| Subcribe via RSS

History Demonstrates Strong Encryption Is Here To Stay

January 15th, 2016 | No Comments | Posted in Data Security, Security

magic-book-burning-247(Originally published on LinkedIn – January 13th, 2016)

I am a very firm believer that knowing the background and history of things provides a much better forward-looking perspective and present decision making capability. Would that this view was adopted more. If it were, the age old George Santayana quote that “those who don’t remember the past are condemned to repeat it” would never have come into existence. The fact mankind never really seems to learn the lessons of history also seems to trap the unfolding of events in a cyclical pattern.

The Encryption Debate and History’s Lesson

Encryption, that technology that for years in the computing world has done its job quietly in the background and without much acclaim, is suddenly a topic that is all the rage due to recent and tragic world events. Lawmakers stipulate and paint a gloomy picture that without the ability to intercept and decipher encrypted communications on the part of criminals and terrorists, national security is at serious risk. Technologists on the other hand, including myself, maintain that the implementation of so-called “backdoor encryption” in effect weakens encryption for all of us with severe consequences and effects to our normal, everyday security, economy and lives. Essentially, to weaken encryption would be to cut off our noses to spite our collective economic and everyday-life faces. Lawmakers and technologists and technology companies are digging the trenches and the staunch faceoff, while mostly civil at the moment, continues.

In a recent interview for The Wall Street Journal, Max Levchin, past co-founder of PayPal and a cryptography expert, questions along with other technologists (including yours truly) whether lawmakers really understand how encryption actually works. Levchin goes on to stipulate that if we’re going to continue the national debate, let’s at least make sure lawmakers do in fact understand how encryption works technically.  And perhaps few are more qualified to step up and provide such an education than Max and other well known cryptographers in the cryptographic community.

Not only do I question whether lawmakers understand how encryption works, I also question whether they’ve really taken into account how the world works. It would be easy for anyone to say “how the world works today” but history, if we’re willing to learn from it, demonstrates the world has been working a certain way for a very long time when it comes to widespread technological innovation leveraged in conjunction with outside agenda.

Let’s take a quick lesson from history that coincidentally has ties to today’s date – January 13th – and see if history has anything to teach us concerning how the weakening of encryption would very likely play out were lawmakers to insist on their position through mandatory legislation.
More »

Tags: , , , , ,

Two Years Later: Reflections from “The Breach”

November 6th, 2015 | No Comments | Posted in Data Security, IT Industry, Security

target-100221410-largePresident and CEO of Vormetric, Alan Kessler, blogged earlier this week concerning the far-reaching impacts of the Target breach – reflections from almost two years later. Alan remonstrated in his article that the Target breach was the most visible mile marker in 2014, a year full of breaches and continuing into 2015, and he went on to discuss and reflect on some of the other specific breaches.

In this article, I would like to reflect on some of the industry-wide changes that have taken place since the Target breach.

“The Breach”

The Target breach was so significant that for at least the first year afterward, it was referred to, especially in security circles and even on the news, as simply “The Breach.” And as Alan has already detailed, that breach was merely a harbinger of things to come with major breach after major breach taking place after the Target breach.

But what has been the impact of all these breaches? As one would expect, reactions and responses to “The Breach” by organizations have been all over the map.  Some have, as the saying goes, not “let a good crisis go to waste” and have become better companies as a result. Others have not fared or reacted as well.

While “The Breach” and the major breaches afterward has led most major retailers to reevaluate their data security approach, the retail edition of the Vormetric 2015 Insider Threat Report shows that retailers still have a long way to go. Over 51% of retail respondents reported being very or even extremely vulnerable to insider threats – the highest rates measured in the study. Many of these organizations continue to invest in security and utilizing traditional approaches that have proven over the last two years to be insufficient.

While the threat obviously still remains high and a number of organizations still admit they have a long way to go, positive changes have taken place since “The Breach” (hereafter referred to simply as the breach) that are moving the retail industry and other industries along in a positive direction.
More »

Tags: , , , , , ,