On the surface, more robust and widely implemented encryption seems like the sort of idea that would gain widespread acceptance. Better privacy and more secure data transfers would surely be welcomed by businesses, consumers and governments alike, right? However, although the benefits of encryption are not being disputed, governments from around the world are becoming increasingly concerned that these benefits could be used for nefarious ends, particularly when it comes to matters of national security.
[easy-tweet tweet=”How are encryption and privacy being received in the #cloud industry at present?” user=”zsahLTD” hashtags=”infosec”]
The UK and US are two of the most high-profile national governments calling for a ban on end-to-end encryption, instead requesting backdoors that will enable communications to be monitored. Citing the use of encrypted messages by terrorists and other criminals, the governments argue that widespread encryption poses a serious security threat.
In the wake of the Charlie Hebdo shootings early last year, UK Prime Minister David Cameron made his thoughts on encryption clear:
“Do we want to allow a means of communication between two people which even in extremis with a signed warrant from the home secretary personally that we cannot read? My answer to that question is no, we must not. The first duty of any government is to keep our country and our people safe.”
Comments such as this from Cameron have led some to argue that the encryption ban is just another example of the state exploiting fears to constrain civil liberties, particularly given that expert opinion cites it as being impractical and largely ineffective at preventing criminal activity. Still, the battle between privacy and security is set to continue, with businesses across a broad spectrum of industries likely to be effected.
the battle between privacy and security is set to continue
What this means for MSPs
Managed service providers will also be keeping a watchful eye on developments to encryption, not only in the UK and US, but all over the world. Because cloud computing enables the remote delivery of IT resources, the legal requirements faced by MSPs can sometimes become overly complicated. Although a business may be based in a country where encryption is legal, if the MSPs that it is using is based in a country where encryption is banned, then company data could become susceptible to surveillance programmes. For managed service providers that specialise in encryption support, their very existence is being threatened by anti-encryption legislation.
[easy-tweet tweet=”For MSPs specialising in #encryption support, their very existence is threatened by anti-encryption legislation”]
In the wake of the Snowden revelations, a number of technology firms such as Apple, Google and a multitude of MSPs have gravitated towards encrypted communications, but not only in response to government surveillance. End-to-end encryption also helps alleviate security fears by ensuring that even if data is intercepted it is useless to anyone but the intended recipient. Plans to introduce encryption backdoors, therefore, have potentially serious consequences for managed service providers. These backdoors, although intended for government use, will become targets for cybercriminals. Instead of offering protection, an encryption ban would introduce vulnerabilities into MSPs and other businesses that put sensitive data at risk.
Whether or not an encryption ban is introduced in the UK, US or elsewhere, recent controversy has certainly reignited the privacy-security debate. With no way to satisfy everyone, MSPs, businesses and governments are left to constantly reassess how much privacy must be sacrificed in order to remain safe.