Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Electronic privacy? There's no such thing

Ira Winkler | Oct. 29, 2013
You will never be secure if you labor under the delusion of privacy.

We would all be better off if we stripped the scales from our eyes and admitted that digital privacy is an illusion. Then we could turn our attention to the value of the data involved and do what we think is appropriate for each situation, while never forgetting that nothing is completely safe forever.

Sure, it would be nice if nobody could read our communications without our say-so, but that isn't the case, and it never has been. And for the most part, such impossible security isn't actually necessary. Yes, it is creepy to think that people can read your private communications, but it's likely that very little of it really needs to be kept completely secret. Maybe none of it. You aren't the NSA. As for your company's communications, those also vary in their need to be protected.

Just remember: All encryption can be broken, and the more widely the encryption algorithm is used, the more likely it is to be broken or otherwise compromised. If the NSA isn't the culprit, it could be the Chinese, the Russians, the French, the Koreans, the Japanese, organized crime or computer enthusiasts with too much time on their hands.

No measure of security will ever be perfect. (Repeat this as a mantra as you try to shed the delusion of privacy.) It's not just that encryption can be broken. Your phone could be stolen, someone could shoulder-surf you as you enter or read data, your device could get infected with malware designed to steal data. Any of those things make encryption useless.

I got started on this topic because of something involving iPhones, but the hardware isn't the problem here. There are no alternatives that can be considered secure. BlackBerry's messaging system is possibly the most secure commonly used texting system, but even it was compromised when several governments around the world required the company to help them crack the encryption.

Security is about risk management. Start with the assumption that your communications can be compromised. The questions then become, "How likely is it that someone will attempt to do so?", "How will they do it?" and, most importantly, "Does it matter if they are successful?" Once you have answered those questions, you can decide how much effort to put into protecting your communications.

I don't think highly of any vendor that would say it provides a level of security that it doesn't. But anyone who believes a promise of perfect security is a fool.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.