Following a spate of terror crimes world leaders are discussing the question of whether encrypted communication should be prohibited for the benefit of terror prevention. Will this lead to a government-mandated end of encrypted communication?

As a result of the attacks on the editorial staff of the satirical magazine "Charlie Hebdo" politicians in the western world discussed a number of suggestions on how to improve counter terrorism to be better able to thwart planned terrorist attacks in advance. Some politicians have gone so far as to demand a ban on all encrypted communication, to assist intelligence and investigative bodies to easily mass-evaluate calls and communication data streams.

This demand is very far-reaching. It ultimately aims to criminalize anyone who exchanges encrypted data. However, it is highly unlikely that terrorists would adhere to a ban on encryption. Encryption technologies are freely available, are effective and will not disappear if banned. A ban of this kind would mean that the simple fact of performing an encrypted transmission of data would represent sufficient initial suspicion to legitimize any further investigation of the communication parties.

Conversely, a ban on cryptology would mean that it would be made very easy for criminal gangs, of which there are many, to read the data of honest communication partners and abuse it, for example, for terrorist activities or in the context of economic espionage. The Dutch politician Pieter Omtzigt puts it this way: "It's one thing if the NSA is spying you out, but what if ISIS are doing this?"
 
Omtzigt recently submitted the final report of the Legal Committee of the Council of Europe, in which the revelations of the Snowden affair were evaluated politically at EU level. The report states that at present a generally applied end-to-end encryption and decentralization appears the only defense against the abuses that affect the integrity of the Internet already known today. (see http://www.theguardian.com/world/2015/jan/26/mass-surveillance-threat-human-rights-council-europe)

For businesses, confidentiality of data is of primary importance to prevent industrial espionage and provide protection of their intellectual property. This is a valid concern, as the revelations of Edward Snowden clearly demonstrate (see also www.cryptshare.com/en/news/industrial-espionage-on-demand.html). But protection against terrorist attacks may be of importance for international companies as well. Therefore the goal is to keep the business communication confidential against unauthorized third parties and simultaneously to have the opportunity to make metadata or content available to government entities in a legitimate and legally justified case.

Regardless of that, companies also need a way to inspect communication content, for example, to check for malicious code and or to fulfill legal requirements for archiving.  There is a place in all companies where greater security is needed without government intervention.

Cryptshare helps companies meet these complex requirements. The system extends the capabilities of the existing e-mail system (MS Outlook or IBM Notes) and makes it possible to exchange encrypted emails and files of any size with external contacts directly from email or via a browser. External contacts do not need to fulfill any particular technical requirements, there is no software to install, no user account or license to buy. The solution is designed for ease of use and demands no specific IT or security knowledge from users. The communication can take place ad hoc and occur in both directions.

Unlike a traditional e-mail system, Cryptshare does not transmit data via a chain of different providers’ servers, a path that is neither known to the sender nor traceable. Also no data is stored in the cloud. Instead, the Cryptshare server is in the DMZ of the company. Thus, it is clear which legislation on data protection and security applies for the system and the data stored on it.

Sender and receiver communicate directly via encrypted connections to this system providing or retrieving e-mails and files. All data is first checked for content and then stored encrypted until the collected by the recipient. All necessary transaction data and information about communication activities, such as sender and recipient addresses, dates of up- and download as well as IP addresses and optionally other contents of the transfers is logged for the benefit of the company. In the worst of case this could also be scrutinized by the government, allowing right-thinking companies to collaborate with law enforcement is needed. This metadata as well as the contents are, however, under the control of the company that operates the server at any time and are protected by the existing security infrastructure and other protective measures by the Cryptshare server.

Encryption means to have control over who can read contents of certain communications and who cannot. Companies should not give away this control option lightly.

To learn more about how Cryptshare makes your business more secure, please contact us!