Encryption Isn’t Enough
|
http://www.nytimes.com/2016/04/25/opinion/encryption-isnt-enough.html Version 0 of 1. To the Editor: Re “F.B.I. Fought Encryption in a Case 10 Years Ago” (Business Day, April 14): Your coverage of the Federal Bureau of Investigation’s campaign to bypass encryption back in 2003 underscores the reality that encryption isn’t sufficient to ensure higher levels of information security. Though tech companies are understandably eager to reassure users after the Snowden revelations, an entire industry that sells malicious code has emerged that revolves around defeating encryption. Once more, the sad truth is that there’s not much the average user can do. Failure is baked in thanks to the current state of engineering. Malware functions by leveraging software bugs to steal data. Until better ways are devised to implement information systems, encryption won’t be enough. BILL BLUNDEN San Francisco The writer, an information security analyst at San Francisco State University, is the author of “The Rootkit Arsenal,” a manual for designing and deploying back doors on the Windows platform. |