With Senior Trump administration officials meeting to discuss banning end-to-end encryption, history has begun to repeat itself. Pretty Good Privacy (PGP) was created in the early 1990s to prevent government agencies from having the ability to read encrypted information, however, it did meet a lot of resistance.
The creation of Pretty Good Privacy (PGP) sparked a criminal investigation in 1991 by the US Government due to the size of the keys being larger than 40 bits. Data Encryption Standard (DES) with 40 bits was used and approved by the US Government but was starting to show its age. The US Government did not want admit that DES was weak and continued to support it due to their ability to use it to spy on individuals and nation states that weren’t aware of its weakness.
At the time, PGP was using keys of 128bits which was against the allowed key length under the United States munitions export control act. The Electronic Frontier Foundation took over the legal case and challenged the government by stating that by weakening encryption, attackers would eventually be able to crack the encryption. In 1996, the Clinton administration signed Executive order 13026 which transferred the commercial encryption from the Munition List to the Commerce Control List. In doing so, the restrictions on exporting encryption and cryptography were relaxed.
This brings us to today, where organizations like Google, Apple, Facebook use end-to-end encryption to protect all of their user information leaving governments in the dark. These organizations protect their encryption keys using the most secure controls available due to the risk of complete compromise of all data if the encryption keys were disclosed or stolen. If encryption keys are provided to government agencies, how could an organization trust that the data they depend on to run their business is being protected adequately by governments? If end-to-end was completely banned, where governments did not require the encryption keys, attackers would then have an extremely easy time obtaining users sensitive data as well.
According to politico.com, the Department of Justice and the Federal Bureau of Investigation argue that “catching criminals and terrorists should be the top priority, even if watered-down encryption creates hacking risks.” The roadblocks due to criminals having encrypted messages and devices vastly outweigh the other risks to them which should raise red flags for organizations and any users of the internet.
The US government continues to explore the possibility of banning end-to-end encryption and while it has been met with intense backlash in the past, it may not in the future. Laws and administrations will inevitably change, however, the security of your data should not.
October 24 - Blog
Packetlabs is thrilled to have been a part of SecTor 2024. Learn more about our top takeaway's from this year's Black Hat event.
September 27 - Blog
InfoStealer malware plays a key role in many cyber attacks, enabling extortion and lateral movement via stolen credentials. Learn the fundamentals about InfoStealers in this article.
September 26 - Blog
Blackwood APT uses AiTM attacks that are set to target software updates. Is your organization prepared? Learn more in today's blog.
© 2024 Packetlabs. All rights reserved.