2017 Encryption Landscape -- Security Today

2017 Encryption Landscape

By Mike Salas
Dec 27, 2016

There is a growing belief that 2017 will be a decisive year in the battle over encryption that has been quietly raging for over 25 years. This ongoing battle has pitted the federal government, who argues that some form of encryption backdoors are needed for national security purposes, against security professionals and privacy advocates, who argue that these types of backdoors are foolhardy at best and dangerous at worst. The recent election of Donald Trump, the self-described “law-and-order” president, threatens to upend the shaky détente that currently exists between these two competing camps. If early indications are true and Trump does in fact take a more strident approach towards issues of security and privacy, organizations and vendors alike will be facing a radically altered landscape in 2017.

For a preview of the type of changes that may be in store, one needs to look no further than to the UK, where a recently-passed bill, named the British Investigatory Powers Bill (aka “Snooper’s Charter”), is already causing widespread changes. This new law allows the UK government to engage in online surveillance, to perform wholesale bulk collection of every citizen’s metadata, and to have the legal authority to hack into devices remotely. Furthermore, the law enables the government to impose what is called a “technical capability notice” on a commercial entity, which would oblige them to change or modify their product to remove any form of electronic protection applied by the company to any communications or data. In other words, the government is demanding that companies have the backdoor capability of removing the encryption that is being used to protect data.

The impact on commercial entities that deal with any sort of consumer or citizen data is becoming clear: they will be required to collect, store, maintain, and disclose this information when presented with a warrant. While this will present data storage challenges to an organization, the greater fear is the worry about hacking. For all the talk about safeguarding data, it’s now clear that it is virtually impossible to stop a determined hacker from compromising data. In the last year alone, major commercial entities, such as Yahoo, Verizon and LinkedIn, have all been hacked. In other words, it’s not a question of if a company will be hacked; it’s simply a question of when. While companies will continue to try to find ways to prevent these hacks, 2017 will be the year of an increased focus on mitigating the impact of inevitable breaches.

On the flip side, security vendors, especially those that deal with encryption technology, will be faced with a dilemma. Encryption is built on a foundation of math. If a backdoor weakness were purposely built in due to some type of mandate, then the mathematical underpinning of encryption will have an inherent vulnerability that will be identified and exploited by sophisticated hackers. Furthermore, even if vendors were to put in a backdoor, it would have no real effect at stopping criminals due to the widespread availability of other tools and encryption services that go beyond the reach of federal authorities. Thus, compliance with any sort of federal mandate will likely result in a significant commercial impact to the vendor’s business as clients migrate to other solutions or services.

To avoid the economic impact caused by the insertion of a backdoor, vendors will likely migrate toward an alternate deployment model that relies on “safe harbor” provisions. Like the safe harbor provisions used within the Digital Millennium Copyright Act (DMCA), vendors will claim protection from monetary or legal liability based on the allegedly infringing activities of third parties. For data being sent across the Internet, this can be achieved by implementing a more advanced encryption model that takes advantage of one-time use keys to protect the data being sent to and from different parties. For statically stored data, this can be done by moving to a model where the keys used to unlock this stored data are uniquely tied to an individual using biometrics or other similar techniques. In both models, because the keys are self-deleting and/or uniquely linked to the user, neither the vendor nor the organization can unlock this data themselves and thus cannot be subject to a court order. Importantly, these approaches also provide an immediate security benefit by providing another protective layer against hackers who attempt to steal data.

The debate that started 25 years ago when the U.S. government attempted to regulate encryption in the early days of the Internet seems destined to explode into the limelight in 2017. The national conversation that results will dramatically shape the encryption landscape for years to come.

Honeywell Makes Strategic Tuck-in Acquisition of Li-ion Tamer
07/01/2025
Defining SASE at the Largest Consumer Electronics Chain in the Nordics
06/26/2025
Elite Interactive Receives Strategic Investment from CIVC Partners
06/26/2025
ProdataKey’s Emergency Response Integrations: Integrated Access Control Made Easy
06/25/2025
Eagle Eye Networks Enhances Partner Program to Accelerate Reseller Growth
06/24/2025
Altronix POE367 Delivers 277VAC Support at Remote Locations
06/18/2025
ONVIF, C2PA Announce Collaboration to Strengthen Trust in Digital Video
06/18/2025
Acre Security Confirms Kumar Sokka as CEO to Lead Next Phase of Growth
06/16/2025

Featured

Video Surveillance Trends to Watch

With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now
- Video Surveillance
New Report Reveals Top Trends Transforming Access Controller Technology

Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now
- Access Control
Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now
- Cybersecurity
ASIS International Introduces New ANSI-Approved Investigations Standard
- Guard Services
Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now
- Cybersecurity

Security Today eNews

Sign up today for essential industry news and product information that can help you stay afloat in the fast-paced world of security.

Email Address*Country*

Please type the letters/numbers you see above.

Webinars

Whitepapers

New Products

Camden CM-221 Series Switches

Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.
HD2055 Modular Barricade

Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.
Compact IP Video Intercom

Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis.