Matthew Green on Encryption

Matthew Green, Cryptographer at Johns Hopkins, writing on encryption in light of recent Kaspersky reports:

At the end of the day we, as a society, have a decision to make. We can adopt the position that your data must always be accessible—first to the company that made your software and secondly to its government. This will in some ways make law enforcement’s job easier, but at a great cost to industry and our own cybersecurity. It will make us more vulnerable to organized hackers and could potentially balkanize the tech industry—exposing every U.S. software firm to the same suspicions that currently dog Kaspersky.

Alternatively, we can accept that to protect user data, companies have let it go—and the single most powerful tool technologists have developed to accomplish this goal is encryption. Software with encryption can secure your data, and in the long run this—properly deployed and verified—can help our software industry spread competitively across the world. This will not be without costs: It will make (some) crimes harder to solve. But the benefits will be real as well.

Software and service providers are not deploying encryption merely to frustrate the U.S. government. Providers know their business far better than the Justice Department does—when they choose to deploy encryption, it’s because their business depends on it. And while it may be frustrate law enforcement, in this case Silicon Valley’s interests and consumers’ interests are aligned.