I know a place where no spies go, or do I? Yahoo! To encrypt all internal data
By now, even people who do not own computers, nor how to turn them on, have likely started to become insecure about their privacy, as the National Security Administration (NSA) and several other entities have essentially broken down the barriers of information security. Between the Snowden controversies, as well as the weighty and relatively invasive activities that have yet to be disclosed to the public, everyone and their mother is starting to be more conscious of Big Brother’s watchful eyes.
One of the most concerning aspects of what has been revealed is the apparent lack of care among many enterprises that act as platforms for Internet searches and data collection. Any way you might slice it, these companies were once responsible for maintaining the privacy of its clients, but are now far less interested in morals and integrity than they are in higher profits and avoidance of spy-perpetuated sanctions.
However, the world might be in store for a revolution, as an unlikely hero has stepped up to the plate against the big bad NSA.
Everyone say “Yahoo!”
In an unprecedented changing of the guards, the fearless chief executive officer of Yahoo! has made a promise to protect all data in its servers from the NSA using some of the most advanced encryption technology on the market. This is the first public affront against the NSA’s spying practices, especially those that involve average businesses and consumers.
Whether this fight will pan out in favor of Yahoo! and the general public is yet to be determined. Reports released in the past several months have indicated that the NSA has a three-year old project still in operation that was set forth to break the encryption of every search engine and other digital information handler. Certain media coverage alluded to the fact that the NSA had already accomplished its objectives.
One thing is for sure, though, and that is this announcement will likely have significant corporate implications. Google is currently the King of the Internet, especially among corporate clients. However, how long do you think it will take a CEO to decide to migrate all data and systems to Yahoo! if it can guarantee protection from the NSA?
As this story is most focused on data transport, it is important to note that certain state and federal laws demand encryption of all data in motion. For example, the Massachusetts Data Security Law requires businesses to encrypt information as it is going over a network to prevent middleman attacks. What’s more, many companies do not even think to protect data as it is traveling.
When you factor in the activities of spies who make a living breaking encryption along with lackadaisical efforts to protect data in transit, you get a turbulent information governance landscape.
WWBFD?
Ben Franklin once asserted that “those who would give up essential liberty for some temporary security deserve neither liberty nor security,” and it’s incredible how pertinent these words are today. While forensics and information governance freaks such as myself will often ponder how these words fall on the ears of major telecommunications companies, the truth is businesses have to be their own guards.
Of course, there is only so much you can do when well-trained, unmonitored and unregulated spies come knocking on your office door. Still, if you value your privacy, or just appreciate the fact that disclosure of your sensitive information resulting from breaches carried out by any party, spy or otherwise, is a business risk, you should join the fight with Yahoo! and several others in its relatively tiny resistance.
Rumor has it that the NSA has built a backdoor into what should be unbreakable encryption, and this story begs the question of if that is true. Forensic efforts will not be affected, but goings on such as this should serve as a reminder that data in transit, not just storage, must be accounted for and protected by businesses.
Sources:
Yahoo plans to encrypt all internal data by early 2014 https://www.theverge.com/2013/11/18/5118150/yahoo-ceo-marissa-mayer-plans-to-encrypt-data-against-nsa-by-2014#!
Photo courtesy of https://www.resourcesforlife.com/docs/item6663”