Encryption protects our data. It protects our data when it’s sitting on our computers and in data centres, and it protects it when it’s being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

This protection is important for everyone. It’s easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbours, and family members. It protects it from malicious attackers, and it protects it from accidents.

Encryption works best if it’s ubiquitous and automatic. The two forms of encryption you use most often — https URLs on your browser, and the handset-to-tower link for your cell phone calls — work so well because you don’t even know they’re there.

Encryption should be enabled for everything by default, not a feature you turn on only if you’re doing something you consider worth protecting.

This is important. If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can’t tell the dissidents from the rest of the population. Every time you use encryption, you’re protecting someone who needs to use it to stay alive.

Read the full article at Shneier on Security

Senetas high assurance security comments

Bruce Schneier is certainly well known and highly regarded among data security professionals.

There are three key points he makes in this article that should be uppermost in the minds of commercial and government security managers:

  • Schneier’s emphasis that encryption is not a ‘prevention’ tool and that It is a data ‘protection’ tool. It protects data in the all too common event that prevention tools are breached.
  • Encryption must be used everywhere all the time. For a range of user behaviour reason encryption data protection should not be seen as a selective tool to apply only when data is considered particularly sensitive.
  • Not all encryption / encryption solutions are the same. Key management is a very important example of that difference.

But like Schneier said himself in his own biography: “I’ve been writing about security issues … since 1998”. One can only hope his readers have taken his advice!