Edward Snowden Says Encryption is Your Friend - Here's Why

By Richard Moulds March 14, 2014

“The defense against the dark arts in the digital realm,” Edward Snowden’s emotive description of the benefits of encryption lay at the heart of his talk at the SXSW culture and technology conference in Texas earlier this week.

Back in September, Snowden described encryption as ‘your friend’ in combating surveillance and eavesdropping. It makes sense. If you scramble your data so that it is useless then it doesn’t matter if someone is listening in. Whether that listener is conducting anti-terrorism screening, actually trying to steal your data or comes across your data accidentally because you lost it, you’re safe. Deploying encryption feels like proactive step, you are assuming the worst and minimizing the impact – much better than building a perimeter and hoping for the best. So not surprisingly, many organizations have reassessed and beefed up their approach to encryption, with major internet brands claiming that all of their services and even their back-end systems will be encrypted. I wouldn’t be surprised to hear that Snowden himself uses encryption as a way to keep his files out of the hands of his hosts in Russia – something that he claims to be able to do.

The challenge is that, like most things relating to security, we have a moving target. During his SXSW talk, Snowden called for the use of ‘stronger’ encryption as a way of keeping one step ahead. This might seem strange to those that think of encryption as being black and white, either on or off with no shades of grey, but it’s an important point. 

It’s difficult to spot the difference between good and bad encryption, the end result looks the same, but the level of security that is provided can vary enormously. He’s not calling for the world to invent a new, stronger encryption algorithm, but rather that organizations do a better job of using the proven capabilities that already exist – it’s all about implementation. Those deploying encryption systems face a number of decisions – which algorithms to use, whether to build or buy, what keys lengths to use, which key management policies to define, to name just a few. Weak specification and poor implementation can dramatically reduce the effectiveness of any encryption system. 

Image via Shutterstock.

In this post Snowden era, some of these issues seem basic. Hopefully the use of out-dated algorithms and unproven technologies is behind us but key management remains a thorny topic. Indeed, the key managements systems and people that operate them might well become the next focal point of attack. The trouble with key management is that there are lots of aspects to it. Keys have lifecycles and are vulnerable at each phase of that cycle. One of the phases that hit the press earlier this year was ‘key generation’, the process of creating random numbers that eventually become keys. This is not as easy as it sounds and rumors that some commercial products have intended flaws in this area still persist. The other phases of the lifecycle such as storing keys, delivering keys, replacing keys and destroying keys also present numerous opportunities for keys to fall into the wrong hands, be used for the wrong things or simply get lost. It seems obvious but it’s true, encryption is just math, whereas key management is about secrets and people – and that’s where the challenges start.

Whether or not we agree with Snowden’s motives or actions, there can be no doubt that his revelations have succeeded in putting encryption on the global stage. The conversation is translating into action for organizations across the world. According to our latest Global Encryption Trends Study, more organizations than ever are taking a strategic approach to encryption, with business unit leaders gaining influence over their company’s use of encryption to define enterprise-level data protection strategies. But when it comes to challenges, key management stands out, being rated with the ‘pain level’ of key management being rated at 9 or 10 on a scale 1 to 10 for severity by nearly 30 percent of respondents.

Edward Snowden might have sparked an international debate about privacy but let’s not forget that he started out as the perpetrator of a good old-fashioned insider attack. It’s ironic that his call for the widespread use of encryption might mean that he has made life harder for those that wish to follow in his footsteps. Although many headlines echo his statement “I would do it again”, the question is: would he be able to? My guess is that the NSA will have been at the front of the queue of organizations heeding his advice to improve their data security. A future Edward Snowden might still be able to steal data, but if it is encrypted there would be no whistle to blow.

Edited by Stefania Viscusi

Vice President Strategy

Related Articles

Why Blockchain Could Be a Gamechanger

By: Paula Bernier    1/22/2018

Blockchain has become closely associated with the controversial topic of cryptocurrency. And that's fine because blockchain is an enabling technology …

Read More

Consumer Privacy in the Digital Era: Three Trends to Watch

By: Special Guest    1/18/2018

Digital advertising has exploded in recent years, with the latest eMarketer data forecasting $83 billion in revenue this year and continued growth on …

Read More

CES 2018: Terabit Fiber - Closer Than We Think

By: Doug Mohney    1/17/2018

One of the biggest challenges for 5G and last mile 10 Gig deployments is not raw data speeds, but middle mile and core networks. The wireless industry…

Read More

10 Benefits of Drone-Based Asset Inspections

By: Frank Segarra    1/15/2018

Although a new and emerging technology, (which is still evolving), in early 2018, most companies are not aware of the possible benefits they can achie…

Read More

VR Could Change Entertainment Forever

By: Special Guest    1/11/2018

VR could change everything from how we play video games to how we interact with our friends and family. VR has the power to change how we consume all …

Read More