Security execs wary of possible encryption abuse

March 3, 2016
RSA Survey: 81 percent of security professionals say it is ‘very likely’ cyber criminals will abuse access to encrypted data

SAN FRANCISCO (RSA Conference 2016, Booth 3301) — March 3, 2016 — Apple and the FBI have been engaged in a legal battle over the federal government’s right to require built-in smartphone encryption software that could aid law enforcement investigations. This debate has moved to Capitol Hill as pressure grows for Congress to pass updated laws clarifying technology companies’ responsibility to provide access to customers’ encrypted data.

Tripwire, Inc., a leading global provider of endpoint protection and response, security and compliance solutions, today announced the results of a survey of 198 security professionals attending the RSA Conference 2016. Of those surveyed, 81 percent of respondents said it is either very likely or certain that cybercriminals would abuse the government’s capability to access encrypted data if technology companies are required to provide it.

“Security professionals are very suspicious of any decision that redefines what's acceptable and what's not when it comes to security and privacy,” said Dwayne Melancon, CTO and vice president of research and development for Tripwire. “It's no surprise that the majority of the respondents at a security conference are concerned about this decision and, regardless of how it is resolved, it will have a lasting impact on security and privacy.” 

Additional survey findings include:

•Eighty-two percent of respondents said it is either very likely or certain that government agencies would abuse their right to access encrypted data if technology companies were required to provide it.
•Fifty-three percent said technology firms should be required to provide access to encrypted data on consumer devices if law enforcement serves them with a warrant or subpoena. 
•When asked about the impact this change would have on consumer and enterprise privacy and security, an overwhelming 88 percent believe it will reduce security and  privacy.

About Tripwire

Tripwire is a leading provider of endpoint detection and response, security, compliance and IT operations solutions for enterprises, service providers and government organizations. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at tripwire.com, get security news, trends and insights at tripwire.com/blog or follow us on Twitter @TripwireInc.