CTO Insights: Encryption Works – Don’t Break It!

Every now and then, an ill-informed politician will stand before a microphone and say something along the lines of: encryption is helping bad guys (either terrorists, child pornographers, or other similarly acceptable target), because law enforcement can’t see what the bad guys are doing because they’re using sophisticated tools that use encryption. Said politician will urge tech companies to “work with us” to help catch these bad guys.

This constant demand for encryption backdoors is something that no longer surprises me. It comes from a misunderstanding of what encryption is: it’s not some magic piece of code that can do whatever the programmer wants it to do. It’s a tool that is defined by mathematics: in short, it can only do what the math allows it to. And any cryptographer will tell you: there is no such thing as secure backdoored encryption.

I would dearly love to find out the types of people who can convince politicians – and themselves – that such a thing is possible, that it’s possible to weaken security in such a way that only the good guys can crack encryption. After all, governments around the world are masters at keeping confidential information confidential… oh wait.

I’d like to learn, too, the data analytics and logic behind such a proposal. Do we know what kinds of encryption tools terrorists use? Is there a need to cripple legitimate services when it’s clear that terrorist groups have their own tools?

I’m sure some will say that good people have nothing to hide and shouldn’t be worried. But that’s not true, of course – just look at what happens whenever there’s a large data breach. Everyone is worried about their data, as it turns out. “Nothing to hide” couldn’t be further from the truth.

The debate surrounding encryption is so absurd that it would be funny, if it weren’t for the fact that the people proposing encryption backdoors are completely serious and have no idea how damaging their proposals would be.

There are ways to identify bad actors online, whether they be cybercriminals or terrorists. It takes hard work and trained researchers, and we have worked to provide law enforcement agencies all over the world with just those capabilities.

We acknowledge that the job of law enforcement has, perhaps, been made harder by encryption. We cannot allow this concern to completely break encryption, which is what mandatory backdoors would do. Encryption works, and is a fundamental part of data protection today. Don’t break it.