October 21, 2021, is the first Global Encryption Day, established by the Global Encryption Coalition, a group of over 200 organizations founded in 2020 to promote and defend encryption.
The Messaging, Malware and Mobile Anti-Abuse Working Group (M3AAWG), https://www.m3aawg.org/, would like to take the occasion of Global Encryption Day:
- To remind the online anti-abuse community of the importance of using strong encryption and keeping that software up-to-date, and
- To reaffirm M3AAWG's long-standing commitment to effective use of cryptography for Internet security and privacy.
- Collection of online data has become a pervasive and pre-eminent objective of many online entities. Appropriate cryptographic protections must be implemented and kept up to date to ensure the security and privacy of user information online.
M3AAWG urges all ISPs to use strong cryptography to protect data in motion and data at rest. This must include a strategy to keep these crucial software tools patched up to date. The M3AAWG Data & Identity Protection Committee continues working to provide basic guidance for implementing encryption protections and would like to share the following relevant context for its members and the broader online community.
What is Encryption?
In simple terms, encryption is a process that changes human-readable plaintext information into an unreadable format that can only be read by those who are authorized. Encryption uses keys to lock (encrypt) data and only those with an approved key can unlock (decrypt) the unreadable information so that it can be read again. Encryption can be used to protect both data in transit, such as email while it is being sent from one provider to another, and for data at rest, such as sensitive payroll data or customer details. Strong encryption ensures that sensitive data is even protected against most sophisticated attacks conducted by well-funded adversaries.
Why is Encryption Important?
Without encryption, your online life would be like living in a house with no blinds on the window nor locks on the doors. Encryption prevents eavesdropping. Encryption can also protect online transactions against tampering. Finally, encryption can also be used to ensure that you're actually talking to the party you think you're talking to, and not an imposter who's pretending to be someone they're not. These are fundamental protections that everyone needs. Without encryption, online commerce would falter, online medicine would be inconceivable, and free speech would be squelched. No one wants to see that happen.
What is the Transport Layer Security (TLS) protocol and how is it used to secure data?
TLS is an industry standard designed to help secure and protect the privacy of information in transit over the Internet. TLS is primarily used for encrypting network traffic between web applications, browsers, and servers. Additionally, TLS is used to secure email, messaging, and voice communications. It is the protocol that results in the "little padlock" showing up in your web browser's address bar.
For additional information, guidance, and to stay up to date with M3AAWG initiatives for helping to fight online abuse:
- Visit the main website https://www.m3aawg.org/
- M3AAWG currently has an open call for proposals for the 54th general meeting, to be held February 21-24, 2022 in San Francisco. The call for proposals is open until December 15, 2021. If you have an encryption-specific or other online snti-Aabuse suggested topic, please submit a request at https://www.m3aawg.org/events/call-for-proposals.