Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Coming Soon: An Encryption by Default World

November 25, 2013

As an InfoWorld article pointed out last week (and thanks Alan Goldberg for sending a similar story), we may soon have an "encryption by default" world, spurred in large part by the recent revelations of how much data is hoovered up by the National Security Agency.

With Yahoo promising "encryption everywhere," Google moving to 2,048-bit certificates by year's end, HTTP 2.0 to be automatically encrypted, and a renewed interested in secure email, we've entered a new phase: the era of encryption by default over the network — and maybe everywhere else, too.

It's always illuminating to read the thoughts of cybersecurity expert Bruce Schneier who has pointed out that the covert collaboration between tech companies (he calls it the "public/private surveillance partnership") – has crumbled in the post-Snowden era.

As he wrote in The Atlantic, "It's impossible to build an Internet where the good guys can eavesdrop and the bad guys cannot. We have a choice between an Internet that is vulnerable to all attackers, or an Internet that is safe from all attackers. And a safe and secure Internet is in everyone's best interests, including the US's."

Encrypting all data in transit by default still wouldn't thwart direct attacks (like social engineering attacks) but it would bolster security against run-of-the-mill cyber criminals, a threat more real to most Americans than the NSA.

Encrypting data in transit used to be painfully expensive – and it slowed everything down, but not in an age where we have vast computing power. Similarly, encrypting data at rest is easy and far less expensive.

What may be hard is that encryption needs a lot of maintenance – key management and rotation, identity management and updates to the encryption schemes themselves. Worse yet, we still have a restricted supply of true cryptography experts.

And the weakest link in the privacy chain is between the keyboard and the chair. Privacy advocates can only do so much against our desire to overshare and our poor cybersecurity practices.

Still, encryption by default is a huge step forward – we just had to be goosed in our collective national butt to get there.

E-mail: Phone: 703-359-0700

http://www.senseient.com

http://twitter.com/sharonnelsonesq

Sharon D. Nelson, Esq.
President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ride the Lightning

Coming Soon: An Encryption by Default World

Subscribe for More!

Recent Posts

Listen to the Podcast

Disclaimer