As more commerce moves online, encryption technology is not only securing the digital economy, it’s helping to grow it, according to economists.
Though difficult to quantify, there’s no doubt encryption has been a significant boon to the online economy, according to a Monday report from libertarian think tank the Niskanen Center.
“The problems of online security and the non-economic benefits of encryption are well understood, but there has yet to be a comprehensive analysis of the economic benefits created by the spread of encryption,” Niskanen Center policy analyst Ryan Hagemann and research associate Josh Hampson wrote.
“This is not surprising. When encryption is working properly, the user is not even aware of its existence.”
The authors looked at virtually every major intersect of the Internet and the economy to gauge the benefits of encryption, including online banking, investment, employment, insurance and e-commerce, which alone went from $100 million in total annual sales in 1994 to more than $250 billion by 2009.
Thirty million U.S. households said they engaged in online banking on mobile devices like smartphones in 2013, and by the second half of 2015, Americans had already racked up some $84 billion in e-commerce transactions — up 14 percent from 2014.
Minus the encryption methods many users are not even aware secure their daily activities online, such growth would not have been possible, the authors wrote.
“Without encryption, secure transfer protocols (SSL [secure socket layer] and TLS [transport layer security]) would not exist, which would leave hundreds of millions of online consumers’ financial, health, and personal information open to eavesdropping and theft,” the report reads.
Encryption technologies like SSL and TLS protect users from “man-in-the-middle” attacks — when a third party tries to intercept or tamper with unencrypted data in transit between a server and a client.
“In short, the modern economy would be significantly weakened by the deployment of less-than-optimally secure encryption,” the authors wrote, “to the detriment of individuals, businesses, and government agencies.”
Niskanen isn’t the only group to think so. The National Institute for Standards and Technology assessed the net present value (NPV) of encryption at somewhere between $345 billion and $1.2 trillion in 2001 dollars. Forrester Consulting estimated the risk-adjusted return on investing in Pretty Good Privacy (PGP) encryption for a global media company at 162 percent, and the NPV $1,363,325 in 2008.
Nowhere is that value more apparent than in e-commerce, where online retail giants like Amazon accounted for 60 percent of total shipments in 2013, totaling $3.3 trillion. Without SSL and TLS, “such online commerce would be far less trusted and far less used,” according to the authors.
“More data is needed to home in on a precise number,” they continued, “but it is safe to say that the growth of e-commerce, as well as total online sales, would have been greatly diminished without the use of encryption.”
Exploding growth in the cybersecurity market — especially in the wake of recent high-profile hacks against Sony Pictures, Anthem, T-Mobile and the U.S. Office of Personnel Management — are further indicators. The Internet security software market has gone from $1.2 billion in 1996 to more than $100 billion in 2015, with estimates for 2020 ramping up to $170 billion. Cybersecurity insurance similarly grew from $1 billion in 1999 to over $106 billion this year.
Despite such explosive growth, there’s still significant room for improvement — according to The International Data Corporation, only 20 percent of all proprietary cloud-held data will be encrypted by the end of 2015. By 2018, that should rise to 80 percent.
“A credible estimate of encryption’s benefits to consumers, and to the economy as a whole, will make it easier to defend the integrity of encryption against arguments that it must be weakened in the name of security,” the report states.
Those arguments, though ongoing since the 1990s, have ramped up in the year since Apple and Google announced default end-to-end encryption of users’ data — a policy that will help criminals and terrorists evade law enforcement surveillance and apprehension, according to the FBI and NSA.
FBI Director James Comey and NSA Director Mike Rogers have since led the call for government access to encryption, which in Apple’s case not even the company can unlock without a user’s password. Others in the industry argue any kind of workaround would inherently undermine the security of encryption and the value of U.S. encryption products.
“We said no backdoor is a must,” Apple CEO Tim Cook stated during a Wall Street Journal tech conference last month. “Do we want our nation to be secure? Of course. No one should have to decide between privacy or security. We should be smart enough to do both. Both of these things are essentially part of the Constitution.”
“I don’t think you have to pick among very important things,” Cook continued. “Very smart people can figure out both.”
“Strong encryption is in our nation’s best interest,” Rogers said at the same conference, after which he was pressed on whether he meant “impenetrable” encryption.
“That’s not what I said,” Rogers responded. “I look at all of you and I think you are the best minds in the world in this area.”
“There literally is no problem that you haven’t been able to come to grips with,” the commander of U.S. Cyber Command and career cryptologist told attendees.
Comey has similarly called for the government and private sector to work together on a solution, though neither side has yet to offer anything concrete.
“I’ve heard from a lot of folks that it’s too hard, and my reaction to that is, really?” Comey said during a recent congressional hearing. “Have we really tried? When I look at the industry today, I see companies — I’m not going to name them here — major Internet service providers who are able to comply with court orders, because they strongly encrypt in transit, and they decrypt when it crosses their networks so they can read our emails so they can send us ads.”
“I’ve never heard anybody say those companies are fundamentally insecure and fatally flawed from a security perspective.”