In the last two decades, online commerce has created incredible opportunities and almost immeasurable wealth. At the same time, the digital marketplace has given rise to unprecedented levels of fraud and theft, and inspired a frustratingly complex web of regulations, restrictions and requirements around the globe.
Nowhere are the opportunities and challenges of digital commerce more apparent than in Europe. Home to more than half a billion people and some of the wealthiest, most technologically advanced nations on the planet, Europe has the potential to become the world’s largest digital marketplace.
Until now, however, conflicting laws and priorities among the European Union’s member states have stunted the growth of continent-wide commerce. Whether the EU’s Digital Single Market strategy, which is still in the early stages of development, will remedy the situation remains to be seen.
One thing is certain: for a digital economy to thrive, in Europe or anywhere else, consumers and companies must be able to do business without putting their money and information at unnecessary risk. As data thieves seek new ways to exploit the online marketplace, data encryption will become an increasingly important part of global commerce.
Pillar of the online economy
Although the majority of the population may not realise it, encryption is already a fundamental element of online commerce. Without the security provided by SSL encryption, many of the online activities taken for granted today – banking, shopping and accessing medical records, for example – would be impossible.
As the digital market continues to evolve and expand, encryption will only become more essential. In the face of increasing threats from data thieves and hostile governments, data encryption must move beyond the interactions between consumers and vendors, and become a permanent feature of the information exchange that takes place between and among corporations and government entities.
The EU’s wide-ranging (and controversial) Digital Single Market strategy highlights the importance of data security in online commerce. Of the 16 Digital Single Market initiatives, several deal directly with data privacy and security, including a new public-private partnership to enhance the European cyber security industry, and a detailed review of Europe’s outdated ePrivacy Directive.
Even more significant, though, are the Digital Single Market initiatives that simply cannot succeed without widespread adoption of data encryption. The EU has set objectives of “creating the right conditions and a level playing field for digital networks and innovative services to flourish” and “maximising the growth potential of the digital economy”.
These goals can only be met if individuals and organisations are able to exchange data freely and securely across international borders, which in turn can only happen if data is protected against theft and improper use.
These aspects of the Digital Single Market strategy were among the primary reasons EU member nations enacted the General Data Protection Regulation (GDPR) in May 2016.
The GDPR mandates that companies and government entities incorporate data protection into their products and business processes, and sets heavy penalties for violations that involve the loss of sensitive data.
Notably, the final text of the GDPR specifically recommends the use of data encryption, and exempts organisations from penalties in the event that lost or stolen data is protected by encryption.
Safeguard or threat?
While the increased focus on data security is an encouraging sign for the future of the European market, not everyone is eager to see end-to-end encryption on a large scale.
Law enforcement agencies and other groups warn that terrorists and criminals can use encryption to conceal their activities. Recently, government ministers in France and Germany called for mandatory backdoors that would give authorities access to encrypted communications.
Other politicians, including European Commission VP Andrus Ansip, have been vocal in their support for strong encryption. Many have pointed out that even if a backdoor improved law enforcement efforts (a dubious proposition at best), it would also allow criminals and terrorists a way to get information.
While mandated backdoors are unlikely to prevent crimes or attacks, they are almost certain to create new problems. Once a backdoor is introduced, hackers and data thieves will find ways to exploit any weakness, while foreign governments will seek the same access as the government that ordered the backdoor. The inevitable result is that sensitive data will be stolen, accessed and used for nefarious purposes.
Encryption can only foster economic growth in the absence of compromise. Rather than attempting to control encryption, law enforcement and anti-terrorism authorities can better serve the public interest by developing other methods of surveillance and data collection, and by improving cross-border communication and cooperation.
In a unified digital market, where organisations collect and exchange personal information on millions of individuals, the presence of encryption backdoors would make it impossible for consumers to trust that their data was truly safe.
Unless data encryption is adopted and defended throughout the continent, Europe’s Digital Single Market will likely remain only a dream.
Sourced from Matt Little, VP of product development, PKWARE