Donate
Businesses Can’t Afford to Lose Trust in the Encrypted Economy, and Neither Can You Thumbnail
‹ Back
Strengthening the Internet 28 January 2021

Businesses Can’t Afford to Lose Trust in the Encrypted Economy, and Neither Can You

Istvan Lam
By Istvan LamGuest Author

End-to-end encrypted platforms have become an important means to establish online trust for businesses and individuals globally – and law enforcement/intelligence services are struggling to keep up.

Their unfamiliarity and uncertainty is reflected in the ambiguity of political discourse on the subject. On one hand, the European Union endorses strong encryption within data protection laws such as GDPR. On the other, attempts to intercept end-to-end-encrypted communication between suspicious parties resurface over and over again.

The Council Resolution on Encryption, adopted by the Council of the European Union, is the latest example. Politicians continue to strive for both strong end-to-end encryption and getting targeted access to information when – from a security and technology standpoint – the two concepts are at odds. Symbiosis is only possible in political rhetoric.

As the co-founder of an end-to-end encrypted cloud service, I am deeply concerned at how demands for access to encrypted data will affect the security of thousands of businesses and the millions of clients who rely on them in the EU and worldwide.

The Digital Economy Is at Risk

Our digital economy depends on the widespread use of strong encryption. This includes end-to-end encryption, within organizations of all shapes and sizes.

As businesses, we depend on strong encryption to manage the data of EU citizens in a compliant and safe manner, and the use of end-to-end encryption is often a key pull factor for companies considering a move to the cloud.

Weakening this encryption protocol would threaten the security – and ultimately the existence – of all of these businesses in the future, preventing decision-makers from opting in for the optimal security and efficiency provided by cloud-based systems.

Businesses Rely on End-to-End Encryption for Multiple Reasons

According to a 2020 study on encryption trends by Entrust, almost half of surveyed organizations have already adopted a consistent encryption strategy. Our own survey (commissioned with the help of YouGov) from 2019 demonstrates an increase in awareness around the use cases for encryption, with 50% of respondents from the UK, Germany, and the United States agreeing that end-to-end encryption can help protect their digital privacy.

The applications for end-to-end encryption in a business context are considerable. My company Tresorit, a cloud storage service, has learned of many critical uses from our customers alone. They include a wide range of businesses that handle sensitive data. Their assets, ranging from IP to business secrets, employee information, and healthcare records, must be stored and transmitted confidentially.

Here are just a few examples of why end-to-end encryption is so critical to their needs:

Securing Sensitive Data

For companies like PayFit, end-to-end encryption plays a critical role, enabling them to provide a secure environment for their clients’ data. “The data that we store about our clients is, by definition, highly confidential. Think payroll data, identity documents, health information and so on,” says Guillaume Gohin, Head of Information Security. “We wanted to make sure our data is safe at every step of the chain… end-to-end encryption guarantees just that.”

Complying with Data Protection Regulations

With GDPR coming into force in the EU, a new wave of data protection laws has been triggered globally. Fulfilling the strictest local requirements is a major challenge for most global companies. For companies like DMCC Netherlands and Pelago AB, using a GDPR-compliant technology like end-to-end encryption is a matter of professional credibility. “We ensure that business processes of our clients are in line with European privacy and consumer protection legislation”, says Jitty van Doodewaerd, Director of DMCC Netherlands B.V. “We have to practice what we preach. Therefore, our own data storage has to be compliant.”

Pelago AB Founding Partner Christoffer Lindblad says, “Our reputation as a reliable partner is one of our most vital so-called competitive edges. It is thus crucial that we handle all data as securely as possible and encryption offers us one important tool to achieve this.”

Protecting Identities

End-to-end encryption also helps our NGOs and human rights organizations keep critical data secure. Elinor Stevenson, Senior Counsel at Public International Law & Policy Group, a Nobel Peace Prize nominee and global pro bono law firm, reiterates this. “Encryption is critical to the work we do with human rights defenders. It allows us to securely share and store sensitive information in a way that protects the people we work with and the information itself.”

The Problem with Backdoors

The strength of the end-to-end technology is in its structural integrity. Law enforcement calls for businesses to create backdoors to encrypted content are dangerous because it undermines the security of the entire system. It opens up vulnerabilities to malware attacks and unwanted surveillance.

Mandatory third-party access would spell havoc for individuals and businesses alike. With the cost of a data breaches soaring to an average of US$ 3.86m, the risk of an open-door policy is too much to stomach.

Backdoor Access Is off the Table

No one can afford to lose encryption. Our digital economy relies on secure and confidential collaboration to thrive. Forcing businesses to create the means for third-party access to encrypted systems would set the scene for dramatic losses. Loss of data. Loss of money. Loss of reputation. Why risk destabilizing the security system and causing a complete loss of trust in the network economy?

Regulators and lawmakers must understand these threats, divert their energy to more pressing matters, and end talk of backdoor coercion for good.


Image by kate.sade via Unsplash

‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Enough Is Enough: What Happens When Law Enforcement Bends Laws to Access Data
Enough Is Enough: What Happens When Law Enforcement Bends Laws to Access Data
Encryption30 March 2021

Enough Is Enough: What Happens When Law Enforcement Bends Laws to Access Data

Tutanota co-founder Matthias Pfau explains how a recent court order is a wake-up call to end the encryption debate once...

European Union, Use Facts to Make Cybersecurity Decisions – Not Myths
European Union, Use Facts to Make Cybersecurity Decisions – Not Myths
Encryption19 November 2020

European Union, Use Facts to Make Cybersecurity Decisions – Not Myths

Nearly 450 million EU citizens are counting on the Council of the European Union to make decisions that protect their...

EU Internet Society Chapters Call on European Commission to Follow the Path of Strong Encryption. Here’s Why You Should Too.
EU Internet Society Chapters Call on European Commission to Follow the Path of Strong Encryption. Here’s Why You Should Too.
Encryption16 December 2020

EU Internet Society Chapters Call on European Commission to Follow the Path of Strong Encryption. Here’s Why You Should Too.

Internet Society Chapters in Europe are warning the European Commission that its recent plea for Member States to help find...

Join the conversation with Internet Society members around the world