Encryption - Why we need to use it!
Strong EncryptionWith the world going more digital every day, people need to have access to and use strong encryption to protect all their personal data from accidental or intentional loss or misuse. People store their banking information, health care information, and personal contacts on all types of media, from cell phones, laptops, to “cloud” storage such as Dropbox or Office 365, just to name a few. The need to secure this data is greater than most believe and more vulnerable than anyone wants to admit. With the ever growing hoard of data being stored on computers and mobile devices, the need to secure this data has become a cat and mouse game.
Cyber criminals are on the prowl to steal any personal information for financial gain while the government is struggling to keep up with the technology needed to perform their investigations. Every day various companies and government organizations are being targeted by cyber criminals. Personal data has become the modern day banks, and cyber criminals are the modern day bank robbers.
Strong encryption must remain available to the general public and must not tamper with to allow anyone, especial the government easier access to your encrypted data. The world entrusts its most sensitive and personal data every day to many forms of electronic devices, such as cellular phones, computers, and online storage platforms.
Reasons for encryption
One example that supports the need for strong encryption is: Encryption is a vital component in securing digital information. While encryption has been around for several hundred years, the public has been slow to come up to speed on how encryption plays a vital role in our daily lives. Every day millions of people go online to check their bank accounts or send emails to their doctors who request personal information. Thousands of business men and women carrying laptops and cellular devices are traveling around the world. Within their devices resides a treasure trove of valuable data just waiting to get stolen. The primary defense these people have against the unauthorized acquisition or theft of this data is through using strong encryption.
Every online interaction you make, surfing the web, updating your social status to checking your bank balance online is sending massive amounts of data across what is essentially an open demilitarized zone. Nobody owns the internet, and nobody has control over the web. We as a society have become oblivious to the inter-workings of all our online interactions and have taken for granted the efforts that companies go through to attempt to protect us. Hospitals are moving to an Electronic Health Record (EHR) to help streamline patient’s records. This all goes across the internet too. There have been many reports of recent healthcare data breaches, the most notable happened on July 15, 2013. Advocate Medical Group (AMG) had to report 4 stolen computers[ CITATION “Kieke, Reba L., 2014”].
When you enter a web address in your browser, you have one of two choices, HTTP or HTTPS. The “S” in HTTPS stands for secure. You might be asking yourself what makes your website being visited “secure.” Encryption technology is being used to encrypt or encode your data going across the vastness of the internet to the desired location. By using what is known as public key encryption, you are receiving two things: One, a check and balance that the site you are visiting is the site it claims to be. Two, you are ensuring your data being transmitted, passwords, health information, bank account information, etc… is being sent in such a way that someone who is attempting to “sniff,” intercept all traffic. The person sniffing the data will only see a garbled mess of data that cannot be converted into usable information.
When Advocate Medical Group had 4 computers stolen, there was far more valuable information that was taken then the computers. Contained within the 4 computers were the personal information of over four million patients. This was recorded as the largest data breach in HIPPA’s history (Health Insurance Portability and Accountability Act). AMG was fortunately enough to have encrypted their data to prevent unauthorized access[ CITATION “Kieke, Reba L., 2014”]. AMG might be the outlier on the extreme side, this type of data loss happens every day.
A second reason strong encryption should remain publicly available is ethics in the corporate and government world is at risk of corruption. When ethic issues arise, people need a way to notify the appropriate departments, authorities, etc. Sometimes, this can be harder to do than one might think. The risk of retaliation has always been a top concern of the whistle-blower who wants to do the right thing by alerting the public of critical, wrong doings. Technology has given us an easier avenue to allow truths to surface, but the risk of retaliation has persisted, until the ability to use publicly available strong encryption.
People have always been scrutinized for doing the right thing, some even turned into criminals for doing so. Several legal battles have been overturned because the courts have deemed encryption a part of our basic rights. On April 4th, 2000, the U.S Court of Appeals made a ruling on the Junger vs. Daley case[ CITATION “Junger vs. Daley, 1998”]. The ruling stated that the use of encryption hardware or software was protected under the 1st Amendment[ CITATION “Feffer, Loren Butler, Mark H. Allenbaugh, and Amy Ackerberg-Hastings., 2002”]. Use of strong encryption allows a whistle-blower the ability to go online and post articles without their actual interaction being watched. Sites like wikileaks.org/
could not have survived and flourished if not for using strong encryption to help protect the people trying to shine a light on corporations and government,s wrong doings.
Perhaps the most famous whistle-blower our country knows about would be Edward Snowden. In 2013, Edward Snowden became the most wanted man in the world. Snowden took the liberty to leak tons of data to the public regarding numerous global surveillance programs headed by the US government. While Snowden did not remain anonymous, he did publish a lot of his revelations on wikileaks.org. A lesser known whistleblower that deserves recognition for their efforts is Julian Assange.
Julian Assange took whistle-blowing
into the twenty-first century when he started a project called WikiLeaks
. As a teenager, the Australian citizen became very good at hacking—breaking into computer systems using his personal computer. Rather than stealing information for profit, as many cybercriminals do, as an adult Assange devoted himself to hacking into government computers and divulging information that administrations around the world wanted to keep secret. He created a small team of experts who felt the same way about classified information. They began using computers not simply to find information but to post it for everyone to see[ CITATION “Feffer, Loren Butler, Mark H. Allenbaugh, and Amy Ackerberg-Hastings., 2002”].
“Julian Assange was instrumental in the in bringing to light several dirty little secrets the government had attempted to keep a secret, a few of them were captured in a video entitled “Collateral Murder.” In this video, footage of NATO pilots filmed NATO troops in Bagdad firing on unarmed troops. Because of Assange’s efforts, he had to claim political asylum in London to avoid extradition to the US on espionage charges[ CITATION “Bartlett, Jamie, 2016″]. Both Assange and Junger vs. Daley prove that without the use of encryption some of our basic civil liberties would have been undermined by the very government is sworn to protect them.”
Protecting your personal data
Another reason to support and use encryption is, each year, millions of electronic devices are lost. Most of these devices contain valuable information. Of these millions of devices, many of them also provide personal and private data that the owners of that data do not want anyone else gaining access to them.
According to the article “Learning to cope with information security risks regarding mobile device loss or theft: An empirical examination,” 133 cellular phones are lost or stolen each minute. One laptop is stolen every 53 seconds. All of these devices contain personal information such as names, addresses, phone numbers. Of this personal data, it is estimated that 76% of lost or stolen devices contain personal photos and videos, 22% of these devices contain work related emails, and 22% of these devices provide passwords to social media and online banking information[ CITATION “Tu, Zhiling, Turel, Ofir, Yuan, Yufei, Archer, Norm, 2015”].
This article helps to illustrate the importance of protecting ALL your devices from accidental loss or theft. Many people think that their personal devices do not have any data stored on it worth stealing or exploiting, but they are mistaken. Every device you use to log into your bank, or social media with can store passwords or offline data. And what about the “BYOD” policy that many companies allow? Bring Your Own Device (BYOD) allows an individual to use their device for work-related functions, primarily email access. Many companies, especially healthcare companies have gone out of business or faced massive fines from the government because a mobile device containing personal Identifiable information (PII), or personal health information (PHI) was lost or stolen [ CITATION “Wild, Andrew, 2016”]. These devices provided a wealth of information to commit Identity theft, or blackmail!
Preventing government overreach
Using strong encryption prevents the government and law enforcement organization’s (LEO’s) from accessing criminal data about various crimes. One such example fresh in everyone’s mind would be the San Bernardino shooting. In the aftermath of Syed Farook’s deadly massacre, the FBI was unable to access Farook’s iPhone 5c due to Apple’s automatic encryption on the device, and the security policy of wiping the device after a certain number of failed login attempts. The FBI had even received the authorization from the U.S Department of Justice (USDOJ) to force Apple to create custom firmware that would circumvent the encryption and security settings on the phone.
Apple’s comment said it best. “This case should never have been brought,” said a statement released by Apple. “People in the United States and around the world deserve data protection, security, and privacy. Sacrificing one for the other only puts people and countries at greater risk[ CITATION “Dingman, Shane, 2016”].” Any attempt to circumvent the security of encryption creates a vulnerability. Any vulnerability will be sought out by criminals trying to exploit the devices.
Encryption is a highly complicated thing to build, and just as complicated to be implemented correctly. Any weakness induced either purposely, or not can take months or years to fix. One example of this was a flaw in Apple’s iMessage. Since 2011, iMessage has been vulnerable to interception, but it took Apple until 2015 to fix the issue without making encryption weaker or breaking things in the process[ CITATION “Dingman, Shane, 2016”]. During this time, anyone using that particular encryption is at risk of being encroached on.It could be argued that the government should have a key-escrow or “backdoor” which would allow them to access encrypted data with a warrant.
No security is perfect. Just like with guns, criminals do not follow rules, regulations, and laws. The average cybercriminal wants to maximize their efforts and go after the biggest target they can get. Allowing the US Government to hold a master key which would permit the decryption of any and all encrypted data would simply be too tempting for cybercriminal masterminds. Even if these cybercriminals were unable to hack into the security protecting this master encryption key, the flaw within the encryption algorithm would still be there. Sooner or later, there would be an exploit discovered that would allow them to gain access.
Encryption is not something unique to the United States either; other countries have developed strong encryption both on their own, and with the assistance of other countries. Should a Government sanctioned key-escrow be implemented, do you think the criminals will obey this law? Cybercriminals will take to offshore encryption to continue to mask their activities from any government they deem a threat.
Despite the limited concerns of criminals using encryption to evade LEO’s, the use of encryption is a vital component of securing your digital data. Every year, millions of mobile devices containing both personal and commercial devices containing sensitive data are lost or stolen. With the countless data breaches being reported every month, the regular data dumps being released by whistleblowers the threat is very real. While corporations and governments understand the impact of this lost data, the average person feels there is not any real threat. Identity theft is on the rise and any data recovered from lost or stolen devices could be instrumental in their efforts. Every online site you visit; every social network site you log into you are trusting with sensitive information. Everyone should be concerned with, and insist on using strong encryption to maintain their privacy in this digital age.
In the modern digital age, strong encryption is a necessity! Identity theft, corporate and government corruption is widespread. All data stored on any digital platform should be encrypted to prevent prying eyes from stealing and abusing this treasure trove of data.
Kieke, Reba L., 2014: KIEKE, REBA L., Recent Data Breach Stresses the Importance of Effective Privacy Efforts., 2014
Junger vs. Daley, 1998: , , 1998
Feffer, Loren Butler, Mark H. Allenbaugh, and Amy Ackerberg-Hastings., 2002: Shane Dingman, , 2016, http://ic.galegroup.com.ezproxy.snhu.edu/ic/ovic/NewsDetailsPage/NewsDetailsWindow?disableHighlighting=false&displayGroupName=News&currPage=&scanId=&query=&source=%E2%88%8FId%3DOVIC&search_within_results=&p=OVIC&mode=view&catId=&u=nhc_main&limiter=&displa
Bartlett, Jamie, 2016: Bartlett, Jamie, Cypherpunks write code, 2016, http://ezproxy.snhu.edu/login?url=http://ic.galegroup.com/ic/ovic/AcademicJournalsDetailsPage/AcademicJournalsDetailsWindow?disableHighlighting=false&displayGroupName=Journals&currPage=&scanId=&query=&prodId=OVIC&search_within_results=&p=OVIC&mode=view&catId=&limiter=&display-query=&displayGroups=&contentModules=&action=e&sortBy=&documentId=GALE%7CA444595866&windowstate=normal&activityType=&failOverType=&commentary=&source=Bookmark&u=nhc_main&jsid=b2a958509609bdf60fea910a6f0cb9b0
Tu, Zhiling, Turel, Ofir, Yuan, Yufei, Archer, Norm, 2015: Tu, Zhiling, Turel, Ofir, Yuan, Yufei, Archer, Norm, Learning to cope with information security risks regarding mobile device loss or theft: An empirical examination, 2015, http://eds.b.ebscohost.com.ezproxy.snhu.edu/eds/detail/detail?vid=3&sid=ccaa7a9f-c9d0-43f3-80d9-550355cbc86b%40sessionmgr104&hid=122&bdata=JnNpdGU9ZWRzLWxpdmUmc2NvcGU9c2l0ZQ%3d%3d#AN=S0378720615000294&db=edselp
Wild, Andrew, 2016: Wild, Andrew, The Anthem and Premera data breaches put the healthcare industry on notice: you are a target, 2015
Dingman, Shane, 2016: Shane Dingman, Apple battle just the beginning, 2016, http://ic.galegroup.com.ezproxy.snhu.edu/ic/ovic/NewsDetailsPage/NewsDetailsWindow?disableHighlighting=false&displayGroupName=News&currPage=&scanId=&query=&source=%E2%88%8FId%3DOVIC&search_within_results=&p=OVIC&mode=view&catId=&u=nhc_main&limiter=&displ
Originally posted at: https://tftsr.com/site/2018/09/29/why-we-need-encryption/