Donate
CEOs and Encryption: The Questions You Need to Ask Your Experts Thumbnail
‹ Back
Encryption 16 March 2018

CEOs and Encryption: The Questions You Need to Ask Your Experts

Robin Wilton
By Robin WiltonSenior Advisor for Internet Trust

Barely a week passes without something in the news that reminds us of the critical role encryption plays in securing our data. It is a technology that protects so much of what we rely on, as individuals protecting our privacy, as companies securing our business assets and transactions, and as governments responsible for critical national infrastructure. 

As a CEO, I needed to know what questions I should be asking my technical experts about encryption and its use, so I asked my staff to produce this paper. I found it to be so useful that I thought we should share it with other executives as they try to understand and manage this complex but indispensable technology.

We believe, at the Internet Society, that encryption is a MUST for protecting what is one of the most valuable assets we manage—data.  We hope this paper can be helpful to you.

— Kathy Brown, CEO, Internet Society

The request Kathy mentions came after the San Bernardino shootings in California (which reinvigorated the debate about third party access to encrypted information), and after a former Director of the UK’s Government Communications Headquarters (GCHQ) had set out his view in these terms:

“Encryption is overwhelmingly a good thing, it keeps us all safe and secure. Building in backdoors is a threat to everybody. […] It is not a good idea to weaken security for everybody in order to tackle a minority. […]  Trying to weaken the system, trying to build in backdoors won’t work and is technically difficult.”

— Robert Hannigan,  BBC Radio interview, 10 July 2017

I am delighted to say that, today, we are publishing the resulting paper, Cryptography: CEO Questions for CTOs, which focuses on three main topics:

  1. Getting a snapshot of your organisation’s crypto strategy and current status
  2. Practical challenges of deployment and management
  3.  Non-technical factors around risk mitigation and law enforcement access

I have also included a brief glossary, and a short background on Public Key Infrastructure and its various quirks; I was persuaded to relegate the latter to an Appendix, in recognition of the fact that not everyone finds the ins and outs of PKI as fascinating as I do… strange as that may seem.

My hope is that you will find the paper useful in two ways:

  • If you are conscious that cryptographic technology is somehow important to your organisation, but feel a certain unease about approaching such a notoriously tricky topic, then I hope this paper will help give you the confidence (even, the “permission”) to say – “I now understand the principles and issues; help me understand what we should be doing about this as an organisation”;
  • If you are already comfortable with the technical aspects, to the degree you need, then I encourage you to use the document as an “annotated checklist”: each section contains a set of questions for you to think about, and to discuss with responsible executives or managers in your organisation.

I don’t imagine the debate over encryption will fade away or be resolved soon. Organisations will continue to face pressure to meet the diverse objectives of securing their enterprise, keeping customers and their data safe, and responding to government and law enforcement requests for access to encrypted information. In a data-driven society, resolving the conflicts between those objectives is a critical capability.

I hope you will find Cryptography: CEO Questions for CTOs interesting and useful – and if you have any feedback, please let us know.

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption Backdoors Decrease Trust In The Internet
Encryption Backdoors Decrease Trust In The Internet
Encryption21 May 2015

Encryption Backdoors Decrease Trust In The Internet

Earlier this week a number of organizations, companies, and individuals wrote a letter to the President of the United States...

A New Survey Shows Few Actively Encrypting More Because of Internet Distrust
A New Survey Shows Few Actively Encrypting More Because of Internet Distrust
Encryption11 June 2019

A New Survey Shows Few Actively Encrypting More Because of Internet Distrust

A new survey shows that only a handful of people who said they distrust the Internet are actively choosing encryption...

Encryption Is Critical for the Australian Economy
Encryption Is Critical for the Australian Economy
Encryption17 July 2018

Encryption Is Critical for the Australian Economy

On 17 July 2018, the Internet Society and its locally based chapter, Internet Australia, joined 75 organizations in signing a...

Join the conversation with Internet Society members around the world