Encryption is still the most effective way to achieve data security from outside threats. However, it can also throw up a red flag that your data is worth stealing — and could even convince government agencies that you have something to hide. According to encryption expert and Silent Circle founder Phil Zimmermann, the solution is for businesses to band together, Spartacus style.
The concept of data sovereignty has come under increasing threat in recent years, with governments flat-out spying on businesses and collecting their privately held data in the name of national security. There has been concern in some circles that heavy encryption users could attract attention simply because their data is purposely hidden. In other words, using strong cryptography — for any reason — makes you look suspicious.
One man who has been closely watching the online cryptology debate is Phil Zimmermann. In 1991, Zimmermann wrote Pretty Good Privacy (PGP) which used the notion of a public encryption key to scramble messages so that only a receiver possessing a matching private decryption key could unscramble and read them.
This was at a time when high-strength data encryption was highly frowned upon by the US government leading to a criminal investigation. (The case against Zimmermann was eventually dropped.)
During a recent talk at the Unified Communications Expo in London, Zimmermann spoke about a possible solution to the “encryption = suspicion” quandary:
Intel agencies like the NSA tend to focus more on people when they see them using encryption. I think we need to have a Spartacus reaction to that, in which we all stand up and say “we all use crypto — I am Spartacus”. “No, I am Spartacus,” and so on. In other words, we should be using [data encryption] as a form of solidarity.
Sounds pretty simple, right? Of course, anyone who handles sensitive data should already be using encryption. As Zimmerman points out; “we used to have a legislative environment that did not favour cryptography. If you were using it, you had to explain yourself and prove you weren’t a drug dealer, child pornographer or terrorist.
“Today, the situation is inverted: if you don’t use strong cryptography you have to explain yourself. If you leave your laptop in a taxi and it has 200,000 customer identities on it, you better hope this information is encrypted.”