Encryption Is Necessary For Data Protection

11/20/2015 03:19 EST | Updated 11/20/2016 05:12 EST

In the wake of the tragedy in Paris, there is a question in the media asking if the terrorists used encryption.

To continue using the internet as you know it, you have to use encryption. Unless you want to have your medical health history online for all to read, and end shopping online altogether, we rely on encryption to protect our information. There's no such thing as backdoors for one party only, such as the government. As soon as you introduce a backdoor of any kind, attackers will use it as well. It is dangerous and naive to suggest using a backdoor in encryption; only a non-technical person would make such a claim that this is possible or even a suggestion.

Encryption needs to be so strong that you trust your personal information with it, your life. Anything less, and you can remove any notion of a private digital life. Anything not encrypted, travels around the internet like a digital postcard, for even the moderately tech savvy who download free and open tools on the internet to snoop and log forever.

We must constantly remain vigilant with encryption, to ensure as soon as there is even a potential weakness, we have the ability to quickly upgrade our infrastructure to protect us from attack.

To answer the initial question, did the terrorists ever use encryption? Likely. It's near impossible to avoid it if you've used the internet. You can't go to Facebook, ebay, or receive an email on Gmail without using encryption. Does that mean we should ban these services, or remove the encryption, even for extreme circumstances? Absolutely not.

It also appears that terrorists use cell phones. Should we ban cell phones as well? Of course not. There is no way to validate that you're a good person when you buy a cell phone. As of writing this, it appears that the recent terrorists in Paris used unencrypted SMS to carry out their attacks, but I will continue the discussion assuming they used encryption just for academic purposes, so we never ever have the discussion of backdooring or banning encryption again.

There is no technology available that allows a backdoor only for the good guys, and not the bad guys. So if you're on the fence in deciding if encryption should have backdoors, you're really asking if we should turn the internet off altogether and pretend it never happened. This is not a realistic exercise, and so every information security expert cringes when they hear a policy maker suggest we allow backdoors into encryption, or turn encryption off. Strong encryption with no backdoors is required if we want the internet to continue.


Paris Attacks