International Cyber Expo International Cyber Expo
  • About Us
Sunday, 12 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Can there be a winner in the Crypto Wars?

by The Gurus
July 21, 2015
in This Week's Gurus
Share on FacebookShare on Twitter

Can there be a winner in the Crypto Wars?

Alexei Balaganski, analyst, Kuppinger Cole
If there is one thing that can be said about most politicians, it’s that they do not understand technology. This is especially true when the technology in question is related to cybersecurity and strong encryption in particular. Governments have always considered the ability to intercept and decrypt communications of foreign nations a matter of national security, but no other country has been as persistent in their fight against encryption as the United States.
In the previous round of the Crypto Wars in the 90s, the US government had come up with the idea of an encryption device with a built-in backdoor to be installed into every communication device, which would allow government agencies to obtain the encryption key and intercept all data transmitted by that device. The proposal was met with unanimous opposition, and security experts have demonstrated multiple weaknesses in both the concept of “key escrow” and the actual implementation of the chip. The idea has been abandoned in the end, but export controls that restricted which encryption methods could be exported from the USA were introduced. Although eventually those regulations were lifted, many current software products still have to support those weakened ciphers for compatibility reasons. Just recently, nearly a third of all websites were found to be vulnerable to the FREAK attack, which allowed downgrading the security of an encrypted session and then successfully breaking the encryption.
Fast-forward twenty years, and the US and UK governments are now discussing very similar plans. Again, claims are brought forward that without having exceptional access to all digital communications intelligence agencies will “go dark” and won’t be able to fight terrorism. The same idea of a centralized body holding all encryption keys in escrow for the government agencies is being discussed again. The UK government has gone so far as to suggest banning certain types of encryption completely. It is all as if nothing has changed since the 90s. Alas, the world we are living in is now completely different.
Before discussing technical implications of these new proposals, it’s worth noting that the very premise of the current debate is demonstrably wrong. Thanks to the documents leaked by Edward Snowden, we now know that NSA has not gone dark since the 90s. In fact, their technical, legal and clandestine arsenal of surveillance tools has expanded immensely in the last decade. Essentially, they are capable of intercepting a vast majority of communications around the world. Unfortunately, they are yet to show any evidence that this has actually helped prevent a single act of terrorism.
In fact, if these new regulations on encryption are going to be adopted after all, criminals and terrorists won’t have any real difficulties going back to “low tech” communication methods. Legitimate enterprises, however, will face much bigger problems. With all the recent trends of digitalization of businesses, the companies are becoming increasingly interconnected. Secure communications channels are now an essential component of every company’s infrastructure. This is especially true for cloud service providers, financial, health organizations, and other companies dealing with large amount of other people’s sensitive data.
A government-mandated backdoor to their infrastructures obviously introduces a vulnerability ready to be exploited by a malicious agent, but that’s not the biggest problem. A centralized government-controlled body holding credentials for multiple such infrastructures is an even more lucrative target for attackers, and government agencies aren’t exactly known for their high cybersecurity standards.
Another problem is jurisdiction: if a US company operates in another country, should it provide exceptional access to that country’s intelligence agencies as well? What if the country in question is a geopolitical enemy of the “free world”? Does it mean that we’ll need to maintain another “export-grade” backdoor, too? Just imagine how complex and expensive addressing these technical and legal problems would be.
All these efforts, however, are most likely to be in vain, since anyone wishing to evade the mandatory surveillance can simply switch to a solution from a non-US company, and that won’t be just the criminals, but every business or individual concerned about security and privacy of their communications. This effectively means that US and UK companies are going to lose their competitive advantage in the world markets, especially in the European Union countries like Germany, where privacy is considered an almost sacred right. Their reputation has already been damaged by Snowden’s revelations, and with new regulations in place, their entire business models will be severely crippled.
In fact, with all things considered, it’s difficult to imagine a single party that would gain any advantage, political, financial or otherwise, from these proposed regulations. To me, it seems that in the Crypto Wars, like in a nuclear war, everybody loses.
 
Alexei Balaganski is an analyst at Kuppinger Cole with specific focus on cybersecurity. After graduating with an MSc degree in Mathematics and Computer science he has worked in the IT industry for over 15 years. His experience includes software development, network administration and information security. Before joining KuppingerCole in 2007, he has taken part in multiple IT projects including e-commerce, high-load and cloud applications.

ShareTweet
Previous Post

Anonymous Targets Canadian Police, Crashes RCMP’s Website

Next Post

How to spot a hacker – and how not to grown your own hackers

Recent News

Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026
hand typing on keyboard

CitrixBleed 2 exploited in repeatable attack chain culminating in DragonForce ransomware, researchers find

July 9, 2026
malware

Huntress Uncovers ‘Vibe-Coded’ Malware Used to Map Active Directory Environments

July 8, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol