It has been mentioned that the State of California may pursue encryption requirements for computer technology. I believe this is intended for the protection of consumer information. The benefit of this occurring in California is that is where most of the high-profile Internet companies are based. Any guidance that applies to California in terms of technology will have the most significant impact in terms of computers and the Internet. Under the effective leadership of California Attorney General Kamala Harris, the nation’s users of computer services over the Web stand to benefit greatly.
While I am not really a fan of regulations on computer technology, if you are going regulate, I believe this be an excellent place to start. Few things affect identity theft and the easy compromise of a person’s social facilitation more than having information about persons sitting or moving naked in an electronic environment. Encryption of sensitive information is a necessary operation to inhibit compromise of a person’s identity or ability to facilitate their social standing.
Three Problems of Encryption
Three problems exist with encryption. They must be understood in order to use and apply encryption properly whether in policy or operation. Misunderstanding encryption can lead to a false sense of security. The good news is that the problems of encryption are manageable and can lead to a higher level of security than exists without it.
- Encryption can be broken with the right expertise. However, the expertise to break encryption is far less available than is the expertise to do trivial hacking. That means that unless you can hire a top rated crypto-analyst with software engineering skills, you are not going to break into encrypted data. Unlike conventional computer hacking, you actually need an advanced level masters or doctorate degree in a mathematical based discipline to even have a chance at breaking apart an encryption algorithm. Even then, it could take years or decades still depending on how the encryption was done. While encryption is not 100% full-proof in theory, it tends to be full-proof in practice.
- Encryption typically relies on a key of some kind. Just like the key to a house or car door, an encryption key unlocks the encryption to reveal the information. Inadequate use of or protection of the key can be the same as not having any encryption at all. Outside of the actual encryption algorithm, the way the keys work in any encryption scheme will have the second highest impact on the success of the encryption. Improper management of keys is the main way encryption can be undermined.
- Endpoint reception of encrypted information is a substantial area where all previous efforts to secure information can be undone. What does endpoint reception mean? It is when you take data on the originating computer, encrypt it, send it and then when it arrives on the destination computer, it is unlocked. At the moment the information is unlocked, it is vulnerable. This is a special concern using SSL for online shopping or banking. It also applies to SSH. You have many alternatives to improve the situation for endpoint reception, but it takes effort and trust.
As far as the issues of encryption, one need not look no further than a recent issue concerning an encrypted online chat environment. Apparently, there was a flaw in the encrypted chat software that could cause problems but they are well on their way to getting fixed. The lesson is one of awareness, but overall, the prospects for encryption are very positive.
Positive Outcomes With Encryption
Wherever you look across the spectrum of information technology, computers, and network technology, work is being done on encryption technology to produce a more secure environment regarding sensitive or socially comprising information. One of the most promising is the work being done over at Google involving QUIC. QUIC or, Quick UDP Internet Connections, is a much needed tool to the security portfolio for enhancing the integrity and privacy of information where secure transmission is required. The efforts undertaken by the makers of web browsers and other network based technologies to defer towards a secure session is definitely a step in the right direction. As others in the technology news media has commented in June, far more substantial work is needed if online security is to be improved.
Other technologies such as whole disk encryption and PGP secured mail are excellent and prudent safeguards should your laptop end up missing or your email transit line is compromised. Further, as more Web companies decide to apply higher standards to the transmission of email and other messaging platforms, end-users are sure to benefit. Whole disk encryption can be a useful measure in the event a data backup system is physically misplaced or otherwise misappropriated from an IT data center.
Finally, new services coming online from the likes of Silent Circle are sure to have a positive impact on what you may call a total secure environment. Not to be forgotten is IBM and the contributions they have made in this regard. They gave, for free, a truly advanced encryption technology to the open source community that follows the principles of homomorphic encryption. Their efforts are bold, ambitious and, if successful, a true advance in the state of secure communications. There is much to look forward to long-term, but in the short, a vigorous dose of caution is warranted as the state of secure communications can still be considered in its infancy. The actions of the California AG’s office is to be commended and hopefully the efforts will bode well for the future of safe and successful use of computer systems and networks that maintains their tremendous promise but, more importantly, their flexibility.