UK techie site Techworld recently published a story sporting the headline “Encryption could make you more vulnerable, warn experts”. Whilst being attention-grabbing enough to warrant a read by any security conscious programmer, I have to say that the story inspires more fear than it should.

In a nutshell, the article claims that encrypting data has the potential to wreak havoc on a business in the event that a decryption key is lost, forgotten or, worst yet, stolen and held for ransom. Gosh. Scary. These may be valid points, but what the article doesn’t go into is that these problems are not a result of using encryption; they are a result of having a badly designed or insecure system in the first place.

A poster to a Slashdot discussion on the subject sarcastically compared the logic to things like door locks and deadbolts - basically, it’s all well and good when it works; but what if you lock yourself out? Then, quite clearly, you’re screwed, right?… but, perhaps, if you’d done some research before you started and figured out how the system worked, you wouldn’t have let it happen. I believe the same thing applies to encryption, and Techworld’s article certainly hasn’t discouraged me from protecting sensitive data.