With the RSA Conference drawing to a close over in San Francisco, Tripwire took the opportunity to pick the brains of some of the security professionals at the event about the current hot topic of government access to encrypted data.
Apple and the FBI remain in a standoff as the fallout from the San Bernardino gunmen case continues to rumble on, with pressure now mounting on Congress to clear up the situation with updated laws on whether governments should have the right to access peoples' personal data or not.
The survey of 198 respondents found 81% believe that if governments are granted access it is either certain or very likely that cyber-criminals will abuse it. What’s more, 88% felt access would have a negative impact on consumer and enterprise security and privacy.
“Security professionals are very suspicious of any decision that redefines what's acceptable and what's not when it comes to security and privacy,” said Dwayne Melancon, CTO and vice president of research and development for Tripwire. “It's no surprise that the majority of the respondents at a security conference are concerned about this decision and, regardless of how it is resolved, it will have a lasting impact on security and privacy.”
In a statement to Infosecurity Gavin Millard, EMEA Technical Director at Tenable Network Security, said introducing a weakness into secure systems, irrelevant of the reasons behind it, will have repercussions for safe and secure communications for years to come.
“We just have to look at the issues stemming from the ‘Export Strength’ encryption in the 90’s that we are still feeling today, with downgrade attacks on SSL/TLS weakening the security of our connections and causing many hours wasted hunting down affected systems to patch. It’s obvious for anyone that’s been in the security industry for some time that weakening encryption only introduces more risk of abuse, be it from a Nation-State or cyber-criminals, so I’m surprised that only 81% agreed."
Steve Durbin, Managing Director of Information Security Forum is of a similar view, arguing it would be naive to believe hackers won’t exploit data access in some manner.
“Any subsequent breach or loss of data attributed to such a practice of providing access will damage the already fragile trust and confidence that exists,” he added.