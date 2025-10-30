On October 21, Global Encryption Day, EPIC hosted a webinar about the 2024 Salt Typhoon attack. Panelists included Susan Landau, David Mussington, and Nitin Natarajan; and the discussion was moderated by EPIC’s Executive Director, Alan Butler. The discussion focused on the history of the Salt Typhoon hack, one of the most severe cyber breaches in U.S. history, as well as the private sector and government response, and policy lessons for the future of encryption and communications security.

Key takeaways included:

the policy equities at stake in creating a “lawful” backdoor to access encrypted communications are not merely weighing privacy vs. security, but weighing security vs. security

the threat actors in Salt Typhoon, while potentially contained, are likely not yet evicted from U.S. telecom networks

while the average phone user was likely not targeted by Salt Typhoon, the risks persist because of weaknesses in the telecommunications carrier’s cybersecurity practices; but individuals can shift more to encrypted communications services to protect their messages

breaches of communications systems are inherently more severe and concerning than breaches of sensitive company data, even of defense contractor data

new types of organizations (such as hospitals), not merely those of direct espionage value, are increasingly being targeted by cyber attacks

with quantum computing on the horizon, “hack now, decrypt later” attacks seem increasingly attractive to threat actors, increasing the urgency of implementing post-quantum cryptography (i.e. more sophisticated encryption)

criminals are likely to replicate the tactics of Salt Typhoon and Volt Typhoon, especially as known vulnerabilities remain unpatched and systems unhardened

cybersecurity can be a bipartisan issue, and there is a dire need to address the ‘tech debt’ in our infrastructure, such as our telecommunications networks, with the understanding that the solution will not be a quick fix but a multi-generational endeavor

EPIC has consistently advocated for stronger safeguards in America’s communications networks to ensure the data privacy and data security of those who rely on it. This webinar was made possible thanks to support from the Internet Society Foundation.