Skip to main content

Do You Need Data Encryption?


Do You Need Data Encryption?

The decision to encrypt data is based on the balance between accessibility, safety, and security. Consider these aspects in relation to an ink on paper journal. (I find that most questions about computer usage are resolved by simply translating the question into 19th century terms.)

If this journal contains private information that you will need infrequently, and of which you wish no one else to ever see, you will keep just the one handwritten journal. You will place this journal in a vault to which you have the only key.

Suppose you have business partners who also need infrequent access to the journal. You will have to give each of them a copy of the key.

Next, suppose the information, while sensitive, is required on a frequent basis. The locked vault may cause too much delay in fetching the journal. Instead of a locked vault, you use a journal with its  own lockable cover. Going further, you make copies of the pages, binding these into separate lockable journals, one for each partner. 

Perhaps it would be absolutely a disaster if the information became lost or corrupted. The solution is to make many copies of the journal, each stored separately from the other.

Finally, suppose the data in question is so critical, that you must keep it from ever fading away. The best way to handle this is to release the journal into public domain, letting anyone at anytime copy it and keep it. Get the journal into as many libraries as possible.

These scenarios illustrate the data safety versus data security seesaw: that which is secure can be lost, that which can not be lost is not secure. To decide whether or not to use data encryption, you must decide which is more important: data safety or data security.

I myself use AES 128 encryption on my primary storage, for both laptop and desktop computers. However, a recovery key, which is a backup to my own password, is held by a third party. This is my compromise between absolute data security and reasonable data safety. 

Do You Need Email Encryption?

I sent an email to my siblings a few years ago, when the Echelon system was a popular public debate. While I am by no means privy to the exact mechanism by which Echelon operates, I explained to my family, in broad strokes, that the Echelon is a computer system that inspects all electronic data traffic (email, file transmissions, and possibly fax and voice phone calls). As it inspects every data packet, it looks for particular words and phrases, e.g. “bomb”, “jihad”, among a large dictionary. Certain words in combination will trigger a flag that something interesting, from an anti-terrorist perspective, might be in that communication. The rules used to flag such communications are deliberately tight -- flagging too many messages would defeat the purpose of the system. A flagged message is copied so that it might be examined by an expert human being. For the sake of discussion suppose that this person has the rank of lieutenant in the Army Intelligence Corp and she is one of many such stationed in the State of Virginia. She will read the message, and attach a comment such as “nothing of interest”. The system will retain the message in its archives, but this is the digital equivalent of a black hole -- very unlikely that message will ever emerge again. On the other hand, should she find a possible lead on terrorist activity, she will kick the message upstairs to her captain, whereupon it receives additional study.   

The key difference, as near as I can determine, between the original Echelon system and the newer Prism system is that in Echelon any communications that did not match the keywords and phrases was not retained by the system. Under Prism, everything is automatically saved within the system, and the keyword and phrases search is done on this archive of data. Thus, if at some future time, an intelligence officer determines that they must find all communications that contain a reference to “Ziad Doueiri”, they could actually do so for messages previously stored, going some time into the past.

This means that when you send an email, it is discoverable in that archive. Ideally, no civil court can ever expect to get access to such email. This is also likely the case for criminal courts -- the data is forever locked away from such because it was collected, this collection was not authorized by the given court for the given legal action, whatever that may be. 

If law enforcement officers or a less than ethical private concern should wish to get your previously sent email, a better place than PRISM to look is in your computer, the server that provides your email, the server of the person who received your email, and that person’s computer. Do you use an automatic data backup service? That is another great place to look. The key difference is that you actively and voluntarily placed your data into those sources, as opposed to the PRISM archive, where your data was copied without your consent.

If even touched by a law enforcement officer, that could taint other evidence as possibly being “fruit of the poisonous tree”,  even if in fact such other evidence was independently discovered.  Accordingly, prosecutors will likely not wish to even know what may or may not be present in such an email archive.

So maybe fearing a very bored Army Intelligence Corp lieutenant is not the issue here. Instead let us worry about your competitors, rivals, and anyone else who might take advantage of stuff gleamed from your email.


But who does the actual looking? An officer of the court can convey the order, but it would be unusual for he or she to have the expertise to retrieve the desired communication. The same is true of other parties (business rivals, etc.) who might wish to read your email. Whether legal or not, they will rely on the technical skill of a server administrator. Typically, this is a lower level employee of the email service provider. The ethics of that employee and the monitoring of that employee could be the real issue, when it comes to your privacy.

For email that I might really wish to keep private, I have GPG tools set up on my computers. Of course, this does nothing for mail sent from my smartphone or my tablet, nor does it work for web-interface mail service, e.g. Google Mail. The GPG only works when I use my local mail client to send or receive encrypted mail.

However, that is sufficient. When you think about, that is actually very little mail that you need to protect. Such mail will almost always be some sort of business or legal document, for which you are likely to use your desktop or laptop, not your smartphone or tablet. 

Comments

Post a Comment

Popular posts from this blog

Some thoughts after the March for Science

I arrived at the Justin Herman Plaza in San Francisco, at about 10:30 AM. The trolley operator asked to read my sign as I disembarked. I did not have a particular clever sign -- it was a portable chalkboard on a stout carrying pole. The message was a simple statement: "Science: a proven remedy, selected by evolution." The bit about evolution was there because I thought it was important to understand our species evolved into scientists, because being a scientist is a survival trait. There were many other more clever signs -- you can find several of the best at this website: http://www.patheos.com/blogs/friendlyatheist/2017/04/23/these-were-the-best-signs-from-the-marchforscience/ . There were women wearing pink knitted caps in the shape of brains on this occasion. A few held signs explaining that they personally were still alive because of medical science advancements. "Remember polio? Me, neither." "You know it is serious when the nerds come out." ...
Post a Comment
Read more

The Creation of Money, with comments related to Speculative Investment and BitCoins

The Creation of Money In the movie "It's a Wonderful Life", Jimmy Stewart in the character of George Bailey gives a concise description of how money is created. It may not be what you think. In the film, George Bailey is the president of a building and loan association. This is the about same as a savings and loan, except that the building and loan association focusses on using deposits to fund single owner construction projects. A savings and loan association has a broader reach, adding commercial startups and expansions, and other types of loans. In the film's story, which is set in the year 1939, there is a panic about the supply of money. As a consequence, in a single day a large number of the depositors wish to withdraw their money, because they fear the bank will fail and their money will vanish. George, being well aware that the bank can not, at a single given time, return all of the depositors money, has to calm down the depositors, re-assure them that ...
Post a Comment
Read more

Should you accept killing the innocent to stop future crimes of evil?

On the television science fiction drama "Extant", an android is asked to respond to the following scenario, which I have fleshed out a little from the script on the show. A known terrorist, of well documented acts of mass murder numbering in the thousands, has been located hiding in a school house in a remote location. A drone strike will kill the terrorist, preventing possible future acts of mass murder. The strike will also kill a dozen innocent school children. When asked if she would execute the drone strike, the android without hesitation, says "yes". I have heard others, who are real humans, claim they would make similar choices: if the possibility of stopping future evil is sufficiently large, they would harm or kill a few innocents for that objective. Problem is that this is not only a morally questionable action, it is illogical as well. Hence an perfectly logical android would not have said "yes". Of course, the fictional scenario does not in...
Post a Comment
Read more