Business Today

A path forward from the encryption debate

Every second, 12 adults become victims of cybercrime - that is more than one million cybercrime victims each day, costing the global economy approximately $400 billion a year.

Victoria A. Espinel | May 8, 2017 | Updated 15:31 IST
A path forward from the encryption debate

Every second, 12 adults become victims of cybercrime - that is more than one million cybercrime victims each day, costing the global economy approximately $400 billion a year.

With 28 per cent of the Indian population having access to the Internet today (as per a Telecom Regulatory Authority of India or TRAI press release dated December 30, 2016), the implementation of policy initiatives such as Digital India signals a rapid change in the Internet landscape. The increasing deployment of digital products and services will transform the face of the Indian economy.

According to a report by the National Association of Software and Services Companies (NASSCOM) titled The Future of Internet in India, the country will have 730 million Internet users and 175 million online shoppers in 2020. While 50 per cent of all transactions will happen online, 60 per cent of the adult Indian population will use one or more forms of financial services in their daily life for purchases or accessing subsidies and services.

As technology becomes an integral part of daily living, governments, businesses and individuals increasingly require the mechanism to protect electronic data from external parties. The widespread commercial availability of encryption has now made it possible to secure sensitive and valuable information.

Although its role is often overlooked, encryption empowers us to manage the most important, intimate and sensitive information in our lives in a digital format while making sure we can control what happens with it - even if a device is lost or stolen. Encryption does not just protect our privacy; it is also used to improve security, ensure identity and protect anonymity. The BSA urges governments to avoid measures that call for weakened encryption, design mandates and backdoors because these measures will have an adverse effect on privacy and security.

We have to get this right. Consumers increasingly expect their data to be secure and the software industry has been quick to take heed of their concerns. As interactions between governments, businesses and individuals continue to move online, protection against cyberattacks has become essential to keep increasingly sophisticated hackers and cyberthreats at bay. Cybersecurity is a cornerstone of our connected societies. It safeguards everything from global transportation and financial systems to manufacturing and agriculture, to our power grids and clean water supply.

Because encryption protects us in so many ways, it is important that technology policies around the world do not mandate built-in flaws that will undermine its effectiveness. Weakening encryption by requiring companies to intentionally undermine the integrity and the security of their products and services will eventually lead to less security for our society as a whole. Compromised encryption may help law enforcement investigate specific crimes, but it can also make the Internet and our lives much less secure. There is no way to weaken encryption only for law enforcement. Mandated weak encryption lowers our defences in every sector that is touched by software. And today, every sector is touched by software.

Regrettably, the current encryption debate in countries around the world is often perceived as a zero-sum game. It does not have to be. The first step towards a productive dialogue is to find common ground: Law enforcement officials need to have the best tools available to them to detect, investigate and prosecute crimes and to fight terrorism. But policymakers must also acknowledge that backdoors, key escrow proposals and other limitations on encryption will make us all less safe in the digital space. On the other hand, technology experts are right about encryption being fundamental to the future of digital security. But they just cannot walk away from questions about how to go after criminals and terrorists who use digital tools and attempt to shield their crimes through encryption.

The right encryption solution will address the needs and responsibilities of all sides. In the spirit of finding and maintaining this balance, the software industry has come up with a set of principles against which any new encryption proposal should be tested.

These principles address the need for governments to protect sensitive information while preventing and prosecuting terrorist and criminal acts; the right of individual citizens to security for their personal information and the responsibility of providers of critical infrastructure and essential services - including water, electricity, transportation, banking and health - to protect their operations from cyberattacks. They also include the need for third-party stewards of sensitive personal data and valuable commercial information to protect the data entrusted to them, and for innovators to have the freedom to develop products and services that improve our daily lives and drive economic growth without government mandates.

Looking at solutions is the next step. We cannot claim to have all the answers. No one can. But we will come up with our part of the puzzle and we hope that others are willing to contribute theirs as well.

We have taken our seat at the table, and we are waiting for others to join us.

Victoria A. Espinel is President and CEO of BSA | The Software Alliance.


  • Print
A    A   A