IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

RSA 2016: Weakened encryption compromises national security

Terrorists will move to other platforms, while criminals will exploit the flaws, claim speakers

Blue padlocks with one red padlock representing security hole

Tech leaders have hit out at government snooping and attempts to break encryption on the first day of RSA Conference 2016.

On the same day that Apple once again came face-to-face with the FBI in a court hearing in LA, down the coast in San Francisco, Amit Yoran, president of RSA, used his opening keynote to criticise governments for allowing intelligence and law enforcement agencies to dominate the security conversation.

"We need governments to enact policies that help, rather than hinder security, providing opportunities for talent development," he told delegates.

Yoran said that the aims and perspectives of such agencies are "radically different" to those of people trying to defend networks, and said policy proposals such as weakening encryption "boggle the mind".

"In an era when cybersecurity is consistently cited as the single greatest threat to our way of life - above terrorism and all else - how can we possible justify a policy that would catastrophically weaken our infrastructures?" asked Yoran.

"Weakening encryption is solely for the ease and convenience of law enforcement when they are pursuing petty criminals. No credible terrorist or nation state actor would ever use technology that is knowingly weakened. However, if you weaken our encryption you can sure bet that the bad guys will use that and exploit it against us," he added.

These thoughts were echoed by Brad Smith, general legal counsel at Microsoft, who took to the stage after Yoran for his own keynote.

Smith reflected on not just the big hacks of the past few years but also the terrorist attacks that hit Paris and San Bernardino in late 2015.

"People went to work [the day after these attacks] debating whether this meant new steps needed to be taken for technology, for surveillance, for encryption," said Smith. "We live in a world where every week there is a pendulum and the question is, which way will the pendulum swing on these issues that affect us?"

Smith argued that it was impossible to ensure people's security in real life if their security cannot be ensured online.

"The internet started out two decades ago as something people talked about as a different space - cyberspace, as if it were disconnected from real space and the real world. Well, what we've learnt today is that if people want to shape and impact what happens in the real world, they go to the internet," said Smith.

"This has affected everybody - governments around the world studied the Sony case and they realised that there is no such thing as national security in this decade without cyber security. We've realised that hence we need to keep information secure. One thing is clear above all else - people will not use technology they do not trust and hence trust is the absolute foundation for our entire industry and it needs to remain that way," Smith concluded.

Smith and Yoran's comments also come on the same day Theresa May introduced a new draft of the Investigatory Powers Bill to Parliament. The new text still contains a controversial provision that would oblige companies, including RSA, Microsoft and Apple, to remove encryption at the request of law enforcement agencies.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Podcast Transcript: What’s so hard about public sector IT?
public sector

Podcast Transcript: What’s so hard about public sector IT?

3 Dec 2021
The IT Pro Podcast: What’s so hard about public sector IT?
public sector

The IT Pro Podcast: What’s so hard about public sector IT?

3 Dec 2021
Majority of UK's top business leaders are failing to manage supply chain security risks
supply chain management (SCM)

Majority of UK's top business leaders are failing to manage supply chain security risks

16 Nov 2021
HPE inks $2 billion high-performance computing deal with the NSA
high-performance computing (HPC)

HPE inks $2 billion high-performance computing deal with the NSA

1 Sep 2021

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security
Careers & training

(ISC)2 launches free scheme to get 100,000 UK citizens into cyber security

17 May 2022