The backdoor encryption debate in the United States has been going on for quite some time now. An important element in this debate that is often overlooked, however, is that this strong encryption which is under attack is actually encouraged and required for certain businesses – and frequently employed by the government.
Take the healthcare industry. Rules for electronic health records and information (HIPPA rules) specify that private information should be encrypted. Further, “safe harbor” rules can even exempt health services companies from liability if they’ve employed strong encryption, which encourages companies to enact encryption: “Because the HITECH Act’s breach notification rule includes a safe harbor that exempts the reporting of breaches if the data involved was properly encrypted, many organizations are investigating whether to make wider use of encryption.”
Another example is the financial industry. Recently, a financial services company was charged a large fine (which was paid to a federal agency) because it was not properly encrypting its information: “It failed to follow through on a key data protection protocol: encryption of laptop computers that contain confidential customer data.” So the company was penalized for not encrypting.
Examples like this illustrate the hypocrisy of the government in the encryption battle. Encryption is under attack with the government attempting to mandate “backdoors” into consumer communications, but meanwhile some businesses are encouraged – or required – to encrypt to secure their data. There is even a bill called the Data Security Act of 2015 currently advancing through the House which, in essence, requires businesses to encrypt sensitive information while it’s in transit and storage.
The government certainly makes use of strong encryption itself, yet they’re attempting to take away this right from everyday Internet users. So the government is not consistently prohibiting or weakening encryption, but instead trying to control who is “allowed” to use it and who is not.
Encryption is the second amendment for the Internet, and using encryption to protect your data should be a fundamental right for all – not just for a select few.