To Encrypt or Not To Encrypt: The Pros and Cons of Data Encryption
Data encryption, and the increased privacy and security it brings, is a very sensitive topic at the moment.
The big question, for many parties, is whether or not it should be used. While there are clearly some benefits to using encryption for personal and private data, there are also some caveats. We’re going to take a look at both sides of this argument, and propose how this affects productivity and efficiency, as well.
But first, let’s discuss the high-profile case that’s happening right now between Apple and the FBI.
Apple versus FBI
In the wake of the San Bernardino shooting, news surfaced that Apple denied a request from the FBI to unlock an iPhone that belonged to one of the gunmen. Understanding the full implications of an act such as this, they denied the request and have stood by their decision.
FBI – and related government agencies – claim that without Apple’s support they cannot access critical information which is needed to conduct their investigation.
Sadly, the fight is not about the data contained on the phone, as one would expect.
According to Apple’s CEO, Tim Cook, the company did share data with the FBI. “When the FBI has requested data that’s in our possession, we have provided it. Apple complies with valid subpoenas and search warrants, as we have in the San Bernardino case. We have also made Apple engineers available to advise the FBI, and we’ve offered our best ideas on a number of investigative options at their disposal.”
The problem is that the FBI has asked Apple to create a unique version of the iPhone OS that allows them to bypass important security features. In other words, they want a backdoor built so they can crack the operating system and obtain all the data stored on the device.
The FBI intends to install this version of the OS on a gunman’s phone which they recovered after the shootings. But what happens after that’s done? What will they do with the all-access version of iOS after the San Bernardino case has been fully investigated?
Again, Apple’s CEO explained it best.
“The FBI may use different words to describe this tool, but make no mistake: Building a version of iOS that bypasses security in this way would undeniably create a backdoor. And while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
The FBI would have an incredible tool, one which could be used to do bad, just as much as it could be used to do good. Not to mention, what if that tool were to fall into the wrong hands? High-profile breaches have been common lately. What would happen if a third party was able to get a hold of that OS version?
These are all important questions that need to be considered, and that’s exactly why Apple denied the request to unlock the gunman’s phone. It’s also why nearly the entire tech industry banded together in support of Apple’s decision.
On the other side of the argument, there is still the matter of missing case details which may never be discerned if the FBI doesn’t get access to the unencrypted data on the phone.
With access, they may be able to learn about more parties involved in the attack, where the gunmen got the finances for purchasing supplies, how they planned the attacks, and much more.
What Does This Have to Do with Encryption?
Apple’s iOS operating system encrypts personal data by default. Without the proper credentials, the data stored within an iPhone is extremely difficult to read, if not impossible.
When data is encrypted, it is essentially locked behind a secret key or password. Without that key, you cannot decrypt the data and read it; it looks like scrambled content. This scrambled content or encrypted data is referred to as cipher text.
When data is not encrypted, it is referred to as plain text. Leaving data unencrypted is the equivalent of leaving important documents or cash on the counter in your home. Those items are perfectly safe until someone gets into the home, and then all bets are off.
What are the Caveats?
We know what the most important benefit of using encryption is; it offers an unprecedented level of security and protection for personal data. So much security, that the FBI wants special access to get through the encryption used in the iOS mobile operating system. These days, with so many high-profile hacks going on a little extra security, can go a long way.
As for the biggest caveat, if the security key or password assigned during the encryption process is lost, there’s no way to access the data. For companies and organizations that specialize in data storage, being left unable to access encrypted data would result in a significant amount of reputational and financial damage.
Then again, those companies would be in the same trouble if they suffered a breach, and a third-party got a hold of unencrypted data too.
Another issue with encryption – particularly when it comes to productivity – is that it can make collaboration difficult, especially when you need to share data or files with others.
As a regular practice to keep data secure, you would encrypt it before sharing or sending it to your teammates. That would mean they need to decrypt the content on their end before they can review or work with it. Sure the data would be extra secure, but the process would grow tedious and take quite a bit of time to encrypt and decrypt, especially if the team involved is large.
Obviously, the added step to encrypt and decrypt data would balloon the time required for a project, lowering overall productivity. This can be bypassed by using software that automatically handles the encryption and decryption process for you.
A final caveat is that sometimes when data is encrypted it takes a little longer for devices to access said content. In rare cases, this can cause a loading delay. This is not a glaring issue with modern devices, as both smartphones and computers have grown remarkably powerful. Yet, it can still happen from time to time, so it’s good to be aware of.
Speaking of time, depending on how much data needs to be encrypted the conversion process can take a while. If you have a lot of personal data stored on a device and you enable encryption later, the process will take much longer than if you had enabled it on a brand new device. The same holds true for the decryption process and large chunks of data.
To Encrypt or Not To Encrypt, That is the Question?
Let’s recap, shall we? Encryption offers a vast amount of security when it comes to personal data, and is hard for outside parties to crack. That said, if the security key or password that was used to lock down the data is lost, it can leave those who need it most locked out, as well.
In addition, it can hinder productivity and collaboration because the encryption and decryption process can take a while, both initially and later on.
In the end, it’s up to you whether or not you value your security and privacy enough to enable this security feature. If you’re an organization or business – and not an individual – then the value of your customer and client’s data should be considered, as well.