News Stay informed about the latest enterprise technology news and product updates.

Sorry Mr. Snowden -- encryption isn't the only path to security

Last week, Google showed off a new messaging app called Allo. The reaction to that announcement was either extremely positive or negative, depending on who was speaking. General consumers liked the product because it built Google smarts into a messaging app, while privacy proponents decried the fact that end-to-end encryption was not a default feature of the app.

Edward Snowden even weighed in on the matter:

Yes, the way that Allo is designed does leave a small point of access for a court order — Google servers can read messages in order to offer smart replies and contextual search data before immediately deleting the message. But Snowden’s assertion that this somehow makes the app “dangerous” and “unsafe” is hyperbolic at best, and at worst it makes it clear that Snowden has forgotten that not everyone on Earth is a fugitive from the law.

The choice doesn’t need to be a strict binary of safe/unsafe depending on if encryption is the default, because if that becomes true there’s no way to evolve messaging services. Google is in a unique position where the company is pushing artificial intelligence and machine learning, features that simply don’t work without access to data. Google may only want to add search results and suggestions to chat, and enterprise security relies on AI and machine learning for behavioral analytics and advanced malware detection. These features cannot exist in a world where encryption is the default.

Aside from that, the idea that a lack of encryption is the same as a lack of security ignores the fact that encryption was never designed to be the default. The aim of encryption was always to protect sensitive data, not to protect every word communicated between two parties. In this vein, Allo is the true expression of encryption — when you’re talking about restaurants, you can get Google suggestions because the chat is unencrypted, but when you’re talking about something sensitive (the definition of which is personal to everyone), you can switch to Incognito mode in order to be “safe” (as Snowden defines it) from the government’s prying eyes.

The aim of the encryption debate should be to make users aware of how to protect themselves and the ways that security is vulnerable either to legal orders or hackers. Pushing the idea that encryption is the only form of safety is both antithetical to how the technology is supposed to work and a gross simplification of what users want and need from that technology.