Why We Need To Take A 'Spartacus' Approach To Data Encryption

Encryption is still the most effective way to achieve data security from outside threats. However, it can also throw up a red flag that your data is worth stealing -- and could even convince government agencies that you have something to hide. According to encryption expert and Silent Circle founder Phil Zimmermann, the solution is for businesses to band together, Spartacus style.

The concept of data sovereignty has come under increasing threat in recent years, with governments flat-out spying on businesses and collecting their privately held data in the name of national security. There has been concern in some circles that heavy encryption users could attract attention simply because their data is purposely hidden. In other words, using strong cryptography -- for any reason -- makes you look suspicious.

One man who has been closely watching the online cryptology debate is Phil Zimmermann. In 1991, Zimmermann wrote Pretty Good Privacy (PGP) which used the notion of a public encryption key to scramble messages so that only a receiver possessing a matching private decryption key could unscramble and read them.

This was at a time when high-strength data encryption was highly frowned upon by the US government leading to a criminal investigation. (The case against Zimmermann was eventually dropped.)

During a recent talk at the Unified Communications Expo in London, Zimmermann spoke about a possible solution to the "encryption = suspicion" quandary:

Intel agencies like the NSA tend to focus more on people when they see them using encryption. I think we need to have a Spartacus reaction to that, in which we all stand up and say "we all use crypto -- I am Spartacus". "No, I am Spartacus," and so on. In other words, we should be using [data encryption] as a form of solidarity.

Sounds pretty simple, right? Of course, anyone who handles sensitive data should already be using encryption. As Zimmerman points out; "we used to have a legislative environment that did not favour cryptography. If you were using it, you had to explain yourself and prove you weren't a drug dealer, child pornographer or terrorist.

"Today, the situation is inverted: if you don't use strong cryptography you have to explain yourself. If you leave your laptop in a taxi and it has 200,000 customer identities on it, you better hope this information is encrypted."


Comments

    I'm all in favor of encryption, but the argument made in this article is the worst I've ever seen:

    "Companies which you owe nothing would be safer if you drew attention to yourself, so you should do that."

    Honestly, WTF.

    Last edited 25/06/15 5:02 pm

      "a possible solution to the “encryption = suspicion” quandary:"

      It's less about making things safer for others, and more about this:

      Our law makers are mostly idiots where technology is concerned, they demonstrate this all the time (NBN, Data retention, Internet Filter).

      We have about zero possibility that we could educate our law makers that they are technological morons. In this case, our law makers and intelligence agencies are miss-firing and wasting resources due to bad policy - I'm sure you agree that there are plenty of legitimate reasons to encrypt stored and transmitted data.

      So if they've shown that they are unwilling to be educated (and make better policy), then all that's left to us is the solidarity/protest route.

      We've seen how effective even mass public protests have been current western governments - that just leaves us solidarity.

Join the discussion!