RSA 2016: Weakened encryption compromises national security

Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers

Tech leaders have hit out at government snooping and attempts to break encryption on the first day of RSA Conference 2016.

On the same day that Apple once again came face-to-face with the FBI in a court hearing in LA, down the coast in San Francisco, Amit Yoran, president of RSA, used his opening keynote to criticise governments for allowing intelligence and law enforcement agencies to dominate the security conversation.

"We need governments to enact policies that help, rather than hinder security, providing opportunities for talent development," he told delegates.

Yoran said that the aims and perspectives of such agencies are "radically different" to those of people trying to defend networks, and said policy proposals such as weakening encryption "boggle the mind".

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"In an era when cybersecurity is consistently cited as the single greatest threat to our way of life - above terrorism and all else - how can we possible justify a policy that would catastrophically weaken our infrastructures?" asked Yoran.

"Weakening encryption is solely for the ease and convenience of law enforcement when they are pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened. However, if you weaken our encryption you can sure bet that the bad guys will use that and exploit it against us," he added.

These thoughts were echoed by Brad Smith, general legal counsel at Microsoft, who took to the stage after Yoran for his own keynote.

Smith reflected on not just the big hacks of the past few years but also the terrorist attacks that hit Paris and San Bernardino in late 2015.

"People went to work [the day after these attacks] debating whether this meant new steps needed to be taken for technology, for surveillance, for encryption," said Smith. "We live in a world where every week there is a pendulum and the question is, which way will the pendulum swing on these issues that affect us?"

Smith argued that it was impossible to ensure people's security in real life if their security cannot be ensured online.

Advertisement - Article continues below

"The internet started out two decades ago as something people talked about as a different space - cyberspace, as if it were disconnected from real space and the real world. Well, what we've learnt today is that if people want to shape and impact what happens in the real world, they go to the internet," said Smith.

"This has affected everybody - governments around the world studied the Sony case and they realised that there is no such thing as national security in this decade without cyber security. We've realised that hence we need to keep information secure. One thing is clear above all else - people will not use technology they do not trust and hence trust is the absolute foundation for our entire industry and it needs to remain that way," Smith concluded.

Smith and Yoran's comments also come on the same day Theresa May introduced a new draft of the Investigatory Powers Bill to Parliament. The new text still contains a controversial provision that would oblige companies, including RSA, Microsoft and Apple, to remove encryption at the request of law enforcement agencies.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020
Visit/policy-legislation/general-data-protection-regulation-gdpr/354577/data-protection-fines-hit-ps100m
General Data Protection Regulation (GDPR)

Data protection fines hit £100m during first 18 months of GDPR

20 Jan 2020