Edward Snowden Says Encryption is Your Friend - Here's Why

By

“The defense against the dark arts in the digital realm,” Edward Snowden’s emotive description of the benefits of encryption lay at the heart of his talk at the SXSW culture and technology conference in Texas earlier this week.

Back in September, Snowden described encryption as ‘your friend’ in combating surveillance and eavesdropping. It makes sense. If you scramble your data so that it is useless then it doesn’t matter if someone is listening in. Whether that listener is conducting anti-terrorism screening, actually trying to steal your data or comes across your data accidentally because you lost it, you’re safe. Deploying encryption feels like proactive step, you are assuming the worst and minimizing the impact – much better than building a perimeter and hoping for the best. So not surprisingly, many organizations have reassessed and beefed up their approach to encryption, with major internet brands claiming that all of their services and even their back-end systems will be encrypted. I wouldn’t be surprised to hear that Snowden himself uses encryption as a way to keep his files out of the hands of his hosts in Russia – something that he claims to be able to do.

The challenge is that, like most things relating to security, we have a moving target. During his SXSW talk, Snowden called for the use of ‘stronger’ encryption as a way of keeping one step ahead. This might seem strange to those that think of encryption as being black and white, either on or off with no shades of grey, but it’s an important point. 

It’s difficult to spot the difference between good and bad encryption, the end result looks the same, but the level of security that is provided can vary enormously. He’s not calling for the world to invent a new, stronger encryption algorithm, but rather that organizations do a better job of using the proven capabilities that already exist – it’s all about implementation. Those deploying encryption systems face a number of decisions – which algorithms to use, whether to build or buy, what keys lengths to use, which key management policies to define, to name just a few. Weak specification and poor implementation can dramatically reduce the effectiveness of any encryption system. 

Image via Shutterstock.

In this post Snowden era, some of these issues seem basic. Hopefully the use of out-dated algorithms and unproven technologies is behind us but key management remains a thorny topic. Indeed, the key managements systems and people that operate them might well become the next focal point of attack. The trouble with key management is that there are lots of aspects to it. Keys have lifecycles and are vulnerable at each phase of that cycle. One of the phases that hit the press earlier this year was ‘key generation’, the process of creating random numbers that eventually become keys. This is not as easy as it sounds and rumors that some commercial products have intended flaws in this area still persist. The other phases of the lifecycle such as storing keys, delivering keys, replacing keys and destroying keys also present numerous opportunities for keys to fall into the wrong hands, be used for the wrong things or simply get lost. It seems obvious but it’s true, encryption is just math, whereas key management is about secrets and people – and that’s where the challenges start.

Whether or not we agree with Snowden’s motives or actions, there can be no doubt that his revelations have succeeded in putting encryption on the global stage. The conversation is translating into action for organizations across the world. According to our latest Global Encryption Trends Study, more organizations than ever are taking a strategic approach to encryption, with business unit leaders gaining influence over their company’s use of encryption to define enterprise-level data protection strategies. But when it comes to challenges, key management stands out, being rated with the ‘pain level’ of key management being rated at 9 or 10 on a scale 1 to 10 for severity by nearly 30 percent of respondents.

Edward Snowden might have sparked an international debate about privacy but let’s not forget that he started out as the perpetrator of a good old-fashioned insider attack. It’s ironic that his call for the widespread use of encryption might mean that he has made life harder for those that wish to follow in his footsteps. Although many headlines echo his statement “I would do it again”, the question is: would he be able to? My guess is that the NSA will have been at the front of the queue of organizations heeding his advice to improve their data security. A future Edward Snowden might still be able to steal data, but if it is encrypted there would be no whistle to blow.




Edited by Stefania Viscusi
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Vice President Strategy

SHARE THIS ARTICLE
Related Articles

Lessons Learned from Enterprise Oracle Cloud Migrations

By: Contributing Writer    7/1/2025

Switching to Oracle Cloud can feel daunting. Security risks, unexpected expenses, and performance troubles often turn what seems like an effortless up…

Read More

Protecting Business Assets with Smarter Security Frameworks

By: Contributing Writer    7/1/2025

Protecting your business is more challenging than ever. Cyber threats are increasing every day. Hackers target small and large businesses alike, searc…

Read More

Emerging Trends in Technology and Their Impact on Future Innovations

By: Contributing Writer    7/1/2025

Technology is changing faster than ever. Business owners often struggle to keep up. What's trending today might be outdated tomorrow. Falling behind c…

Read More

Tech Podcast Award Winners Bring Excitement and Enthusiasm to a Range of Important Tech Topics

By: TMCnet Staff    6/18/2025

Tech Podcast Award winners produce engaging, informative, and often entertaining content, bringing valuable insight from industry front lines to the e…

Read More

How Mobile Technology is Driving the Shift to Casino Apps

By: Contributing Writer    6/12/2025

Recent years have seen casino apps completely changing the online casino experience. Thanks to mobile-first technology, apps are becoming the default.…

Read More