The NSA and PRISM scandal along with the continued media coverage of the GCSB and TICS legislation in New Zealand is fueling the outright Cloud luddites and the so called Cloud experts who are still to get their head around securing Cloud. Worse, those luddites and commentators mix company Cloud use with personal Cloud use, which are two very distinct services.
The luddite’s answer to this problem is to go off grid completely, back to the halcyon days of no access to anything. The Cloud expert opinion is that all encryption can be broken, and so we should just give up and not care about it. A very dangerous thing to do when you are in charge of customer data. It may be you don’t care about whether everyone can see your bank statements, but I’m pretty sure your customers will.
As I’ve commented before, Cloud planned carefully can be incredibly secure. I’d defy anyone to break a Cloud service that coupled encryption, with strong security services, and tokenization. There is of course one way, but we’ll get down to that.
First of all, should we care if spy agencies can see our stuff or our customers stuff? Yes to both. While it is your personal choice to secure, or not, your digital life, not doing so opens you to a raft of risks and potential disasters. Its utterly naive to say “if I have nothing to hide then it doesn’t matter”. While this quote “If you have nothing to hide, you have nothing to fear” is attributed to an unknown author in the nineteenth century, it has been used by a host of dictators over the decades, most famously by Josef Goebbels during the height of Nazi power.
Your customer of course takes privacy and security seriously. Simply saying to them, “not much you can do about PRISM, NSA, the GCSB, and other threats, they can all see your stuff and they probably don’t care about it” is a bit thick to be honest. If my bank took that approach, I’d find another bank.
This, speculative, subjective, view that encryption can be broken is no excuse not to do invest in it.
Let’s look, technically, at a high-level, how you can secure yourself personally and what that means for spies.
I start with a clean machine, preferably not using windows, and I encrypt it. Then, I switch on a series of toggles to basically stop my browser accepting anything like cookies or other tracking information. I use a browser that is nice and thin, open source, and non-standard. Then, I install a strong VPN. I buy a Cloud service within a country that is not monitored by the five eyes along with a secure email service. I make sure that my VPN exits in a country that is not monitored by the five eyes.
So what does that mean for spies?
If they seize your machine, they can throw resource at it until they decrypt it. With a strong key, depending on the resource this could take anywhere from four or more years to infinity. This has been scientifically proven and if you follow law enforcement cases in the U.S. (the home of spying) you’ll see they spend their time trying to get the plaintiff to hand over the keys, not trying to decrypt. If you store your keys in a stupid place (online, on a piece of paper, or on a USB stick) then more fool you.
Even if they decrypt your end device, because you never stored anything on it or kept a history, they basically have a blank device.
So now they have to figure out where your data is. Let’s say that they’ve been keeping your traffic stream by listening to the physical cable that comes out of your house. Strong VPN’s double-encrypt the traffic. So they have a stack of your double-encrypted data. They give it to their marvellous machine and after four years they decrypt it. What they discover is that all of that traffic has been going to and from a local VPN access point. They can see the data coming in, but they have absolutely no idea where it comes out. So they toddle off to the VPN provider, somewhere in Vietnam, and after months of back and forth, they are told that the provider does not hold the keys and can’t see the customer traffic.
Let’s say they get the key from you.
All they can see now, is where you went. They can see that you use an encrypted mail service, out of Iran, and a Cloud provider, in Switzerland. Now they have to try and get your data out of those providers. After more time serving notice on the providers they get the same response, the providers don’t have a copy of the key.
Meanwhile, PRISM, GCHB, GCHQ, the NSA, the CIA, FBI, and every other spy agency on the planet has been capturing all the encrypted data, because that’s suspicious right?
They are not going to be able to decrypt it before they run out of storage. We know that the GCHQ keeps all cross border data traversing in and out of the UK, we also know they can only keep it for seventy-two hours. So what to do? Well, we could keep all the encrypted traffic, but there’s a problem occurring. Since PRISM came to light, encrypted traffic is increasing rapidly. So I have to be able to decrypt it, in days, rather than years, otherwise I don’t have enough storage. Worse, the increased density of the encryption is driving my decryption resource needs higher and higher. I need more and more processor to get through it. If I can. If it hasn’t been tokenized.
Here’s where it gets interesting. Encryption coupled with tokenization (which is only available currently for the enterprise) is getting to a state where, even if you could break the encryption, the data is totally meaningless without a crypto engine.
It works like the old World War II cypher machine. You attach it on your gateway and as well as encrypting data it tokenizes it. Let’s say you use a customer database where you store all the names of your terrorists friends. Let’s say you look up “O’Brien” from your device. It passes through the crypto-engine and it get’s converted to “O’Callahan” or “DSFD&#%##@”. The other end can still process that data, and you get the result back via the crypto-engine, decrypted, in a format you can read.
Like I said, tokenization for the enterprise is here, and not far away for the personal user.
The reality is that you can protect your stuff. It’s not that hard. And protecting your customer’s stuff should be paramount. My advice is to customers is to buy as much security as they can afford.
Just around the corner is homomorphic encryption. It allows for fully encrypted data to be processed by a remote service without any kind of decryption or tokenization.
In a few years we will see quantum encryption. This is theoretically impossible to crack.
There is one way around all of this of course, which is the human element. If you can convince someone to hand over their keys, or their company’s keys, then its open access. Others argue about backdoors. Given the proliferation of encryption and tokenization services it would be naive to consider they had all had backdoors installed.
Encryption works. It’s not that difficult to use and the tools at a enterprise level are well-proven. Security is not an excuse to not do Cloud.