Concern Grows Over Backdoor Data Access, Encryption

Fearful about financial and other data escaping though protection gaps, 84% of respondents to a survey said they are more concerned about backdoors and 64% said their personal encryption usage increased over the past year.

Those are among the results revealed by the Salt Lake City-based machine identity protection firm Venafi, from a survey on encryption conducted with 512 security professionals attending the RSA Conference 2018.

More specifically, respondents said their personal encryption usage increased due to recent geopolitical changes. This represents a dramatic increase in encryption reliance since last year when just 45% of attendees answered similarly. Venafi’s survey also found that security professionals are becoming more apprehensive about encryption backdoors, compared with 73% who expressed comparable anxieties at RSA 2017.

“We’re entering a world where machines process and conduct transactions autonomously,” Kevin Bocek, vice president of security strategy and threat intelligence at Venafi, said. “As a result, it will be incredibly important to preserve privacy with the use of strong encryption. Despite the challenges this poses, it’s excellent news that more than half of these security professionals use encryption to protect their personal privacy.”

The survey results are timely, Venafi noted in a blog, as it seems like everyone has an opinion about encryption. Former Microsoft CTO Ray Ozzie recently announced a backdoor proposal intended to bridge the gap between security and privacy. The pitch represents another episode in a huge debate brewing for years.

“However, security researchers and cryptographers are in near universal agreement that giving law enforcement a backdoor as suggested by Ozzie’s Clear proposal – even if gated by a third party like Apple or Google – is not an option,” the blog insisted.

The proposal is not a new idea and puts the opportunity to gain full control over a device in reach of attackers and governments by targeting the holder of unlocking keys. “While Ozzie’s proposal could create unintended consequences in a machine-controlled world, it does open dialogue on how to secure the future. Security based on openness is proven time and time again to be superior,” the blog said.

Bocek added: “Research shows that concern over encryption backdoors is growing, especially as our adversaries become more sophisticated and better equipped to exploit weaknesses. We must secure the privacy of machines, including Docker containers, Kubernetes clusters and cloud instances – all of which can scale in milliseconds.” Docker is a program that provides operating system virtualization, a.k.a. containerization. Kubernetes is an open-source scheme for automating deployment, scaling and management of containerized applications.