Search This Blog

Thursday, March 06, 2008


If that headline didn’t blow your mind, the fact that there is a certain amount of truth to the statement should. Apparently, Julius Caesar used a simple letter-shifting code to secretly get the word out to his generals, according to Phil Dunkelberger in SC Magazine. It wasn’t encryption as we know it today, and neither was the abacus, which preceded the calculator, but it worked. Julius did establish a precedent since the military continues to use encryption to protect battlefield communications and the men and women who use them. The question is, if the idea that this sort of procedure can protect our personal data has been around for over 2008 years, why hasn’t business and government seriously considered its use in their data collecting, and before we ended up in the current identity crisis? There are applicable answers, but neither justifies the position the consumer is in today in the way their name and private information is recklessly handled and sold. Excuse number one: cost. Excuse number two: the difficulty of implementing encryption and the hardships it imposes through its use. If business and government want every morsel of our sensitive data—and they do actually crave this from my experience as a junk mail data broker—then they should be willing to spend the money and take the time to protect it at all costs. Even when we achieve my goal of granting consumers control over their names and personal data—when it would be nearly impossible to steal one’s identity—there is still the need for encryption. Private information should be secure, and away from the wandering eyes of those not authorized to see it. Dunkelberger says “encryption has played a relatively minor role in protecting commercial data” until recently. He cites California’s breach disclosure law—SB 1386, that requires public notification of any company losing personally identifiable information—as being the “tipping point” that put encryption in motion. But credit must be given to the actual data breach that introduced the current identity crisis, which was ChoicePoint’s loss of 163,000 personal consumer records to Nigerian identity thieves. Another concern the author has is the growth industry in mobile devices that wander outside the “fortress” of data protections like firewalls. Lost or stolen laptops are among the highest sources of data breaches so the concern is well founded, and the obvious reaction is that those machines should house only encrypted data. It is frightening to watch the media report data breach after data breach—Privacy Rights Clearinghouse has documented 55 such incidents since the first of the year—and have to wonder how much, if anything, business and government are doing to stop it. If more of you wondered and spoke up, maybe we could begin to solve this issue.

No comments: