Week 10

Home Forums Weekly discussion Week 10

This topic contains 23 replies, has 10 voices, and was last updated by  aaronlp 3 years, 7 months ago.

  • Author
    Posts
  • #500

    Lisa Steinerd
    Participant

    According to this weeks reading, “Blown to Bits”, Chapter 5- Encryption is the art of encoding messages so they can’t be understood by eavesdroppers or adversaries into whose hands the message might fall. De-scrambling an encrypted message requires knowing the sequence of symbols or key that was used to encrypt it. An encrypted message may be visible to the world, but without the key, it may as well be hidden in a locked box. (Blown to Bits, pg 161)

    Encryption can be used for credit card processing and to protect personal information such as a social security number. Yet, data breaches are reported on an almost daily basis, and companies spend billions of dollars each year dealing with data breaches. A leading study in data breach costs found that in 2011, the average per-incident cost to a company of a data breach was around $5.5 million, or a per-customer cost of nearly $200. Malicious attacks made up more than one third of total breaches reported in the study, and those breaches also proved to be the most costly. (www.silentcircle.com)

    It’s important to have measures in place to protect identities and information of the general public however, more and more criminals are using encryption to perform crimes such as hacking, illegal downloads, drug smuggling even international terrorism. With applications in place such as Cyberdust, Wickr, SSE, and email programs Thunderbird and Postbox (just to name a few) do you think that encryption should be available for public use or do you think that encryption should be something that only financial institutions, businesses, and government use? Do you think that having encryption programs hurt us or help us? Explain.

  • #502

    Excellent post, Lisa. This chapter was a real eye-opener for me. I do tend to only shop from sites that have security certificates and encrypted payment information. However, I really had not given my email much of a thought. In fact, this sentence sums me up quite well. “There is little concern because most ordinary citizens feel they have little to hide, so why would anyone bother looking?” (B2B, p. 192)

    However, unlike the next line, I have considered that the government now has the capabilities to track our interactions and our information. My husband in an immigrant and while going through the whole immigration process, our accounts were accessed to validate our relationship. I am all too aware of the ability of interactions to be traced. Albeit, with our permission, but still.

    Coincidentally, I do think that encryption capabilities should be offered to the public. I am often sending sensitive financial information for both myself and my job. I often wish I had better means of further protecting the information I am transmitting. Though as B2B mentions, programs for the ordinary person are awkward and separate from our usual email sources. I have used encrypted documents for my job, but it was quite the process that, thankfully, the tech geniuses in the office made easy for me. Otherwise, I would have been completely lost.

    • #508

      Heather Harlow
      Participant

      Teresa, I agree with you that encryption should be easier to use. And, by the way, a tech expert friend tells me that all email is encrypted and fairly secure. As long as nobody gains access to your password.

      I read a recent article that took the stance that privacy only works if the majority of the population takes proactive steps to make privacy a priority. The articles listed several reasons an honest person would need privacy on the internet, including sharing ideas and searching for a new job.

      The article points out that many security tools aren’t user friendly. However, with widespread demand for these tools, this will create a market for user-friendly privacy tools.

      http://blogs.hbr.org/2014/03/online-security-as-herd-immunity/

    • #510

      Tim Algeo
      Participant

      @Heather

      I agree that email is relatively secure, but the most popular “free” email hosts (Hotmail, Yahoo,Gmail) all scan your messages and data mine so that they can sell this information to third parties.

    • #513

      Heather Harlow
      Participant

      @Tim Algeo

      True, you make a good point. The email service I was inquiring about with my tech friend was a private email system, not a free service available to the public.

      The email I send through free services is encrypted as well. But it’s true that in exchange for a free email service, Gmail does target advertising based on data they retrieve from my email. I’ve noticed for some time that the online advertising is eerily similar to keywords or topics in an email I have recently sent or received.

  • #503

    Kelli
    Participant

    Lisa:

    After thinking about your question, I changed my mind several times but ultimately decided encryption should not be available for public use, at least in the forms you mention (i.e., Cyber Dust, Wickr, and Thunderbird). If transmissions to/from financial institutions, businesses, and government agencies are secure (or as secure as they can be at the moment), then why does the average person really need messages to self-destruct, leaving no trace whatsoever? Besides illegal activity, I can’t think of many instances. That’s not to say our civil liberties should be devalued, but we need the ability to stay one step ahead of illegal activity, or at least be able to put the pieces of the puzzle together as quickly as possible. Part of me does like the level of personal security these encryption programs provide, but I think the potential for harm outweighs the good.

    In general, I think having encryption programs helps us. Since most everything relies upon the Internet, strong encryption programs are a necessity. Senator Gregg’s proposal on page 162 seemed like a good compromise between the needs of businesses, consumers, and law enforcement. Like other forms of communication, the government has always had the ability to obtain records of communication, if needed. I don’t see how communications on the Internet should be any different. If illegal activity is suspected, law enforcement should have the ability to “bypass the locks and retrieve the decrypted message” through appropriate legal channels.

    • #506

      It is a real toss up regarding public use of encryption, isn’t it? In my post, I stated that I am for it because of the nature of my work. In my opinion, with more companies expanding to telecommunications it will become more necessary for the everyday person to be able to encrypt their messages. However, I agree with you that there are risks to allowing this sort of technology into the hands of everyone.

    • #511

      Jon Miltenberger
      Participant

      I have to disagree here. I’m firmly in the camp that encryption programs should be available to everyone, and I regularly take measures to secure my privacy.
      It’s not a question of whether or not people need to be able to secure the confidentiality of our own data–that doesn’t make a difference in my opinion. The question at hand is whether or not it should be easy for Big Government to snoop on people’s data. Especially with the recent scandals about NSA surveillance that have been going on, I believe more firmly than ever that encrypting data to prevent ‘casual’ snooping is a good idea. If a government agent is going to be snooping on my emails or web traffic then I want them to have to go through the proper legal system to maintain the authorization necessary for it. Having that traffic encrypted means it’s harder for them to go under the table about it, harder for casual snooping to happen, since they have to expend more resources by being sure it’s snooping that they really want to be doing. Otherwise it’s just too possible for a bored NSA agent to go through data at semi-random, picking and choosing things based on flagged words that could be completely innocuous.

  • #504

    Kelli
    Participant

    Teresa:

    You bring up good points regarding the need for ordinary citizens to have access to such high-level encryption programs. With respect to shopping and encrypted information, I recently heard a discussion on the news about the Target security breach and how the U.S. is lagging behind other countries because we still use credit cards with magnetic strips, which contain sensitive information that can be easily picked up by the “Eves” of the world. Other countries have switched to microchip cards, aka chip-and-PIN cards, which have better encryption and require the entry of a PIN by the consumer. U.S. businesses haven’t made the switch yet because of the cost to upgrade, but it’s supposed to happen within a few years. The discussion mainly concerned shopping in stores, but I’d hope this new technology will offer better protection online, too.

    Here’s a link to a relevant article: http://www.creditcardmachines.net/magnetic-strip-vs-microchip-credit-cards-target-dilemma/

  • #505

    My husband is British and does not feel secure at all with our card system. It was surprising to learn the differences in security between the two cards.

    • #518

      Lisa Steinerd
      Participant

      Interesting, I never really considered how other countries handle personal information and data security.

  • #507

    Heather Harlow
    Participant

    I think encryption helps us. Without encryption, we wouldn’t have assurance that our personal data is kept private. If I deposit a check into my bank account via a mobile app, I expect the entire process to be secure. If I send my mom an email that states I haven’t been feeling well and a doctor has ordered a second round of tests (completely fictional, by the way), I would want that message to be equally secure. If I’m sending emails and files between my work and home email, I expect privacy. I don’t have a clear cut line between what I use for business and for personal work. And I don’t think this is practical for encryption.

    I personally believe that protecting our right to privacy is more important than the potential for privacy to be abused. Even with encryption, there are plenty of other ways to detect, monitor and halt illegal activity. It’s not an either-or question: either we sacrifice our privacy by limiting encryption or have rampant criminal activity is not a rational statement. It assumes that limiting the availability of encryption to the general public will keep criminals from obtaining encryption illegally.

  • #509

    Tim Algeo
    Participant

    I believe that encryption should be available to everyone, not just financial institutions, governments, etc. If it were to be made illegal for the average citizen to possess encrypting tools that certainly would not mean that the criminal element could not and would not still be able to obtain them. As with most other things in life, just because the government says something is illegal doesn’t mean that everyone will follow that law.

    I believe that encryption is a good thing and a necessary thing in our world. You cannot rely on the “goodness of mankind” and must take preventative measures to ensure your security. We put locks on our valuable possessions so why should we not “lock” our valuable data?
    Just imagine the amount of identity theft that would be taking place if we had no such thing as data encryption.
    Without encryption our digital economy would probably have never become the dominant force it is today as people would have been unable to have faith in the security of their information.

    • #519

      Lisa Steinerd
      Participant

      True Tim,
      Criminals are just that, criminals. If they want to get something illegally they’ll do it!

  • #512

    Jon Miltenberger
    Participant

    One thing I’m surprised that our book didn’t bring up was protection at Wifi hotspots. Free wifi is incredibly common these days, from the Starbucks on every corner to the campus internet, that I would hazard a guess that the majority of us regularly use wireless internet.

    Here’s the thing about wireless internet though. Since the data is being transmitted through the air, it’s far more free and open to people with the proper snooping programs than wired data is. A laptop with the proper programming can snoop on the majority of unencrpyted traffic from anyone nearby using the same wifi hotspot. The snooping software involved is quite illegal, of course, but that doesn’t stop people from having it.

    That said, for every snoop there is a countersnoop.
    I am a great fan of this program, HotspotShield.
    http://download.cnet.com/hotspot-shield/
    It’s a handy free program to encrypt your data at wireless hotspots. It’s not the smoothest thing, since it is free, but it gets the job done. You could probably find a paid version somewhere to accomplish the same thing if you wanted to look.

    Just some food for thought.

    • #520

      Lisa Steinerd
      Participant

      Thanks for sharing, I always wonder what information people can get with a hotspot.

  • #514

    akirk9
    Participant

    Lisa,

    I think that encryption should continue to be used by companies to protect sensitive information because if it were not used then the information would much more easily fall into the wrong hands. It’s like installing a home security system: you might still get robbed, but it’s harder for the robber to get away with your valuables if the authorities are alerted as soon as the break-in occurs.

    I do not think that encryption should be available for public use because then the average Joe would know how to hack to obtain sensitive information, and there would be many more breaches than there are currently. I think encryption should only be used by financial institutions, businesses, and the government.

    You mentioned that criminals use encryption to commit crimes such as hacking, illegal downloads, drug smuggling, and international terrorism. Ceasing the use of encryption would not be effective in stopping these crimes from occurring because criminals would still use it. It’s the same issue that banning firearms would create: law-abiding citizens would give them up, but criminals would not. It’s not the answer.

    • #523

      aaronlp
      Participant

      I think it is a very good comparison you made with firearms. Criminals will still use it, and the honest will become the victims. Since encryption is already out there you cannot take it away and expect everyone to give it up.

  • #515

    Toni
    Participant

    I feel like I know next to nothing regarding encryption. However, with the knowledge that I do have, it seems that allowing open access to encryption could make it easier for someone in the general public to decode something that we might not have access to. Correct me if I’m wrong here, but I think of the Rosetta Stone. The stone has served as a key that has allowed us to decode certain languages. Without this “key” we would not have been able to understand these languages. So I wonder if public access to encryption could act as a key for those who may use it with malicious intent. Of course, as I said, I am not that tech davy. I can use the Microsoft Office Programs, LightRoom, and Photoshop (to a mild extent), but encryption is certainly far beyond my comprehension level.

    I wouldn’t say that I am bothered by the fact that my actions are watched to an extent, though I know a lot of individuals who are. Especially in the realm of marketing, I tend to find the mean through which we can segment audiences fascinating. However, I am studying public relations and hope to secure a job in the marketing field within the next few months and have a different stake in it than some people do.

  • #516

    akirk9
    Participant

    Heather,

    I agree that encryption helps us; I also expect anything I do online through my bank, BB&T, to be secure, and I certainly expect the same with my email correspondence. The login on the BB&T website says “secure login.” I’m usually initially wary of doing anything related to personal information online, especially related to my bank account, but I’m reassured by the “secure login.” Without encryption, my bank statement, pin number, etc. would be much more vulnerable.

  • #517

    Toni
    Participant

    Jon,

    You brought up a great point about wireless hotspot security. I am very careful to limit the type of activities that I carry out on free wifi. I don’t know how many of you are online student’s who use to live on campus, but I spent my first 3 years at WVU on campus. I often miss the noises and hustle-and-bustle of the Evansdale Library or the sitting area on the 4th floor of Allen Hall. I spend a big chunk of my time alone and like to do my homework at local coffee shops when I can. However, I make sure that I only use this wifi connection for things like homework and watching Youtube videos here and there. Like all things that we’ve talked about in this class, it’s about how you utilize the technology we have available to us.
    Toni

  • #521

    jfletch5
    Participant

    In regards to your question, lisa, it would definitely make people feel safer if only groups of people like banks or universities had access to coding encrypted messages. That would makes credit card numbers and social security numbers much more untouchable from hackers and unsafe programs. However, I dont think it is a good idea to limit that kind of accessibility large corporations. Part of my reasoning being that it is unfair to regular people to restrict that access amd part being that despite hackers distorting the purpose of the codes to a more cynacal one ordinary people sometimes use coding to protect their own assets. A friend if mine’s father codes his wifes computer to make her passwords and personal information safe. Although she probably osnt at a high rosk of hacking, it is still serving a personal assurance to them.

  • #522

    jfletch5
    Participant

    @Tim, I think you made some really good points. In fact I was thinking the same thing. For example, even if the government was granted full access to coding and the general populace denied, I feel like hackers would simply find a loophole or way around that restriction. It makes me think of the argument to ban guns where some people claim that if guns are banned there would develop a black market, so to speak, for guns in which only people who use them for malicious things would have them and ordinary people couldnt have access to them for protection. I think a similar sentiment stands here. If coding was restricted to the government, I feel that hackers woukd just adapt to that environment and come up with something else, leaving the ordinary population at higher risk and unable to protect themselves.

  • #524

    aaronlp
    Participant

    I believe that everyone should have the option to use encryption programs if they choose to do so. There are not many instances that I can recall where I think I would have needed to use an encryption program, but I think that option should be left up to me. Of course having the programs already out to the general public make it easier for criminals to do business.

    Encryption programs help us more than hurt us I think. An online marketplace would not exist if it were not for encryption programs. They are also an asset for government or military organizations to communicate securely to avoid the enemy getting their hands on sensitive information. As for use by the general public, I think it should be an option. There may not be many times where we need to use it, but I think it should be up to us. If it was not made available to the general public than only criminals will be using it.

You must be logged in to reply to this topic.