Fears over “ban” on encryption

Following David Cameron’s recent comments which proposed a ban on encryption in the UK, Alex Plaskett, Head of Mobile at MWR InfoSecurity has said the following on what it would mean for businesses:

Following David Cameron’s recent comments which proposed a ban on encryption in the UK, Alex Plaskett, Head of Mobile at MWR InfoSecurity has said the following on what it would mean for businesses:

Encryption is widely used to protect company confidential information against malicious parties. Typically businesses use encryption to protect lost or stolen devices (encryption at rest) or communications security (SSL, PGP email etc). The use of encryption within a business is dictated by the threats faced by the organisation and the sensitivity of the data. Organisations which have a lot of sensitive information to protect use encryption heavily, whilst other organisations deploy cryptography less widely.


Whilst encryption varies between organisations, it is often implemented incorrectly or contains weaknesses which can be exploited by an advanced attacker. An example of this is not implementing perfect forward secrecy or fully end-to-end communication security. High security messaging tools aim to address these weaknesses. In the past strong cryptography was typically used by the intelligence community and businesses primarily. Now these technologies are starting to be implemented in consumer applications (such as messaging applications, including Whatsapp and iMessage).”

The main uses of encryption as previously mentioned are communications security (browsing sensitive data in web sites, email encryption) and full disk encryption. Encryption is often used in endpoint protection, such as using encrypted USB's to protect lost or stolen portable storage. In using this technology, businesses are generally trying to protect key assets such as customer records, financial information, intellectual property and so on.

We are seeing both an increase in the number of companies using encryption and also the amount of applications it’s being deployed in. No doubt encryption can be a very effective solution – but the seemingly endless amount of major corporate security incidents has seen many businesses looking for further protection. Concurrently, there is also a growing pressure from consumers to know that the services they use are not only secure, but private. It has been shown that exploitation of lawful intercept capabilities implemented in software and “backdoors” can be abused by malicious actors. It is hoped that if any legislation is put in place in future, then it does not disrupt the ability for organisations to protect their data from malicious parties. Heavy handed or simply ill-thought through regulation has the potential to undermine the legitimate uses of this technology for both businesses and consumers alike.

Read more

Latest News

Read More

Managing grieving employees: Lessons from the funeral industry

25 November 2024

Newsletter

Receive the latest HR news and strategic content

Please note, as per the GDPR Legislation, we need to ensure you are ‘Opted In’ to receive updates from ‘theHRDIRECTOR’. We will NEVER sell, rent, share or give away your data to third parties. We only use it to send information about our products and updates within the HR space To see our Privacy Policy – click here

Latest HR Jobs

University of Greenwich – HRSalary: £45,163 to £55,295 per annum, plus £5400 London weighting pro rata per annum

Universities UK – Human ResourcesSalary: £21,441 to £24,474 per annum pro rata, dependant on experience

Derby College GroupSalary: £39,748 per annum, pro rata (actual salary £32,229)

University of Oxford – NDM HR Centres of ExcellenceSalary: £34,982 to £40,855 per annum (pro rata) – Grade 6

Read the latest digital issue of theHRDIRECTOR for FREE

Read the latest digital issue of theHRDIRECTOR for FREE