In the wake of the recent Paris terrorist attack, the EU and U.S governments haven taken a harsher stance on encryption. G7, a group of central bankers and governors of major economies, plan to tighten regulations on fin tech companies, which use cryptocurrencies such as Bitcoin. The office of Manhattan DA even went as far as to write a white paper asking to remove encryption from smartphones and any other devices that store data.
The white paper has some contradictions. The report asks to:
Encourage an open discussion with technology companies, privacy advocates, and lawmakers;
further down the white paper proposes:
The federal legislation would provide in substance that any smartphone manufactured, leased, or sold in the U.S. must be able to be unlocked, or its data accessed, by the operating system designer.
If that doesn’t constitute a backdoor, I do not know what does.
Surprisingly, Paris police found an unencrypted, unlocked phone with the text message: “Let’s go, we’re starting”. Whether or not EU’s government stance on Encryption and cryptocurrency stance will change is hard to predict. According to coincenter, we do know that earlier this month before the Paris attack, digital currencies ranked lowest on a table measuring national risk assessment on money laundering.
Scapegoating Encryption might be an easy move for the government, however, it will not help with the fight against terrorism as bad actors will find other means of communication. Believe it or not, encryption can help to protect governments as well; public key cryptography can help secure communications between government officials about top secret missions. Last month, CNN reports that the CIA director’s email was allegedly hacked, luckily no classified information was leaked. This goes to show that if government officials get in the habit of encrypting their communication, an email hack would be rendered useless as no sensitive data can be found.
As technology advances and more frameworks and plugins are launched, hackers will find new bugs to exploit and will continue stealing valuable customer data. If a database is encrypted, even if the hacker gains access to it, the data proves useless. Currently, the most common use of encryption is by companies which run a web server containing user account information. It is common to encrypt user’s passwords in the unlikely case that the database is hacked. However, if the ban on encryption ensues and companies are disallowed to encrypt customer data, a single database leak can compromise many users’ accounts. It is common for the average joe to reuse passwords on different online accounts. As a result, storing users’ passwords unencrypted can lead to an increase in identity theft and credit card fraud cases.
In the event that the government decides to allow hashing algorithms to store customer data, but only proposes a ban on public key cryptography (the type of encryption used to encrypt communication channels), criminals would begin exploiting the backdoors provided in current forms of corporate “encryption”. Some hoped for a compromise which would allow encryption, but with an exclusive backdoor access for the government. In other words, users would register their encryption keys with the government and then be allowed to use those keys. The encryption keys would be stored in government key-recovery centers, which would allow backdoor access to the passwords. The issue with that proposal is that the key-recovery systems would be centralized entities, which is a flaw in of its own. A disgruntled government employee with access to the key-recovery center could potentially compromise a massive amount of user’s accounts. Furthermore, criminals would try to exploit those key recovery centers and, if successful, would be able to decrypt millions of account from all types of corporations.
How do you think government should or should not regulate encryption? If you liked this article follow us on twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.
No Responses