The Democratization of Encryption

Risk Group Founder, Jayshree Pandya Ph. D discusses “The Democratization of Encryption” with Michael Frey (Co-Founder/CEO FACT Encryption) and Michael Goldstein (Co-Founder/President of FACT-Encryption) from Germany. Introduction The digital global age has brought nations the democratization of encryption.  Each nation: its government, industries, organizations, and academia (NGIOA) now face a situation where almost everyone has access to advanced encryption in their electronics-watches, phones, ipads, laptops and more. What does this accessibility, affordability and effectiveness of “encryption” mean for nations governance, defense, and security? Encryption is not a new innovation or a phenomenon of a digital global age. Nations: its governments, military, businesses and even individuals have been communicating with unique codes and signs for thousands of years, using basic encryption methods to protect trade secrets, nation secrets, defense secrets, personal secrets and more. Digital Global Age has however promoted and popularized strong encryption and anonymity across nations: its government, industries, organizations, academia and individuals (NGIOA-I). When across nations today, connected computers and digital global age allow each internet user, each individual, each common man an ability to encrypt their most basic transactions and communications, their private and personal data and communication which are undecipherable without accurate keys, it brings complex security challenges to nations governance. At the same time when security breaches seem to be regularly making the news, lack of effective encryption of data at rest and data in motion becomes a cause of concern for nations security. While there are some efforts to demonize strong encryption, it is important to evaluate whether nations should restrict strong encryption and anonymity, which fundamentally facilitates and enable the rights to freedom of opinion and expression to each and every individual across nations in cyberspace and geospace. Encryption Keys Over the years, when common approach of encryption was enforced, the private and prized data of NGIOA-I was largely protected by “keys,” which were transmitted between a sender and receiver. These secret keys were supposedly protected by unproven mathematical assumptions and could be intercepted, infected and made unprotected if a hacker intrudes on those keys during data transmission. The vulnerabilities of the current approach to encryption necessitates the evaluation of the broader technological, privacy and security risks. Challenges While there are complex security challenges associated with the current encryption approaches, “potential backdoors” seem to be the biggest obstacle and challenge facing the privacy and security of industries, organizations, academia and individuals. It is said that, once quantum computers are mainstream, data encrypted using existing key exchange technologies will become even more vulnerable to security risks. It is also believed that the improvements in quantum computing, will likely reverse the security of all current and approved encryption key transfer methods. So, perhaps the current methods for exchanging cryptographic keys seem to be at risk. The current approach to “encryption” is not hundred percent secured for protecting data and information. While it can be applied in a wide variety of ways to protect a wide variety of data types, it is generally applied in layers, with each layer playing an important role. There is also the risk of key theft, which is probably smaller than the risk of losing keys—and therefore losing the data they protect across nations in cyberspace and geospace. This is a critical risk facing nations. In addition, there is also the human error,