Thursday, November 28, 2013

Encrypting everything, enshrine privacy

It is possibly the biggest story of the year and it continues to evolve. Amidst the harsh reality that digital data has been completely vulnerable to governmental monitoring and analysis for many years, there is growing optimism that privacy can be regained and maintained

Data encryption is the technological answer immediately available, while the creation of international laws to respect user privacy could be the legal answer in the long term.

This explains a wave of data security announcements by companies like Google, Yahoo, Facebook, Twitter and others.
For example, Twitter recently announced its adoption of Perfect Forward Secrecy, which takes the privacy and safety provided by secure sockets layer-based connections (SSL) and raises it a notch to ensure that those who do break through the encryption have less of a means to see what you've been up to. This is precisely designed to stop the technologies utilized by the US government’s National Security Agency (NSA) for online surveillance. Facebook already started using Perfect Forward Secrecy in June and, apparently, it works.

Marissa Mayer, CEO of Yahoo!, has also promised that all data moving between Yahoo! company servers would be encrypted with 2048-bit SSL, by the end of March 2014. Users would have the option of encrypting all data sent between Yahoo! servers and their computer, while the Yahoo! mail service would be switching to default SSL encryption.

Accordingly, Eric Schmit, executive chairman of Google, has recently made the grand statement that ‘online surveillance will end soon’. This is particularly interesting, coming from him, as Google actually sits on both sides of this issue; being accused of cooperating with the spying agencies and claiming to be violated at the same time. He goes on to say that “the solution to government surveillance is to encrypt everyone. With sufficiently long keys and changing the keys all the time, it turns out that it's very, very difficult for an interloper of any kind to go in."
Even co-founder of Wikipedia, Jimmy Wales, has said that the online encyclopedia will begin encrypting communications with its users all over the world, so that people cannot be spied on as they access information. Imagine that, governments could be spying on your general knowledge habits too!
Tim Berners-Lee, the inventor of the world wide web, weighed in on this debate saying "the web and social media are increasingly spurring people to organize, take action and try to expose wrongdoing in every region of the world. But some governments are threatened by this, and a growing tide of surveillance and censorship now threatens the future of democracy". And therein lays the exact reason for all this surveillance.

Makers of operating system have to also got in on the push towards privacy, as Microsoft has already included automatic encryption of your hard drive contents in Windows 8.1.
It’s important to remember that in addition to governmental monitoring, there’s the danger posed by criminal organizations. That’s why users end up caught between two parties watching them for entirely different reasons, but both invading their privacy to a grossly unacceptable level.

For the perspective of governments and intelligence agencies, certain suspicious online activities or specific ‘red flags’ should probably be a trigger for surveillance, but not the all encompassing, massive, pre-emptive surveillance of everything that appears to be the common practice today.

As we make our leap into cloud computing, many are voicing concerns that matters could get worse. However, the response from the specialists is that cloud servers are actually safer as the data resides at the server center, not on the user’s PC, which protects any data beyond the limited information directly accessible at any point in time. Most importantly, data center servers are only accessible to authorized agents whose identity is verified using biometric measures like fingerprints and retina scans. These facts coupled with data encryption software and regular security audits by third-parties provide some comfort that maybe our future in the cloud could be secure.

Something good may come out of this global surveillance scandal, as Tim Berners-Lee confidently predicts that the outcome will be to enshrine users' rights in the longer-term.
We can hope that is true, but one can’t help but think the cat and mouse chase will continue. It has to. There can’t be a utopia, not even in the cyberworld and we have to pay a price for the convenience we get from technology. That’s why, for IT managers and the rest of us in business, 2014 will most likely be the ‘data encryption’ year.