ENCRYPTION BACKGROUNDER

Strong Encryption Has Measurably Improved Device Security

Although some of the most high-profile data breaches Lost and Stolen Devices Have Been the Leading Cause in recent years have come at the hands of sophisticated of Data Breach (Percent of Data Breaches, 2005–2015) hackers wielding dangerous malware, the biggest cause of data breaches over the last several years has been the 41% Lost or stolen devices compromise of lost and stolen devices. Poorly secured devices allow attackers easy access, not only to data stored 25% Malware/hacking on the devices themselves, but also to credentials that enable attackers to penetrate broader networks. 34% Other In recent years, however, manufacturers of mobile communications devices have undertaken substantial Source: Trend Micro, “Follow the Data: Dissecting Data Breaches and Debunk- ing the Myths” (September 22, 2015), available at https://www.trendmicro.com/ measures to prevent unauthorized device access, vinfo/us/security/news/cyber-attacks/follow-the-data. particularly by introducing encryption. The two leading smartphone operating systems, Apple’s IoS and Android, have incorporated file-based encryption and, later, full-disk more than two-thirds.1 Moreover, device security deters encryption to ensure that only authorized users can access theft: data indicates that, in the six months after Apple their devices. The results have been clear: stronger device introduced its “Activation Lock” mechanism, iPhone thefts security has led to a sharp decline in the number of data declined by 38 percent in San Francisco, 19 percent in New breaches that are due to lost and stolen devices. York, and 24 percent in London.2

Each year, more than 1 million smartphones are stolen in Encryption, which enables the strongest device security the United States alone; yet, increasingly sophisticated mechanisms on the market, prevents thousands of data device security mitigates the damage caused by these breaches02 each04 year, each06 one posing08 risks to individuals,01 00 thefts. Between 2007 and 2017, the number of data businesses, and governments. It is a vital element of strong breaches due to lost and stolen devices declined by cybersecurity.

Data Breach Via Stolen/Lost Devices 160 Apple introduces IoS Apple makes IoS encryption a default setting 140 file-based encryption 120 Apple introduces IoS Android introduces full disk encryption fingerprint ID 100 Android introduces 80 “Device Protection” 60 40 20 0 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 Data Breach Via Stolen/Lost Devices Linear (Data Breach Via Stolen/Lost Devices)

Source: Adapted from “The Evolution of Data Leaks,” Wired, November 2017.

1 “The160 Evolution of Data Leaks,” Wired, November 2017. 2 Report of Technological Advisory Council (TAC) Subcommittee on Mobile Device Theft Prevention (MDTP) (December 4, 2014), available at http://transition.fcc.gov/ Data Breach Via Stolen/Lost Devices bureaus/oet/tac/tacdocs/meeting12414/TAC-MDTP-Report-v1.0-FINAL-TAC-version.pdf140 . 120 www.bsa.org 100 80 60 40 20 0 a2007 a2008 a2009 a2010 a2011 a2012 a2013 a2014 a2015 a2016 a2017