Encryption: Why It Matters
DATA IS INCREASINGLY CENTRAL to our personal lives, economic prosperity, and security. That data must be kept secure. Just as we lock our homes, restrict access to critical infrastructure, and protect our valuable business property in the physical world, we rely on encryption to keep cybercriminals from our data. Proposals to regulate this crucial form of protection — however well-intended — could weaken our security.
Software continues to spark unprecedented advances that transform the world around us. From life-saving medical breakthroughs, to safer transportation, to enabling global economic transformation, our lives are improving in countless ways through the ubiquity and utility of data powered by software.
Digital security is becoming increasingly important to protect us as we bank, as we shop, and as we communicate. And at the core of that security lies encryption. As our lives increasingly move online, everyone should be doing more to improve the digital security of data, not less. Our digital world is constantly under attack by cybercriminals:
Data breaches exposed at least 423 million identities in 2015 — increasing by more than 20 percent in just a single year.
Americans worry about hacking — of their credit card information, phones and computers — more than any other crime. And for good reason: nearly half of American adults have been hacked.
Encryption In Our Daily Lives
ENCRYPTION IS A PART of almost every service or device we use to live our lives online. Every day, often without us even being aware of it, encryption keeps our personal data private and secure. Encryption is a vault that secures our personal information that is held by businesses and government agencies. It is a lock that prevents identity thieves from stealing our information when we log on to our bank accounts. It is an extra layer of security to safeguard our critical infrastructures. And it is a secure envelope that keeps hackers from reading our personal communications. Encryption is all of these things and more:
Use of encryption continues to rise, with more than onethird of businesses in one recent survey reporting that their organization uses encryption extensively.
Use of encryption is steadily shifting to a strategic activity, with organizations moving to an enterprise-wide encryption strategy.
Government rules — around patient data, financial transactions, and consumer information — frequently require companies to encrypt the data they hold.
Securing the data at the heart of our modern economy is a never-ending effort tied to multiple, interconnected parties. This involves not just the software companies that create products and services but the consumers who rely on those products and services to power their daily lives, the companies that encrypt human resources, sales, or other data, and even the law enforcement officials who investigate crimes. With so many interests at stake, it is vital that discussions about the future of encryption involve all perspectives.
- BSA | The Software Alliance Letter to the President
- BSA | The Software Alliance Amicus Brief in Support of Apple in the San Bernardino iPhone Case
- Why Encryption Matters
- Encryption Primer
- BSA TechPost: Encryption: Securing Our Data, Securing Our Lives
- Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications, Massachusetts Institute of Technology, Computer Science and Artificial Intelligence Laboratory
- Don’t Panic. Making Progress on the “Going Dark” Debate, Harvard University, The Berkman Center for Internet & Society
- The Ground Truth About Encryption and the Consequences of Extraordinary Access, The Chertoff Group
- Going Dark, Going Forward. A Primer on the Encryption Debate, House Committee on Homeland Security - Majority Staff Report
What the Experts Say
Swipe left or right to read quotes.
I am deeply worried about the magical thinking that I think is taking place among some in law enforcement that back doors can be created, that devices can be hacked into in a good way but not in a bad way.Julie Brill, former Commissioner, Federal Trade Commission
The Wrap’s Power Women Breakfast, March 2016
[E]ncryption is a necessary part of data security, and strong encryption is a good thing.Ash Carter, Secretary, Department of Defense
“Securing the Oceans, the Internet, and Space: Protecting the Domains that Drive Prosperity,” March 2016
[W]e still need encryption and with the challenges we face on cybersecurity, encryption remains even more essential to protecting safety and commerce online.Alan Davidson, Director for Digital Economy, U.S. Department of Commerce
Access’ Crypto Summit, July 2015
As a person charged with thinking about consumer protection, I deeply worry about things like mandatory backdoors and exceptional-access systems in consumer-facing products ... It has the consequence of potentially making consumer data less secure.Terrell McSweeny, Commissioner, Federal Trade Commission
State of the Net conference, January 2016
Now, more than ever, strong security and end-user controls are critical to protect personal information ... If consumers cannot trust the security of their devices, we could end up stymieing innovation and introducing needless risk into our personal security. In this environment, policy makers should carefully weigh the potential impact of any proposals that may weaken privacy and security protections for consumers.Terrell McSweeny, Commissioner, Federal Trade Commission
“Worried About Your Data Security? How Encryption Can Help Protect Your Personal Information,” September 2015
Specifically, companies should: (1) conduct a privacy or security risk assessment as part of the design process; (2) test security measures before products launch; (3) use smart defaults – such as requiring consumers to change default passwords in the set-up process; (4) consider encryption, particularly for the storage and transmission of sensitive information, such as health data; and (5) monitor products throughout their life cycle and, to the extent possible, patch known vulnerabilities.Edith Ramirez, Chairwoman, Federal Trade Commission
“Privacy and the IoT: Navigating Policy Issues,” International Consumer Electronics Show, January 2015
Strong encryption makes us safe.Jessica Rosenworcel, Commissioner, Federal Communications Commission
The Wrap’s Power Women Breakfast, March 2016
Encryption is foundational to the future. So spending time arguing about ‘encryption is bad and we ought do away with it’ — that is a waste of time to me. Encryption is foundational to the future.Admiral Michael S. Rogers, Commander of US Cyber Command and Director of the National Security Agency
US Cybercom and the NSA, Atlantic Council, January 2016
I know encryption represents a particular challenge for the FBI. But on balance, I actually think it creates greater security for the American nation than the alternative: a backdoor.General Michael Hayden, former NSA and CIA Director
Cybersecurity conference, January 2016
… Jim Clapper, who is our director of National intelligence, has in his worldwide threat briefing told Congress the single greatest threat to the United States now is the cyber threat. Why would you weaken your defenses against the cyberthreat? Even in the name of absolutely legitimate requirements over here with regard to fighting crime, or fighting terrorism.General Michael Hayden, former NSA and CIA Director
OnPoint, NPR/WBUR, March 2016
Much of GCHQ‘s work is on cyber security, and given the industrial-scale theft of intellectual property from our companies and universities, I’m acutely aware of the importance of promoting strong protections in general, and strong encryption in particular. The stakes are high and they are not all about counter terrorism.Robert Hannigan, Director, GCHQ, UK
“Front doors and strong locks: encryption, privacy and intelligence gathering in the digital era,” MIT, March 2007
Even if the intention [to empower the police] is laudable, it also opens the door to the players who have less laudable intentions, not to mention the potential for economic damage to the credibility of companies planning these flaws. You are right to fuel the debate, but this is not the right solution according to the Government's opinion.Axelle Lemaire, Digital Affairs Minister, France
Remarks rejecting an encryption amendment to France’s Digital law, January 2016
The new rules should also clearly allow users to use end-to-end encryption (without 'backdoors') to protect their electronic communications ... Decryption, reverse engineering or monitoring of communications protected by encryption should be prohibited. In addition, the use of end-to-end encryption should also be encouraged and when necessary, mandated, in accordance with the principle of data protection by design…Giovanni Buttarelli, European Data Protection Supervisor (EDPS)
Preliminary EDPS Opinion on the Review of the ePrivacy Directive (2002/58/EC)