This week, both Microsoft and Apple rushed to release patches to protect users from the FREAK vulnerability, a bug that affects the software used to encrypt communication between browsers and websites.
FREAK is a decades old bug that was introduced in the 1990s, at the behest of the US government.
“US companies were required to deliberately weaken the strength of encryption keys they shipped abroad, with a maximum allowed key length of 512 bits – easily crackable in today’s world,” says journalist Thomas Fox-Brewster in a recent Forbes article.
According to TechNavio analysts, the strength of an encryption code is measured by its length, which is determined by the number of bits and by the type of encryption program. A higher number of bits produces more possible codes or combinations, making a code more secure for the user.
So the cap of 512 bits made it pretty easy for the now-infamous NSA to access foreign communications. Since FREAK was first introduced, the US standards have relaxed and encryption in general has gotten stronger, but the weaker encryption has been incorporated into software that has proliferated worldwide.
Business Insider explain that, “this means that many websites and browsers are still programmed to provide weak keys for security when requested, even though they can now be cracked in a matter of hours”.
Regulatory standards and restrictions—like the ones imposed by the US—are a bit of an oxymoron in the Global Encryption Software Market. The market is expected to grow at a CAGR of 17.36 percent from 2014-2019, and regulations are both helping and hindering this growth.
Global Encryption Software Market by Application
Cloud Storage Encryption
This service is provided by cloud storage vendors, in which data are transformed using encryption software and stored in the cloud.
Disk Encryption
Disk encryption helps to protect useful information with encrypted codes that are not accessible by unauthorized users. It uses encryption software or hardware to encrypt data stored on a disk.
Database Encryption
This involves converting readable data in a plain text format into cipher text with the help of a suitable algorithm to protect stored data.
File and Folder Encryption
This helps to encrypt files and folders automatically on laptops, desktops, and file servers for secure file sharing. In this, manual encryption can also be carried out using a simple drag-drop interface.
Encrypted Communications
Encrypted communications help users to communicate securely without the intervention of any third party.
Compliance with Regulatory Standards
The regulatory standards for encryption implemented by many countries ensure more secure data storage while also allowing law enforcement agencies to have access to secret keys. And the US isn’t the only country with strict standards—China has its own set of stringent encryption regulations, and any company, business, or individual storing encrypted data is required to provide its secure code to the government.
Even though regulatory compliance has its benefits, it also places restrictions on the adoption of encryption software. As with the FREAK bug, in a lot of cases the government regulations are at odds with the privacy rights of any software or any private users, which may hinder the adoption of encryption software among users.
