Cybersecurity professionals apprehensive on [US] government access to encrypted data
By Ian Lopez, From Legaltech News
A survey conducted at the 2016 RSA Conference highlights feelings towards government access of encrypted data.
Personal data can be a divisive force, and as exemplified in Apple’s ensuing legal battle with the FBI, many are concerned with the government having unfettered access to such information . A recent survey of security professionals takes these concerns to a new level, with 81 percent of respondents reporting they think it’s “very likely” or “certain” that hackers can take advantage of the government’s capability to access encypted data.
Conducted among nearly 200 security professionals in attendance at the 2016 RSA Conference, the survey looked to capture viewpoints on the government requesting access to encrypted data as well as potentially resulting possibilities.
“The results of the survey are not surprising, given the community surveyed,” Tim Erlin, director of IT risk and security strategist at Tripwire, the cybersecurity company that conducted the survey, told Legaltech News. “Information security professionals watch cybercriminals develop innovative means to compromise systems on a near daily basis. Their familiarity with the capabilities and means of these groups gives them a good understanding of likely outcomes.”
Explaining how cyber criminals could take advantage of government capability to access encrypted data, Erlin said, “Once a capability is created, it’s highly likely to be duplicated or simply stolen. Cybercriminals have just as much, if not more, desire to access encrypted data as law enforcement. They also have resources to spend on writing software. The combination of motive and means points to the eventual duplication and abuse of the requested capabilities.”
Criminals, however, are not the only individuals arousing concerns among those surveyed. A considerable majority (82 percent) of respondents said that they believe it’s “either very likely or certain” that the government would abuse its “right to access encrypted data if technology companies were required to provide it,” a statement from Tripwire said.
“There are numerous incidents of government abuse of access to data that inform the skepticism exhibited by the respondents,” Erlin said. “They draw on big events like the Snowden revelations and small events, such as individual police officers looking up drivers’ license data unnecessarily. Without sufficient transparency and checks against abuse, there’s little reason for this community to trust government agencies with data access.”
Furthermore, 88 percent of respondents said that allowing government access to encrypted data would “reduce security and privacy.” However, over half of respondents, 53 percent, reported that it should be required of companies to give law enforcement encrypted data access if a subpoena or warrant is issued. This, Erlin said, is because security professionals “aren’t aiming to violate the law.”
“Information security professionals spend their time protecting data, and working with law enforcement to do so effectively,” Erlin said. “It’s not surprising that they would generally favor lawful access, but be extremely skeptical about the implementation and implications.”
The future of the privacy of encrypted data is precarious, and what remains unclear is how everyone from law enforcement to the companies storing data will play into the next steps. Erlin said, “If congress were to legislate around the implementation of encryption, that would be a milestone event, but by no means the end of the debate.”
“At the moment, we’re in a kind of arms race where vendors work to make access more difficult and law enforcement works to circumvent the controls in place. This interplay of law and tech could continue for a very long time.”
For more on this story go to: http://www.legaltechnews.com/id=1202751442578/Cybersecurity-Professionals-Apprehensive-on-Government-Access-to-Encrypted-Data-#ixzz42JegZGgk