Two big announcements were made this week dealing with encryption. First, the Chinese launched a satellite that will test "unhackable" quantum encryption for communications. This technology is apparently capable of detecting interception attempts and then deleting or changing the content. At the same time, Canadian police chiefs have called on the government to pass legislation that would force people to hand over their encryption key or passwords, with judicial authorization.
Does this mean that encryption has won, and that as long as we keep our passwords safe our information is secure? The answer is generally yes, and it has been that way for sometime. Although it is still possible to hack into a password protected device or document, the most common approach is still brute force (trying every possible password combination). Cyber criminals have known for years that humans are the weak link in the security chain, and generally focus on getting us to tell them our passwords through phishing and other ruses.
As encryption gets better, protecting the encryption key or password has become a priority. Law enforcement is frustrated by their inability to access key sources of information on computers and mobile devices when the password keeper exercises the right to remain silent. The police would like legislation to compel people to turn over that information.
There are many challenges in designing legislation that will be effective at forcing password disclosure. First, unless the penalty for failing to comply is as great as the offence itself, expect the subject to choose the lesser evil (the sanction for refusing to provide a breath sample is a good example). Second, it will be hard to distinguish between an "I forgot" and an "I won't tell”, and so the mens rea, or intent, required to convict for failing to provide a password may be difficult to prove. Finally, expect new apps or operating systems that will delete or conceal data when a trigger password is entered, as well as other enhancements to protect information.
We are watching the developments in the privacy - security - technology battle closely, and think it is far from over. For now, however, it appears that the technology of encryption is still winning.