When people see a small padlock icon in their web browser, it gives them a measure of confidence. A sense that their online interactions are secure from prying eyes. At a time when personal information is being stolen from millions of people and sold in black markets across the Internet, that padlock and the security it represents are more important than ever.
Encryption is essential to modern international business. It is used to enable secure communications and transactions with customers, to protect personal and proprietary information, and to prevent the theft of technological innovations born from substantial investments in research and development.
The worldwide explosion of data has prompted governments to vigorously debate the implications of encryption in a range of areas— from trade to national security. Law enforcement agencies in particular have turned their attention to commercial encryption as a potential obstacle to tracking down terrorists and other criminal actors who may use encrypted devices and services to conceal their communications.
This “Going Dark” problem, as the FBI calls it, is a real challenge for law enforcement. IBM fully supports the need for governments to protect their citizens from evolving threats. In one such area, the fight against cyber crime, we have made considerable investments to better protect our clients’ operations as well as our own.
Weakening encryption technology, however, is not the answer to fighting a new generation of digitally-enabled criminal. Encryption is simply too prevalent and necessary in modern society. A government mandated encryption weakness in certain products would only prompt the bad guys to find other means to protect their communications, and leave the good guys more vulnerable to cyber crime, privacy threats or worse.
For these reasons, IBM firmly opposes any government effort to undermine the integrity of commercial encryption and cryptography products. In a 2014 Open Letter to clients, IBM stated clearly that it does not put back doors in any of its products, and that governments should not mandate means to subvert encryption. Our clients, including some of the world’s largest and most respected businesses, trust IBM as a responsible steward of their most sensitive information. Our business, like others in the U.S. technology industry, depends on that trust.
That said, it is possible to be both a fierce defender of encryption and a responsible citizen. “Going Dark” is a legitimate 21st century challenge, and we should not turn a blind eye to it. We are open to contributing IBM’s considerable technical expertise to a transparent, inclusive discussion on how the privacy and security of data can be maintained while preserving law enforcement’s ability to conduct lawful investigations of criminal activity. This is no easy task, with no immediately obvious answers. But at IBM, we are technology optimists. We believe problems like these can be solved through innovation and collaboration.
The Obama Administration recently declared that it will not seek legislation requiring technology companies to compromise their encryption systems. This is welcome news, and we commend the Administration for recognizing that data security is fundamental to data privacy. Now, let’s Outthink the limits of what seems daunting today, and work together on solutions that will help keep us all secure tomorrow.
Adam R. Pratt
Ph: (202) 551-9625