Tech Policy Daily’s Gus Hurwitz has a post up today arguing that encryption is a distraction from true security. It’s an interesting read, but thoroughly misguided. Hurwitz suggests that the focus in tech should not be on encryption, but rather on the security of the systems. His argument boiled down:
Most cybersecurity incidents do not involve breaking encryption. Nor would they be prevented by stronger or more pervasive encryption. Consider recent incidents in the news: Yahoo!’s loss of data from 500 million user accounts, the unprecedented DDOS attack on security researcher Brian Krebs’s web site, and attacks on voting machines. These are the sort of incidents that are happening with alarming frequency; they are the sort of incidents that have the greatest potential to have tangible harmful effect; and they are the sort of incidents that all users are concerned about. …
Better or stronger encryption does little, if anything, to prevent these sorts of attacks. A more productive use of resources is to focus on better design and testing – ensuring that users securely use systems, designing security mechanisms that they won’t bypass, and designing systems that can continue to operate securely operate under compromised conditions.
On the importance of securing systems, Hurwitz is right. More attention must be paid to strengthening security overall. Corporate players, especially, should face serious repercussions for breaches that result in user data being compromised. Until there is a price to be paid, the cost of poor security practices is relatively minor compared to the cost of robust protections.
What Hurwitz misses, however, is what those protections are likely to look like. If corporate players suddenly faced stiff penalties for breached data, the first step most would take is end-to-end encryption. There is a good reason for that.
Despite Hurwitz’ dismissal of encryption, it is just as, if not more, important than security. If a system encrypted end-to-end is breached, there is little of consequence that could be gleaned from the breach because all data compromised would be stored in an unreadable format.
The reason hacks are so damaging currently is that most data is not stored encrypted. It is stored in plain text or as normal files. Once the breach happens, the data is lost.
Under Hurwitz’ concept of security being most critical none of that changes. All systems will have vulnerabilities, no matter how much is invested in securing them. So what do you do when they are broken?
By starting first with encryption, you stop the hemorrhaging before the cut is even made. The system protects the data first, and the system second. Our current systems are completely backward in that regard, as is Hurwitz’ thinking. In an end-to-end world, content should never be viewable in transit. That is especially true when transit relies on anything as inherently insecure as the open Internet.
What’s more, you reduce the motive for attack by ensuring that anything gained will be of no value.
Hurwitz’ line of thinking, sadly, is typical of policy proposals in DC. There is a reason for this, too. By diverting the focus to security, rather than encryption, we guarantee the prying eyes of the surveillance state.
Only in an end-to-end world do we safeguard our data against all outside eyes, not just the “bad” ones.