Over Labor Day weekend I had dinner with a friend in the social media space, and we talked about the implications of data mining – and of course the NSA activities revealed by the Edward Snowden disclosures. I commented that I thought this would lead to renewed efforts to enhance and expand on the use of encryption in all digital areas – including anything that touches on financial and intellectual property exchanges. Undoubtedly the European countries will take the lead around legislation that raises the minimum encryption levels acceptable for sensitive individual data, which in turn will raise the overall lowest common denominator in the industry.
Just like Russell Crowe’s SID 6.7 (a code name that stands for Sadistic, Intelligent, Dangerous) in the movie Virtuosity, the NSA can clearly say: “Uh, uh, uh, I thought of that one too!” Yesterday the New York Times reported on how the NSA has been busy, busy, busy cracking various forms of encryption used in online transactions. The NYT article quotes from a 2010 government memo talking about NSA’s capabilities: “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”
Aside from the obvious problems in reconciling this with our Constitution, an immediate problem for business is to figure out a way to truly safeguard transactional and other sensitive data. After all, if one organization can crack the code, who is to say that someone else can’t? China, North Korea, Russia, the Middle East, a group of hackers… As with so many things in life, especially financial matters, perception is reality.
In my previous life in selling, supporting, and consulting around sourcing solutions, I came across several non-US companies that were concerned with the prospect of storing their data on servers in the US. Lately, I have seen more and more providers pitching hybrid cloud solutions where the web front end is hosted here in the US, but the database behind it sits outside US and EU jurisdictions – in Switzerland for example. This split delivery model was something I viewed as a competitive differentiator companies, with the recent news this is practically a table stake. Expect to add enhanced encryption to the list. We will probably also see a switch to encrypted VOIP for most communications.
If our politicians keep fumbling around and letting the NSA run wild, the damage can be severe. I’m reminded of the out-of-control Imperial Japanese armed forces and their mostly “self-directed” activities in Southeast Asia and ultimately in World War II.
Our digital transactional system is too critical to break into silos, which could be one international response to our NSA activities. That is, regions or groups of countries outside the US break away from and form their own Internet – running on hardware free of NSA backdoors, without any requirements to submit to secret blanket demands for access to data (Euro Net, Sino Net, Arab Net, etc.). It’s not an overly far-fetched scenario.
As the byline in “Virtuosity” says: Justice needs a new program – one that doesn’t involve treating everyone and everything as a suspect. Trust is precious – hard to win and hard to restore once lost.