Simon Moores asks, if encryption is used to protect data in transit, shouldn't it be used for stored data too?
It came as a blinding flash of inspiration at a round table on security I was attending. All the right people were there. Police, government, banks and ISPs, all worrying our way through the problems of being an internet society.
The suggestion, when it came, appeared from a source one would least expect. “Shouldn’t encryption be automatic?" The reason given was that it would be more difficult to commit an electronic crime if this were the case.
In a society where both police and government are more than a little paranoid about strong encryption, the idea that data should be encrypted automatically to protect it comes as a surprise.
Encryption is more frequently used to transmit data rather than store data, and the problem we have with most sensitive financial and personal information is that it is readily available to anyone who is prepared to hack into the system that holds it.
Take health records in our new and expensively wired NHS as an example. Shouldn’t such records be encrypted, and shouldn’t any business or agency holding personal or financial data be expected, by law, if necessary to encrypt that information as a data protection measure?
One comment from the direction of Whitehall suggested that there was “a pressing need for data protection legislation to be updated to meet the needs of the 20th century” and a concession that matters were not entirely going to plan where the subjects of internet security, authentication and identity were involved.
So there you have it, a dozen of the most influential people from both government and the private sector, appearing to agree that we need to reconsider encryption as a security benefit.
Who knows? It might even be embedded in future legislation.
What do you think?
Should any personal or financial details held on you be encrypted as a matter of routine? Tell us in an e-mail >> ComputerWeekly.com reserves the right to edit and publish answers on the website. Please state if your answer is not for publication.
Setting the world to rights with the collected thoughts and opinions of leading industry analyst Dr Simon Moores of Zentelligence.
Acting globally, Zentelligence (Research) advises governments, suppliers, business and the media on the evolution, application and delivery of leading-edge technologies and specialises in the areas of eGovernment and information security.
For further information on Zentelligence and its research, presentation and analyst services visit www.zentelligence.com
This was first published in July 2003