ProtonBlog(new window)
Privacy vs security

Privacy vs. security: Why the widespread use of encryption is essential to national security

Share this page

Four years ago, the Pew Research Center, a US think tank, asked hundreds of cybersecurity experts to weigh in on a simple question: “By 2025, will a major cyber-attack have caused widespread harm to a nation’s security and capacity to defend itself and its people?” A majority of the respondents said yes(new window).

“Cyber attacks will become a pillar of warfare and terrorism,” said one tech executive.

“Current threats include economic transactions, power grid, and air traffic control,” said a NASA researcher who now runs a space robotics firm. “This will expand to include others such as self-driving cars, unmanned aerial vehicles, and building infrastructure.”

“Cyberwar just plain makes sense,” said a former general counsel for the NSA.

In the few years since that report came out, we have witnessed Britain’s National Health Service (NHS) crippled by stolen NSA ransomware(new window), the US power grid infiltrated by Russia(new window), and hundreds of millions of digital records exposed(new window) to hackers. In other words, the experts’ predictions are right on track.

Yet at the same time, governments around the world are pushing to weaken the very encryption that can help to keep our personal records, our infrastructure, and our democratic institutions safe from bad actors. Most recently, the Australian government has waged a campaign to promote encryption backdoors(new window), which would weaken the right to privacy and make us all less safe.

State security officials are sending two conflicting messages: On one hand, encryption (i.e. privacy) is dangerous; on the other, cybersecurity is the battlefield of the 21stcentury.

In fact, privacy and security go hand in hand. The widespread use of strong encryption both guarantees individuals’ right to privacy while hardening society against waves of data breaches and cyber-attacks.

Why governments don’t like encryption

In the United States(new window), Australia(new window), and elsewhere(new window), law enforcement agencies are pushing for legislation that would make it easier for them to weaken encryption in consumer devices and software.

For example, Australia’s Assistance and Access Bill(new window) would require tech companies to build vulnerabilities into their security systems that could be exploited by law enforcement. If the law passes, it could also be used by US agencies(new window) thanks to the Five Eyes intelligence-sharing agreement(new window), even though American legislators have so far refused to mandate encryption backdoors.

Proponents of these kinds of laws say encrypted services, like WhatsApp or Proton Mail, allow criminals to plan and carry out attacks beyond the reach of police.

Privacy vs. security is a false dichotomy

First of all, there is very little evidence(new window) that government surveillance prevents terrorism. For instance, in 2013, the White House reviewed the NSA’s mass phone surveillance program and determined it was “not essential to preventing attacks.” Police foiled most attacks the old-fashioned way: through informants and tips.

More importantly, it is impossible to create a backdoor that only the police can use. Last year’s WannaCry ransomware attack(new window), which hit over 300,000 computers in over 150 countries (including the UK’s National Health Services) is the perfect cautionary tale. The attack relied on a vulnerability in outdated versions of Microsoft Windows that was first discovered by the NSA. Instead of disclosing the discovery to Microsoft so it could be patched, the NSA kept it secret to be used as a future backdoor into computer systems. However, the NSA was itself hacked, and the exploit was stolen, weaponized, and ultimately unleashed on the public.

The WannaCry example shows how tools intended for “the good guys” can easily fall into the wrong hands. In the age of cyber-attacks, there is a more responsible way forward.

Privacy tools make us all safer

In the age of self-driving cars, it isn’t difficult to imagine a future cyber-attack that puts lives at risk. Although no one is known to have died as a result of the WannaCry attack, an attack targeting hospitals could have life and death consequences. So could an attack against aviation systems or a nuclear power plant. The only way to prevent these kinds of attacks is stronger cybersecurity.

Cybersecurity means many things, from enforcing good operational security within organizations to keeping software up to date with the latest security patches. Individual cybersecurity requires strong passwords and strong encryption. Every major data breach has involved unencrypted data pilfered from corporate or government servers, exposing people’s personal and financial information. In many cases, the use of end-to-end(new window) and zero-access encryption(new window), like the kind used at Proton Mail, would have drastically mitigated the damage caused by these attacks.

Privacy and security are not in opposition, despite what some politicians and law enforcement officials would have you believe. Rather, they are two sides of the same coin. A digital system that is built in a secure way is also necessarily private. By promoting cybersecurity, rather than weakening it, we can support both the right to privacy and public safety.

Best Regards,
The Proton Mail Team

Sign up and get a free secure email account from Proton Mail.

We also provide a free VPN service(new window) to protect your privacy.

Proton Mail and Proton VPN are funded by community contributions. If you would like to support our development efforts, you can upgrade to a paid plan. Thank you for your support!

Protect your privacy with Proton
Create a free account

Share this page

Ben Wolford(new window)

Ben Wolford is a writer and editor whose work has appeared in major newspapers and magazines around the world. Ben joined Proton in 2018 to help to explain technical concepts in privacy and make Proton products easy to use.

Related articles

Can you password-protect a folder in Google Drive?
Protecting a folder with a password is a simple yet effective way of securing files. You may wonder whether you can password-protect a folder in Google Drive. We explain what access controls Google Drive offers and what you can do to improve your sec
Proton Pass now supports passkeys on all devices and plans
We’re excited to announce that Proton Pass supports passkeys for everyone, allowing you to manage and use passkeys across all devices seamlessly. Passkeys are an easy and secure alternative to traditional passwords that can help prevent phishing atta
what is a passkey?
Passkeys are a new way to secure your online accounts using cryptographic keys instead of passwords. They offer a high level of convenience and security, and are a real game-changer in the way we access and secure sites. What is a passkey, though, an
Apple’s marketing team has built a powerful association between the iPhone and privacy. The company’s ad campaigns claim that “what happens on your iPhone, stays on your iPhone.” And, “Privacy. That’s iPhone.” But Apple’s lawyers are telling a diffe
A cyberattack on national public employment service France Travail has exposed the personal data of as many as 43 million people.  The latest breach is the second major cybersecurity attack to happen in France in the past month, raising concerns abo
If I share a folder in Google Drive, can anybody see my other folders
Google Drive makes it easy to share files and folders, but you may have wondered at some point whether the people you’ve shared a folder with can see your other folders. We answer this question below and also share some tips for truly secure link sha
In 2014, Proton Mail was introduced as a web app, revolutionizing how we think about email privacy. Today, we’re excited to broaden the horizons of secure communication by launching the Proton Mail desktop app. Anyone can now use the new Proton Mail