It is no secret that in a guise of protecting global citizens, western governments in particular have led an all-out assault on encryption. The explanation from these nation-states has been that, in order to prevent acts of terror, greater access (aka privacy infringement) is needed into the lives of the general public. This has made the cybersecurity world extremely wary of government cybersecurity efforts and their efficacy. It turns out, however, that it isn’t just the InfoSec community that is lacking in trust on this issue.
According to a recent survey by Venafi, it appears that trust in government cybersecurity efforts is at an all-time low. The survey was taken from responses by citizens in the United States, United Kingdom, and Germany (in total 3,000 respondents). The questions covered multiple areas of governmental cybersecurity and anti-terrorism protocols, and the results were telling.
Data highlights of the survey include the following:
- In response to the question “are governments abusing their power?” 65 percent of those surveyed answered in the affirmative, the highest of these responses (78 percent) coming from the United States.
- For the question “should governments require consumer consent for data access?” 65 percent of respondents believed that no government should be allowed arbitrary access to consumer’s devices and data.
- With regards to the question “should governments force access to encrypted data?” a whopping 68 percent emphatically stated that no government should be able to force a private company to hand over user data without said user’s consent.
- The most telling data is the result to the question “Can governments successfully fight cybercrime?” in which only 37 percent, more than a third of those surveyed, believed that their respective governments can effectively protect their data.
This really should not come as a surprise with all of the evidence of government backdoors in major Silicon Valley products, the constant fight to weaken encryption protocols globally, mass surveillance courtesy of the NSA and GCHQ, and countless other incidents that run counter to cybersecurity’s purpose. Governments of the world, especially in North America and Europe, have gone out of their way to fight the very systems that security researchers use to protect regular citizens.
By doing this they have lost the trust of their citizens, endangered their data, and ultimately made their infrastructure less secure. In a supposed attempt to fight “terrorists” and “cybercriminals,” the governments in question have actually made it easier for these groups to attack regular people.
Jeff Hudson, CEO of Venafi, summed up the results of the survey quite brilliantly, stating:
The results of this research indicate that security and privacy are probably going to get a lot worse before they get better... consumers are confused about what access to encrypted data will mean to their privacy, and it’s equally clear that governments don’t understand how encryption backdoors will be used to undermine our global digital economy. The negative impact encryption backdoors will have on every aspect of security and privacy is tremendous.
Perhaps if more voices, not just in the InfoSec world but the regular civilian world as well, rise up and put significant pressure on the governments and vendors that cooperate with their agenda, there may be changes. Boycott companies that are in the pocket of intelligence agencies. Mobilize and form protests, hell, sign petitions for all I care, but do something. As InfoSec professionals there is only so much we can do on our own to make the governments of the world listen. We also need help from people from every corner of society to join us in this fight.
So join us. Return power to the hands of the people.