Back in August, presidential candidate Jeb Bush came out against encryption. Makes it too hard for law enforcement to figure out what the “evildoers” are up to, he says. I agree that encryption makes it impossible to figure out what the Wall Street executives who are funding every presidential campaign, by the way, are inventing now to ruin the American economy again and take a third trip into looting the 401K and IRA accounts of working Americans.
Maybe those aren’t the evildoers he was thinking of? If he is against encryption, maybe he should make a stand and stop using it himself. What? – you think his email isn’t encrypted? Well, it damn well better be!
When I was in the pager business (remember those?) back in the early 1990s, I took a lot of crap from people who told me that our product was used by hookers and drug dealers and should be banned. Of course it was also used by doctors, firefighters, police, salespeople, and pregnant fathers. Just because someone uses a hammer to kill another, that does not make the hammer a bad thing. A hammer is a tool. Similarly, encryption is a tool. An important tool.
Encryption is basically fancy math. Bush is not the only mathematically challenged candidate running for President. Many other politicians have come out against encryption. Unfortunately this is sort like being against gravity, or sunlight. Encryption is a mathematically based way to keep communications private. It is not a product that is produced exclusively in the United States; encryption developers exist all over the globe.
So any lame-brained plan that would weaken encryption or provide secrets master keys or backdoors would only apply to the U.S. based companies that make encryption possible. Which means everyone, bad guys and good guys, would move their encryption business to an overseas firm not governed by U.S. law. The ONLY thing this will do is destroy an entire industry in the United States. We went through this nonsense in the 1990’s and it is incredible that it has made it’s way back into the national discussion, especially considering the large number of fossils who are in the government and should remember the way it went the last time.
Would this really help law enforcement? Only to the extent that this weakening of one of the most important security protocols would also help the “evildoers” they are trying to catch. A master key or backdoor can be used by anyone who knows how it works. The likelihood that this information would remain secret and not be for sale on the Dark Web in a week is very nearly zero. So if you would support this very dumb idea too, then you are OK having your encrypted Amazon purchase hacked by cyber-criminals.
So the point of my rant? Let’s agree to not vote for any candidate who is so technically obtuse or clueless as to suggest that this is a solution to anything. Encryption is used every time you make a banking transaction or online purchase. This is not just used by bad guys, but is used to keep bad guys out of your business. Weakening encryption is a dangerous idea that needs to be resisted.
- Sophos – Jeb Bush: Encryption makes it too hard to catch evildoers
- Motherboard – Which Presidential Candidate has the Most Secure Website
- FBI Director Against Encryption
- Lawfare: In Defense of Our “Brain Dead Jihad Against Encryption”
- Police vs. Us: The Encryption Chasm
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com