I’ve recently had a renewed interest in encryption and codes. I read a fascinating book last month, Cryptonomicon by Neal Stephenson, a great book for WWII history buffs that like a bit of mathematical and technical information thrown in as well. A lot of time is spent developing the crypto side of the plot, and it comes off neatly in an epic book.
From my personal history, while I loved codes as a kid, it wasn’t until I got to play big boy games while training in the army where we used several types of codes for SITREP and in non-battle circumstances. This was often a tedious exercise which would typically slow communication down, but encourage you to be brief with your words. Modern battle communication is typically done over secure radios which still use encryption of varying strengths, however much of the data sent to military units around the world employs data encryption of one form or another, even if it’s rather mundane information. 1
So now we come to businesses…
Should Business Communication be Encrypted?
I’ll give some day to day examples of why I think secure email communications should be taken much more seriously than they currently are.
- You are discussing the implications of employment law with your lawyer on your impending decision to fire someone, do you think that data may be sensitive?
- You are awaiting a draft contract for your review on a particularly sensitive deal. If this information were to be leaked to the public, it could have disastrous impacts on the company’s integrity or stock price.
- You regularly send emails while working at public wifi spots and don’t trust the level security.
More and more, the data that we send to each other in emails every day will be under the watchful eye of interested parties. These could be your competitors, your critics, the media, a disgruntled ex-employee who wants to do some damage, the motives are endless. Now as far as we know there have been no cases made public of this happening yet, but the technology and expertise is already there to easily read other people’s emails as they travel around the world. (Read More)
There are numerous programs that are able to encrypt data and send it through to a recipient as a garbled message that only they have the key or password to unlock, these range from the simple of trying to password protect a word document file, (which by the way isn’t hard to break). Other methods include using a program like TrueCrypt, but its pretty awkward for email usage on a regular basis, and the transfer of passwords is still problematic.
The method I’d suggest that uses one of the best technologies publicly available today is free and it’s known as GPG. If you are using windows as most businesses are, you can download this file and it will install all the necessary parts to add into Outlook, (which again, most businesses use). If you are a fan of GMail by Google, there is a firefox extension, FireGPG that hooks into this whole system to provide GPG encryption even within the GMail interface.
So How Does the Encryption Work?
Basically you generate a public key, (that you give out to all your friends, and really anyone at all, you could even publish it on your website or blog, plenty of people do), and a private key that resides only in the software that does all the work, and in a file that you should consider hiding. The public key identifies you and allows people to send messages that are encrypted to you, as you are the only one who has the private key, which is used to decrypt the data. I’m no expert in this, but last year Lifehacker had an article on this very topic, with some good discussion in the comments about how it works, if you are interested it’s well worth a read.
What does UrbanWorkbench do for Encryption?
One of my roles as an engineer is risk management, and I see this as a huge potential source of risk, for personal data being sent and sensitive corporate information. The email format which is validated year after year as the mode of internet communication of choice (by shear volume of email traffic that is sent every day), was never intended to be secure. I know of some people who believe by clicking on "confidential" in the email options within Outlook that somehow the email is now protected. This is wrong, and it is impossible, it can still be read on a screen and is transmitted as the open text across the vast unknowns of the internet.
UrbanWorkbench currently uses the FireGPG extension for GMail, as 99% of our email is delivered through GMail. I don’t have much use for encryption at this stage, however, would welcome the opportunity to secure communications between several groups and individuals. Organizations that currently use Outlook should look for the free plugins like those available through GPG4Win that compliment the email systems and software that are already in place.
If you think that you would get into trouble for writing emails that would reveal delicate information if they fell into the wrong hands, read up on encryption and do a risk management appraisal, it’s not too scary, but as more people use it, those companies that don’t will be left vulnerable or unable to communicate privately with companies that do encrypt.
p.s. the image at the top is an Enigma Machine developed by the German’s in the Second World War for sending and receiving encrypted messages.
I’d love to know if you encrypt, if you’ve never considered it before, or if you think it’s a waste of time, you can vote here. Comments are always welcome too.
1. The attitude is, that if the enemy were to find out that there are 16 pairs of size 11 women’s boots being delivered to a base, that allows a profile of the personnel to be developed, and if there is enough of that type of seemingly innocuous data being transmitted unencrypted, eventually the enemy knows a lot more about the strength and composition of the defence than they knew previously.