When I was giving a part of a workshop this week I was asked an interesting question. Someone sends important data via emails and was asking me (on the topic of IT security) how he could secure this connection. I suggested to him that he should use an email suite such as Thunderbird and install the Open-PGP AddOn to encrypt the email. As an IT-expert I could not suggest to him to send it via mail instead…should I…?
Well, maybe! I mean what is the value of an encrypted email if the computer at both ends are not secured at all. Even if they are somehow secured, crackers are most of the time much more sophisticated that the ones applying security measures. Which means, this person should not only send his data via ordinary mail but also not save it one the computer. Or save it on a computer without Internet access.
I mean, I am all for saving data on computers, digitize them and store them on DVDs, encrypted on a shelf. But not put them on a computer with Internet access. Some data is simply to valuable to do so. That reminds me of the doctor whose Wifi was not encrypted. Due to the misconfiguration, everybody could access the data of every of his clients! Imagine that! He should have not have setup internet access there.
When I was reading news today I read another article about the crazy privacy policies of the US government. Now it seems like they want to introduce a ‘Web-friendly biometric identification card to everyone in the country’. Of course they want to spice it up by education but after their approach towards RFID chips in their passports this news is another scary point of US cyber-policies.
Seriously, it is not that easy to fake a passport. Why digitize it? It makes it much more vulnerable to attacks. Just have a look at the RFID hackers website and you will soon realize what the US is pushing forward there. I cannot imagine such a resourceful (when it comes down to cyberspace expertise) country doing things like that. Why not keep it analog? I can see the first people using their ‘secure biometric online ID’ and not only seeing it used by other people but also finding their biometric data online on the net …. for sale!
Speaking of secure computers in order to keep your digitized stuff secure (which will never happen completely), Australia made a wonderful announcement this week. Their solution is simply to impose on the ISPs to cut internet connection for users who access the Internet without proper Antivirus and Firewall protection – or which computers are infected. Well guess what… I do not want to know how they are going to figure out if my computer is allowed to access the Internet or not. Why not? Because that would cause me early heart-attack and at least two more articles on privacy and the limitation of genuine-artificial cyberspace-liberty by the governments of the world.
Well… I would go for keep some things analog (such as IDs and passports) and keep some things encrypted on computers without Internet access… or for that matter: USB stick access. It is a bit more uncomfortable but will save all of us a lot of trouble, believe me!