- Need-to-Know Only: Use Encryption to Make Data Meaningless to ... - Security Intelligence (blog) - August 29th, 2017
- Four strategies to prevent data encryption from hijacking your network - Digital News Asia - August 29th, 2017