Paris Attacks Reignite Controversy In Security Industry Over Encryption Technologies

Friday's horrific series of terrorist attacks in Paris restarted the debate between the security industry and the government about encryption, with officials decrying the technology and pushing for backdoor access.

As the investigation continues into the actors behind the attacks that killed more than 120 people in the heart of the French capital, U.S. officials have taken to the media to criticize the encryption technologies that they said allowed the terrorists to communicate without surveillance and are now hindering the investigation.

’ISIS' taking advantage of the technology that the head of the FBI has been complaining about, I’ve been complaining about, going dark, the ability to go dark -- I think you’re going to see that playing a significant factor in this event,’ New York Police Commissioner Bill Bratton said in an interview Sunday on ABC.

[Related: Q&A: Blue Coat President On Why Cloud Security Is Very Crucial For Partners]

id
unit-1659132512259
type
Sponsored post

There has also been particular backlash against whistleblower Edward Snowden on Twitter, with intelligence officials, former top-level CIA officials, politicians and more lambasting the former NSA contractor for helping cause the attacks by raising awareness about government surveillance and causing a rise in encryption usage by terrorists.

The back and forth on encryption isn't anything new in the security market. At this year's RSA conference in San Francisco, Department of Homeland Security Secretary Jeh Johnson asked security professionals to help slow the growth of encryption, arguing that it hurts the government's ability to pursue national security interests.

"The current course we are on toward deeper and deeper encryption in response to the demands of the marketplace is one that presents a real challenge for those in law enforcement and national security. Let me be clear, I understand the importance of what encryption brings to privacy, but ... our inability to access encrypted information poses public safety challenges," Johnson said in his keynote address.

"We need your help to find the solution," Johnson went on to say to the security professionals in the audience. "Homeland security ... is itself a balance between the basic physical security of the American people and the liberties and freedoms that we cherish."

Partners such as Matt Johnson, CEO of Reisterstown, Md.-based Phalanx Secure, said major terrorist events such as those in Paris this past week and in the U.S. on 9/11 will be major deciding factors in weighing the balance between privacy and surveillance. Johnson said it seems likely that the balance will shift in favor of the government in the wake of these events, with the security industry and its clients on the losing end.

"Every time we have some sort of unfortunate event like this, it's just that much deeper that the government wants to go," Johnson said. "I think, ultimately, things are going to change. I think the government is going to get ... more invasive [about] encryption and being able to break the encryption. They say Big Brother is coming, but unfortunately, it's already here."

His business sells encryption technologies around disk encryption, SSL encryption, email encryption and other encryption solutions for data at rest.

On the other hand, Jane Wright, senior analyst for security at Technology Business Research, said she expects sales of data encryption and privacy to rise in Europe, the Middle East and Africa in the wake of the events in Paris.

"After these horrible attacks in Paris, I think EMEA business executives will move to tighten their security in many more ways, including strengthening their cybersecurity controls. We will see EMEA businesses invest more in data encryption and privacy, and reevaluate their data location policies," Wright said.

That compares with "unusually slow" security spending in recent quarters in the EMEA region, Wright said, citing research from the Hampton, N.H.-based analyst firm. For example, in the second quarter of 2015, IT security revenue for the 19 security vendors tracked by TBR grew in EMEA just 7.2 percent. That is compared with growth of 23.9 percent in the Americas and 18.5 percent in the Asia-Pacific region in that quarter, the research found.

Phalanx's Johnson said he will be having conversations with his clients around the importance of data protection. He said the security industry's role in helping strike the right balance between privacy and surveillance is in educating clients about the importance of encryption, as well as helping make the process of encryption much more seamless for the end user.

"I think we're getting there," Johnson said.

PUBLISHED NOV. 16, 2015