Over the last few months, the topic of encryption has become a common debate amongst the technology industry and government agencies.
Recently, the major tech giant Apple was approached by the U.S. Department of Justice to unlock an iPhone 5C used in connection to the San Bernardino shooting. After resisting a court order demanding the iPhone be unlocked, Apple explained that doing so would create a backdoor that could be exploited in other iPhones.
In response, other tech giants like Facebook and Google have claimed they are working to make consumer data as secure as possible, even from the eyes of the government. While Facebook already utilizes encryption with its WhatsApp messaging service, they’re looking to apply the same style of encryption to the services’ voice calls and group messages. Google is currently researching whether it’s possible for them to apply the encryption method used for emails to other products.
The battle between Silicon Valley and the U.S. government has been going on long before the Apple and DoJ debate. While the tech industry places a higher priority on security its consumer’s private data, the government feels this encryption obstructs their ability to access information vital in criminal and terrorist investigations. Fortunately, the federal government understands that weakening encryption or allowing for backdoors would allow enemies to hack into U.S. products & networks.
One idea proposed by tech industry experts states companies could be asked to hand over metadata for criminal investigations while still keeping the content of the message encrypted, allowing government officials access to the names of individuals messaging as well as where and when they communicated.
While the topic of encryption may not be a light one, there's one thing most people can agree on- keeping sensitive data out of our enemies hands is of top priority. From an enterprise standpoint, hackers are becoming more and more sophisticated with their means of attack and these institutions should remain vigilant and alert when it comes to securing this sensitive personally identifiable information. Making sure your system is hardening & vulnerability free, coupled with Continuous File Integrity Monitoring and Breach Detection & Host Intrusion Detection will help protect your IT estate against a malicious attack.