Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

<b><i>Online Extra:</b></i> Cybersecurity Professionals Apprehensive on Government Access to Encrypted Data

By Ian Lopez
March 31, 2016

Personal data can be a divisive force, and as exemplified in Apple's ensuing legal battle with the FBI, many are concerned with the government having unfettered access to such information. A recent survey of security professionals takes these concerns to a new level, with 81% of respondents reporting they think it's 'very likely' or 'certain' that hackers can take advantage of the government's capability to access encypted data.

Conducted among nearly 200 security professionals in attendance at the 2016 RSA Conference, the survey looked to capture viewpoints on the government requesting access to encrypted data as well as potentially resulting possibilities.

'The results of the survey are not surprising, given the community surveyed,' Tim Erlin, director of IT risk and security strategist at Tripwire, the cybersecurity company that conducted the survey, told our ALM sibling Legaltech News. 'Information security professionals watch cybercriminals develop innovative means to compromise systems on a near daily basis. Their familiarity with the capabilities and means of these groups gives them a good understanding of likely outcomes.'

Explaining how cyber criminals could take advantage of government capability to access encrypted data, Erlin said, 'Once a capability is created, it's highly likely to be duplicated or simply stolen. Cybercriminals have just as much, if not more, desire to access encrypted data as law enforcement. They also have resources to spend on writing software. The combination of motive and means points to the eventual duplication and abuse of the requested capabilities.'

Criminals, however, are not the only individuals arousing concerns among those surveyed. A considerable majority (82%) of respondents said that they believe it's 'either very likely or certain' that the government would abuse its 'right to access encrypted data if technology companies were required to provide it,' a statement from Tripwire said.

'There are numerous incidents of government abuse of access to data that inform the skepticism exhibited by the respondents,' Erlin said. 'They draw on big events like the Snowden revelations and small events, such as individual police officers looking up drivers' license data unnecessarily. Without sufficient transparency and checks against abuse, there's little reason for this community to trust government agencies with data access.'

Furthermore, 88% of respondents said that allowing government access to encrypted data would 'reduce security and privacy.' However, over half of respondents, 53%, reported that it should be required of companies to give law enforcement encrypted data access if a subpoena or warrant is issued. This, Erlin said, is because security professionals 'aren't aiming to violate the law.'

'Information security professionals spend their time protecting data, and working with law enforcement to do so effectively,' Erlin said. 'It's not surprising that they would generally favor lawful access, but be extremely skeptical about the implementation and implications.'

The future of the privacy of encrypted data is precarious, and what remains unclear is how everyone from law enforcement to the companies storing data will play into the next steps. Erlin said, 'If congress were to legislate around the implementation of encryption, 'that would be a milestone event, but by no means the end of the debate.'

'At the moment, we're in a kind of arms race where vendors work to make access more difficult and law enforcement works to circumvent the controls in place. This interplay of law and tech could continue for a very long time.'

'–'Ian Lopez, Legaltech News

'

Read These Next
COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

How Secure Is the AI System Your Law Firm Is Using? Image

What Law Firms Need to Know Before Trusting AI Systems with Confidential Information In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.