Washington’s Encryption Debate

Many of the headlines recently have centered on the VTech breach, and the ongoing investigation into the intrusion that revealed information on more than 5 million accounts, including disturbingly personal data on thousands of kids.  So perhaps a little under the radar might slip the new White House request, in response to a petition that is actually getting acknowledged, for public feedback on the ongoing encryption debate.  As you may know, the U.S. government has for some time been pushing for companies to implement back doors in their devices and software, to allow law enforcement access when they deem it necessary.  FBI director James Comey has repeatedly claimed that the ability for people to “go dark,” via encrypted messages, provides a safe method of communication for criminals and terrorists, and proves a hindrance for investigations.  For its part, the government has been under the impression that it can have it both ways: that strong encryption can be maintained even with the presence of a back door for surveillance access that supposedly only they can use.  That’s not how it works.

Privacy advocates have been fighting back against this initiative, and now this option for comments from the opposition seems to be a small olive branch from the White House (not that it means they will listen).  Still, in light of the recent surge of very public terrorist activity, it will be interesting to see if public opinion on this issue, until now largely against the government’s plan, will be at all changed out of fear.

Whether or not consumers have the final say, however, is yet to be determined.  What is more clearly within their power, on a separate note, is where to conduct their holiday shopping, and, more exactly, who to trust with their business.  I wrote back in February about a survey that reflected consumers’ eroding trust in retailers, including the fact that many said they would even avoid a breached company entirely, to keep their data secure.  A new survey shows a surge in that opinion, from up to 85% of respondents who would take their business elsewhere if a retailer leaked their personal information, allowed their credit card to be compromised, etc.  All the news over the past couple of years about each new data breach has, apparently, left a powerful impression in people’s minds.

For the retailers themselves, the danger of losing customers has never been more serious.  Data security must be a top priority for organizations, with efforts going beyond mere compiance requirements that didn’t stop recent breaches at many retailers.  As attacks have become more complex, companies should be more focused on securing its data at rest, with an emphasis on encryption and access controls.

By: Jonathan Weicher