Landing : Athabascau University

Debate Proposition: Strong Encryption should be restricted to licensed users only

Just realized this was a draft and i never published it :)


Motion For

Strong encryption as defined by the PC magazine encyclopedia is “An encryption method that uses a very large number as its cryptographic key. The larger the key, the longer it takes to unlawfully break the code. Today, 256 bits is considered strong encryption”. Today except for a handful of countries, most countries (including Canada) have no regulations or control system regarding the use of strong encryption. This means anyone with access to an internet connection can in a matter minutes download an encryption software and encrypt their data using strong encryption.

While the strong encryption might appear to be a good thing, the unregulated use of strong encryption does more harm than good.  This is because strong encryption and also be used by criminals, terrorists and organizations with shady intentions (just to name a few).   The fact that strong encryption is very difficult to hack and is in most cases not hackable, some criminal activity go unchecked due to the fact that their data is protected by strong encryption. In recent times, there have been several instances where law enforcement officers and federal agencies have been unable to access key data due to the fact that strong encryption was used.

In the article “FBI official: data encryption putting criminal suspects above the law” by Erin Kelly of US Today, Amy Hess, executive assistant director of the FBI’s Science and Technology Branch is quoted saying “the public needs to know that data encryption efforts have gone beyond protecting consumers against hackers and are now protecting "bad guys" from being investigated ”. James Colony, director of the Federal Bureau of Investigation also states that “ISIL operators in Syria are recruiting and tasking dozens of troubled Americans to kill people. A process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders, but the tension could as well be illustrated in criminal investigations all over the country. There is simply no doubt that bad people can communicate with impunity in a world of universal strong encryption.  ”


Today, the tech industry has moved to encrypt data so strongly that even companies cannot access their customers' information to comply with court orders and warrants from courts. Therefore, regulating the use of strong encryption, should require licensing where only certain organizations or individuals, meeting predetermined criteria be allowed to use strong encryption. Some of these organizations may include banks\ companies that hold personal and financial information and government organizations. This will ensure that illegal activities are not protected by strong encryption and that law enforcement agencies have access to data used in fighting crime and preventing acts of terrorism.





Motion Against:

In recent times, security breaches involving theft of confidential and financial information are becoming quite rampant. Hackers seem more determined than ever to find and exploit loop holes in a wide variety of technology platforms.  Just in 2015 alone here are some major organizations that were hit by hackers:

  • Office of personnel (OPM) hack where personal information of millions of past and current US government employees were compromised.
  • IRS breach
  • Ashley Madison
  • Experian breach affecting mostly T-Mobile customers

This just to name a few. Even on a more personal level, thousands of personal information are stolen every year from the everyday internet user. With all the current security measures in place including strong encryption, hackers still manage to infiltrate numerous systems. Restricting strong encryption to licensed users will leave the rest of the “unlicensed” users vulnerable and at the mercy of hackers. Information theft would definitely sky rocket setting technology back by several years.

Another major reason why licensing strong encryption would be a bad idea is the fact that the process of determining who qualifies for a license and who doesn’t would be a nightmare.  For example if a background or criminal record check is required to obtain a strong encryption license. Does that mean someone with a criminal record has no right to protect their personal data? With the direction which information technology is going and the amount of personal information stored electronically, strong encryption is something that should be easily and readily accessible to the everyday computer user.



Source Material