** ******* or not to encrypt: that is the question!
Last week, WhatsApp announced they were installing end-to-end encryption for their users, by integrating the open-source software TextSecure with WhatsApp’s online messaging application.
This upgrade makes it impossible for anyone who is not the sender or receiver of Whatsapp messages and media to view them, including the company itself. With more than 500 million downloads, IT experts are describing this as turning point for encryption, as the implementation is possibly the largest encryption deployment ever.
By definition, encryption is the process of systematically encoding a bit stream before transmission, so that an unauthorized party cannot decipher it.
Encryption and data privacy have both been in the spotlight for the past few months after the FBI has asked Apple to build a new SIF (System Information File) which circumvents major iPhone security features, in order to get access to the San Bernardino’s mass shooter’s iPhone.
A few days after the FBI request, Apple announced that they weren’t going to comply with the request, because of the potential consequences for their customers’ data security and privacy.
If you want to read more about the FBI-Apple story, it’s worth reading Paul Burns’ blog
The WhatsApp announcement no doubt backs up what Apple’s CEO, Tim Cook, wrote in his public customer letter – that ‘compromising the security of our personal information can ultimately put our personal safety at risk. That is why encryption has become so important to all of us’.
Whatsapp was of course acquired by Facebook last February, but we haven’t yet had a similar announcement from them (or other messaging services).
It’s not that these companies don’t encrypt their users’ messages – they do. Almost all messaging companies encrypt messages between a user’s device and company servers. However, if a company was court ordered to reveal the messages sent via their platform, that is still a possibility.
End to end encryption changes things. It means companies can’t access their user’s messages, even if they were ordered to. They can only be read on the device on which the messages were sent or received.
This offers the user total and complete privacy, but many governments campaign against it given the security threat of sending completely untraceable messages which would be very attractive to criminal organisations.
You may well have heard of the ‘Snooping Charter’ – this is Theresa May’s draft legislation which would require all internet companies to maintain a record of internet browsing activity and mobile phone messaging services for their users for a period of 12 months. It was blocked by Nick Clegg’s Liberal Democrat party in 2013 for being too ‘draconian’, but a more toned down version is expected to be re-introduced.
The question is whether data privacy is an aid to the world’s democratic development and individuals’ rights, or are the means to protect it a barrier? What’s your opinion this?
Coming onto encryption for businesses, what does this all mean?
Data security is critical for businesses – it’s not a ‘nice to have’. Every day, many attempts are made by hackers who are actively trying to steal company data. It’s because the potential rewards of a successful data breach are massive.
Hence, you will find that more encryption options are available for businesses to meet their various requirements – from Secure PDF eXchange (SPX) email encryption, to device encryption or cloud encryption.
Furthermore, data security and encryption are becoming a requirement to comply with legislations. For example, the EU has proposed new Data Protection Regulation for organisations that hold data on European citizens.
The new proposed legislation aims to push businesses toward increasing their cyber-security measures. In the legislation, encryption is agreed to be the best security measure available when it comes to protecting data against theft.
Here’s our Chief Technology Officer Paul Burns and our Chief Operating Officer Steve Cox talking to Hazel Burton about encryption, and protecting the data stored on your business devices – there’s some really useful advice in here: