In contrast to UK/US officials

Leaked US report says encryption “best defense” to protect data

A newly leaked document courtesy of Edward Snowden revealed that some U.S. officials are encouraging the use of encryption as a means to protect data, which contrasts with British Prime Minister David Cameron’s recent statements against encrypted communications, according to a report by The Guardian.

The 2009 document penned by the U.S. National Intelligence Council, which supports the U.S. Director of National Intelligence and acts as the middleman between the intelligence and policy communities, explained that companies and the government are prone to attacks by nation-states and criminal syndicates “due to the slower than expected adoption…of encryption and other technologies.”

The report detailed a five-year prognosis on the “global cyber threat to the US information infrastructure” and stated that encryption technology is the “[b]est defense to protect data.” Encryption makes it possible for documents and messages to be unreadable to people who don’t have the appropriate cryptographic key.

The authors of the document also encouraged the use of multi-factor authentication, which adds another step to the security process beyond simply entering a password; [company]Microsoft[/company] added this feature to its Azure cloud in 2013.

British Prime Minister David Cameron has made it clear that he does not support encryption in the case that the technology could hamper government or law enforcement investigations, and he’s reportedly set to egg on President Barack Obama to support his cause.

Both Attorney General Eric Holder and FBI Director James Comey have also been vocal against aspects of encryption technology that they feel lets criminals conceal their nefarious activities.

Encryption is no doubt a hot topic in the security space with the recent Sony hacking and the subsequent leaking of countless corporate documents taking a toll on the entertainment company.

Companies have been pushing for better encryption technology to secure what they deem are confidential files, and there’s been a wave of security startups focussing on encryption scoring millions of dollars in investment in recent months.

Veradocs and CipherCloud landed $14 million and $50 million respectively in November and Ionic Security just brought in $40.1 million this week.

Despite political push back, it’s clear that companies won’t slow down on implementing encryption any time soon, so long as large-scale data breaches continue to occur on a seemingly weekly basis.

4 Responses to “Leaked US report says encryption “best defense” to protect data”

    • navigator

      Here is a link to the EFF about the Berstein v. DoJ case, which is the basis for the Ninth Cirucuit ruling in 1999 that cryptography is protected by the right to free speech under the First Amendment. I should dig a little deeper as I did mention the US Supreme Court, which would have heard the case, if the DoJ appealed the Ninth Circuit’s ruling. Steven Levy wrote a very interesting book about this in 2001 titled Crypto.

    • navigator

      Here is something, presumably from D.J. Bernstein, commenting in a summary fashion on his case in Bernstein v. United States. The following is a quote from this link. It would appear that the US Supreme Court did not hear this particular case on appeal by the government.

      I sued the government in February 1995 in a federal trial court, the District Court for the Northern District of California, challenging the constitutionality of ITAR.
      The District Court denied the government’s initial motion to dismiss, and then held in December 1996 that ITAR was unconstitutional.

      The government shifted cryptography censorship from ITAR to EAR. The District Court held in August 1997 that EAR was unconstitutional, and issued an injunction against the government.

      The government appealed the decision to the Ninth Circuit Court of Appeals; the injunction was stayed. A three-judge appellate panel affirmed the District Court in May 1999.

      The government asked for en-banc review (11 judges instead of 3); the panel decision was withdrawn. Before en-banc review could happen, the government added a big exception to the regulations, and the case was sent back to the District Court.

      Cross-motions for summary judgment were filed on 29 April 2002. 20-page responses were filed on 2 August 2002. Final 15-page replies were filed on 3 September 2002. A joint statement of facts was filed on 16 September 2002.

      At oral argument on 18 October 2002, the government backed away from its regulations. The District Court subsequently dismissed the case on ripeness grounds.

  1. navigator

    Well, considering the legal and political struggle to allow ordinary citizens to use encryption, it is not surprising that certain government actors are still arguing against our using it to protect our information and our communication. Back in the day encryption technology was regarded as a government controlled technology. It was the US Supreme Court that finally ruled that citizens had the right to use encryption. Every since then agencies like NSA have sought to weaken the encryption “standards” being developed by NIST and others. And thanks to Mr. Snowden, citizens and public providers of computing services have been alteted to the importance of using encryption to secure their information and communication networks from those in government who believe it is their right to spy on us.