Encryption: Why It Matters

DATA IS INCREASINGLY CENTRAL to our personal lives, economic prosperity, and security. That data must be kept secure. Just as we lock our homes, restrict access to critical infrastructure, and protect our valuable business property in the physical world, we rely on encryption to keep cybercriminals from our data. Proposals to regulate this crucial form of protection — however well-intended — could weaken our security.

Software continues to spark unprecedented advances that transform the world around us. From life-saving medical breakthroughs, to safer transportation, to enabling global economic transformation, our lives are improving in countless ways through the ubiquity and utility of data powered by software.

Digital security is becoming increasingly important to protect us as we bank, as we shop, and as we communicate. And at the core of that security lies encryption. As our lives increasingly move online, everyone should be doing more to improve the digital security of data, not less. Our digital world is constantly under attack by cybercriminals:

Data breaches exposed at least 423 million identities in 2015 — increasing by more than 20 percent in just a single year.

Americans worry about hacking — of their credit card information, phones and computers — more than any other crime. And for good reason: nearly half of American adults have been hacked.

Encryption In Our Daily Lives

ENCRYPTION IS A PART of almost every service or device we use to live our lives online. Every day, often without us even being aware of it, encryption keeps our personal data private and secure. Encryption is a vault that secures our personal information that is held by businesses and government agencies. It is a lock that prevents identity thieves from stealing our information when we log on to our bank accounts. It is an extra layer of security to safeguard our critical infrastructures. And it is a secure envelope that keeps hackers from reading our personal communications. Encryption is all of these things and more:

Use of encryption continues to rise, with more than one third of businesses in one recent survey reporting that their organization uses encryption extensively.

Use of encryption is steadily shifting to a strategic activity, with organizations moving to an enterprise-wide encryption strategy.

Government rules — around patient data, financial transactions, and consumer information — frequently require companies to encrypt the data they hold.

Securing the data at the heart of our modern economy is a never-ending effort tied to multiple, interconnected parties. This involves not just the software companies that create products and services but the consumers who rely on those products and services to power their daily lives, the companies that encrypt human resources, sales, or other data, and even the law enforcement officials who investigate crimes. With so many interests at stake, it is vital that discussions about the future of encryption involve all perspectives.

Encryption Principles

A Comprehensive Approach to Promoting Global Cybersecurity, Public Safety, Personal Privacy & Prosperity

The current polarized debate on the use of encryption to promote security regrettably assumes that solutions must have winners and losers. We forcefully reject this assumption.

Effectively addressing all legitimate interests requires acknowledging two realities: first, increased reliance on secure information technologies improves our daily lives, advances our economy and individual freedoms; and, second, bad actors will misuse security tools to pursue their illicit aims — from terrorism and violent crime to cyberattacks.

These realities establish two goals, both of which must be achieved:

  1. Criminals and terrorists must be stopped, and
  2. Individuals’ security and privacy to enjoy and lead daily lives in the digital world must be safeguarded.

An enduring solution to the encryption challenge must balance the legitimate rights, needs and responsibilities of:

  • Governments to protect personal and confidential information they hold and to prevent terrorist and criminal acts and prosecute offenders;
  • Individual citizens’ right to secure the privacy of their personal information.
  • Providers of critical infrastructure and essential services— including water, electricity, transportation, banking, and health — to protect their operations from cyberattacks;
  • Third-party stewards of personal data and confidential business information to protect the data entrusted to them;
  • Innovators to develop products and services that improve our daily lives and drive economic growth free of government mandates.

Principles For Action

Moving the encryption debate forward will require many groups to come together to craft solutions. We will evaluate any proposed legislation, regulation or policy on encryption in light of the following principles:

  1. Improving data security: Providers of data services — storing, managing or transmitting personal or business data — must be permitted to use the best available technology to thwart attacks against that data or the entities and individuals who depend on those services.
  2. Enhancing law enforcement and counter-terrorism capabilities: Law enforcement agencies, subject to appropriate privacy and civil liberties safeguards, should have access to the best available resources, information, and tools available to prevent and prosecute terrorist and criminal acts.
  3. Promoting privacy: Individuals have a right to be secure in their public, private and commercial lives and interactions.
  4. Protecting confidential government information: National, state and local agencies should ensure that the data they hold is secure against threats of domestic and foreign intrusion.
  5. Encouraging innovation: Developers and providers of innovative data security tools should be free of government mandates on how to design technology products and tools for digital security.
  6. Defending critical infrastructure: Providers of essential services, such as banking, health, electricity, water and other critical infrastructure providers, should be empowered to provide the best available security technologies to their users. Best practices should be widely shared.
  7. Understanding the global impact: Criminal and terrorist acts are not limited by national borders, and laws and policies must create consistency and clarity in all countries where security technologies are developed and used.
  8. Increasing transparency: There should be full, transparent, and considered public dialogue before any legislative proposal concerning the future of technology mandates or encryption is adopted.

What the Experts Say

Swipe left or right to read quotes.