Industry leaders and government officials disagree about whether encryption is causing the digital space to “go dark” or makes Internet users safer.
FBI Director James Comey said widespread encryption hinders national security and criminal investigations.
“We should not drift to a place where a wide swath of America is off limits to judicial authority,” Comey said Tuesday at the Symantec Government Symposium in Washington, D.C.
Comey said that security should take precedence over individual privacy in cases where law enforcement needs to be able to decipher sensitive data. When individuals and companies use encryption, corners of the Internet “go dark” and aren’t available to be interpreted by the FBI.
“The shadow is spreading through more and more of the room,” Comey said.
Comey emphasized that law enforcement can access private spaces by obtaining court orders. This creates a balance between individual privacy and security from crime.
“There is no such thing as absolute privacy in America,” Comey said. “Widespread default encryption changes that bargain.”
Nuala O’Connor, president and CEO of the Center for Democracy and Technology, disagreed with Comey.
“He couldn’t be more wrong on encryption,” O’Connor said. “I don’t agree with the argument that we’re ‘going dark.’ ”
O’Connor said it’s actually the “golden age of surveillance, because there are more unencrypted devices in use than ever before. Weak encryption and product defects are not the solution to security.
“What the FBI is asking for is the master key to the building,” O’Conner said.
Jane Holl Lute, director of the Center for Internet Security, believes that privacy and security can coexist if the assumptions about privacy in the digital age change.
“We can limit the ability of the government to intrude in our lives,” Lute offered as the current definition of privacy in the United States. “Security is also about the responsible exercise of power.”
Greg Clark, the CEO of Symantec, said that the increase in encryption has caused more blind spots in security.
“There’s a huge expansion of the problem,” Clark said.
As part of the new Cloud Generation security challenge, Symantec and Blue Coat tackle this issue by managing endpoints and inspecting the encryption for threats.
Encryption can also be turned against companies in cases of ransomware, according to Kevin Haley, director of product management and security response at Symantec. Hackers can disrupt a company’s systems by encrypting its files and forcing them to pay for the encryption key.
Maj. Gen. Sarah Zabel, vice director of the Defense Information Systems Agency, said that one solution to the problems caused by mass encryption is to prioritize the information that needs to be protected and leave alone information that is already widely available.
“Stop trying to protect everything and start focusing on what’s really important,” Zabel said.