Encryption and Privacy

                How valuable is your personal information? How greatly do you prioritize the protection of your private information from malice? At what point do you believe it is fair to compromise your Fourth Amendment right of protection against unwarranted search and seizure? Our personal and more often than not private information is readily held and transmitted through means which are quite frequently out of our realm of control. With the tremendous growth and use of technology in our daily lives, the vulnerability of our personal information becomes exponentially more susceptible to external dangers and threats. Our private information is not only consistently transmitted across the Internet, it is also stored on our personal devices and the devices of technological services we choose to use as consumers. In most cases, it is extremely important for our information to be protected from hackers and criminals who aim to maliciously access, steal, and compromise our information without our knowledge, awareness, or permissions. Such compromise of personal information can ultimately put our personal safety and wellbeing at risk. This is why encryption has been leveraged as a remarkably important tool to help protect our personal information and strengthen our control over our private data and more importantly who can lawfully access our sensitive information. In this analysis we are going to examine multiple variables of encryption including how it used in our modern day, what benefits are provided, and how lapses in encryption protocol create tremendous multifaceted vulnerabilities and susceptibilities.

                We should begin our discussion by analyzing why encryption is used and how the encryption process takes place. Encryption is the process of when data, either communicated or stored, is translated into indecipherable text that can only be read with the right key. Once the correct encryption key is applied to encrypted text, the text is then decoded and the data is transformed back into decipherable text. The process of encryption allows for data to be converted to uninterpretable text, which is then unlocked with the encryption key is applied. Most technology organizations use some degree of encryption in their processes to help protect the private information of their customers and confidential and proprietary data relevant to business operations. Encryption is used to help provide an additional layer of security across all data stored, allowing for a blanket of protection against malicious attacks and unwarranted violations of access to information and data. Unencrypted data is often referred to as plain text, which is then encrypted into random characters and symbols called cipher text that have the ability to be decrypted using the appropriate key or password. This allows for the ability to apply a cover on the information itself which can be removed by individuals or system processes that hold the appropriate key. Now that we have a general understanding of what encryption is and how it can be applied, the next question is why encryption should be important to you.

                As a society we are using technology for personal uses now more than ever before. Our smartphones have turned into our wallets. We use our phones to track our health and fitness. We are consistently providing our locational information through global positioning systems built in to our phones. We have personal, intimate, and ultimately private interactions with our friends and loved ones on a daily basis through calls, images, videos, and text messages. The amount of personal information that we transmit through our devices is truly unfathomable, and at most times are transmitted passively without our awareness or comprehension. With this in mind, it should be tremendously important to understand that not only is our information transmitted across the internet, it is quite frequently stored on servers which are outside our realm of control. These server include your internet service provider, consumer tools and products, and other third party application that are installed on our devices. Knowing that our information is readily accessible, the most relevant question should be what can we and the services we choose to use do to help protect our data from malicious and unwarranted exploitation. The answer to this question helps us understand why encryption is tremendously important. It allows for the ability of our personal and private data to be transmitted and stored in a format that protects from misuse. Encrypted data helps ups store information in a format that is only legible to intended users with the correct encryption keys, allowing for a limitation on malicious access. Not only does encryption protect us at a personal level, it also provides protection at a business operational level for organization which we as consumers choose to interact with. At a business level, our personal and private information is stored on multiple servers for years, if not decades, which provides a treasure-trove of confidential and personal data. In numerous instances, private organizations along multiple sectors and industries have fallen victim to data breaches which have left their consumers’ information open and extremely vulnerable to malicious parties. Not only have private organizations fallen victim, many government organizations and entities such as the Internal Revenue Service have faced data breaches which compromise personal and private information. The table below helps outline some of the major organizational breaches, both governmental and in the private sector, which have directly impacted the security of personal and private information. This table summarizes a few of the major breaches over the past 12 months and is in no sense all inclusive. Thousands of additional breaches have occurred within this time period, many ranging in scale and other breaches which may have went entirely undetected.

                  Information Retrieved from Privacy Rights Clearinghouse (April 2015 – April 2016)  

                The table above allows us to get a brief sample of the scope of threats which can pose to be extremely malicious and tremendously detrimental to our personal and private information if our information is not encrypted. Many of the entities above deal with immensely private data which, if compromised, can prove to be a huge risk to our personal safety. The importance of sound information security policies and the respect of users’ privacy is heavily understood by most technology organizations. This drives technological establishments to stress the importance of well-versed encryption protocols. Organizations understand that users have a high level of concern regarding the security of their personal and private information. This understanding of consumer perspective helps guide organizations in implementing policies which keep data secure. If the information were kept unguarded, the organization would not be able to appeal to customers and grow their consumer market. Customers love security and protection. Organizations that provide such features in their products help attract and keep customers, allowing for a strong foundation of customers at its base. Organizations that fail to implement strong security controls and protocols tend to attract security encroachments which have a directly negative impact on the firm and its ability to attract new customers. Strong and well executed security controls that protect privacy not only attract and maintain consumers, but also allows the organization to have a competitive advantage in their industry. While other organizations may be prone to attacks which damage reputation, an organization that invests in maintaining safe and secure data provides themselves an advantage to help mitigate risks associated with unwanted threats. Overall, strong information security and encryption policies which help protect organizational and consumer data allows for spectacular competitive advantages across the board.

                The final variable that we will analyze will be the attempted governmental and legislative influence on encryption and encryption policies. The government’s involvement in encryption has begun to build momentum that is faced with tremendously strong and united opposition from the major technology players and conglomerates. In recent times, a case is being made that encryption would provide a means for communication for individuals who pose a threat to national security. According to the stance of certain representatives, it is believed that state and federal entities should have the ability to monitor encrypted information without sufficient warrants or juridical approvals. This position held by some in administrative parties is readily opposed by their counterparts within their legislative realm, coupled with strong opposition from large information technology firms and organizations. Some believe that the ability to create a “back door” would allow government entities the ability to attain information when required. In reality, if a “back door” is created, it would defeat the purpose on encryption as that door is not only limited to government entities. The creation of a method to unencrypt data and information would be violated by malicious third parties that choose to acquire personal and private information for misuse. With this in mind, numerous organizations have collectively stood up to contest against the request of some members of government to create an alternative method to access personal and private information. In addition to technological organizations rallying together to battle such requests, many politicians, including members of The White House and President Obama, have declined to support any legislation that encroaches on encryption polices that put the general public in harm’s way. The table below outlines major opposition to such legislation and how encryption legislation can pose a threat to personal and private information.

                 Information Retrieved from Electronic Frontier Foundation.

                Opening encrypted processes for government entities does not simply end at government access. It allows for any third party to assess the newly created window to exploited private and sensitive data in tremendously dangerous fashion. Many would argue that such legislation that limits encryption would pose a greater nation threat in the sense that trillions of records could be placed in the reach of malicious parties for exploitation. As outlined by the table above, a large majority of technology organizations understand that their customers’ safety and the protection of sensitive information cannot be compromised as such actions would jeopardize sensitive information most individuals across the globe. Of course, as always, any government requests that is accompanied with legitimate judicial review and justification has to be fulfilled by any organization that holds the information in question. For example, warrants and similar judicial requests must be abided by under scrutiny of the law. Technology organizations strongly abide by such governmental oversight as this is a requirement that is backed by legal precedent and opposition to such requests would be considered unlawful and could result in tremendous penalties. No major technological organization oppose the perspective that judicially warranted actions are uncalled for as they are legally obligated to abide by such statutes. It is important to understand that organizations are not opposed to working with government entities as long as it is done within the realms of legal precedent and does not subject the greater public to harm, opening doors which could result in truly detrimental invasions of privacy and sensitive information.

                The importance of encryption continues to grow as we become more dependent on technology. Personal and private information is readily transmitted over networks, stored on servers, and maintained for years by third parties. Our personal information continues to grow in sensitivity and is extremely confidential in nature. Our messages, phone calls, emails, contacts, pictures, location, web history, and other digital trails are tremendously personal and should remain this way unless warranted by law or judicial impositions. In addition, the information of ours that is kept on third party systems are equally private and sensitive. The importance of maintaining our privacy can never be underestimated. Our current trajectory is towards continual growth in use of technology, leading to a greater amount of personal information that could be susceptible to malicious actions. With this in mind it is tremendously clear that sound policies that support universal encryption should be implemented to help protect the public from malicious attacks that would compromise private information and sensitive data. The greater use of encryption would ultimately aid in ensuring our personal and private data remains exactly that, personal and private.