Superconductor

There's apparently an add-on for Firefox that lets you do S/MIME-based email through Gmail. When I first saw this, my first reaction was something like Why on Earth is anyone doing this!?!?

According to the IETF's outcomes tracking database, S/MIME hasn't been a success. They somewhat charitably say that it has experienced "poor adoption."

For some reason, the heroic efforts of the S/MIME Working Group in creating the dozens of documents that they've finished so far remind me of the part of the Odyssey where Odysseus and his companions escape from the hungry Cyclops Polyphemus by blinding him and running away while his cries that "nobody (ουτις, or outis) was hurting him" were ignored by the other Cyclopes.

Maybe "Outis" is a good code name for the Firefox S/MIME add-on for Gmail. I expect that's who will be using it.

Intrigued by the possibility of becoming famous that I mentioned in the last post, I looked more closely at the email that invited me to get listed in some sort of prestigious publication and found a link that had my name in the URL. Once I saw this, I wondered how easy it would be for someone else to become famous. To test this, I removed my name from the URL and put in the name of one of my wife's stuffed animals.

Apparently Putsi Fischotter is also famous enough to get his name listed.

Maybe if I send these guys a picture of a stuffed otter dramatically staring off into the distance they'll add that image to their web site.

I recently received another one of those annoying emails that tell you that you're so famous that some publisher would like to include you in a book that lists other famous people and their accomplishments.

Here's what these guys said:

It is my honor to inform you that as of January 22, 2010 you are being considered for inclusion in our forethcoming [sic] edition of the 2010 directory representing the WHO'S WHO of Worldclass [sic] Professionals.

Our alliance is recognized by talented individuals who hold knowledge and experience in a particular industry, demonstrate a commitment to excellence, and seek career advancement or enhancement.

On behalf of the CEO and our esteemed staff, we wish you continued success.

I'm not sure how these emails manage to get past our spam filter, but they do it fairly often. I must get one of these at least once per week. I get them so often that I'm now convinced that the only criterion for getting listed in one of these books is having a valid email address. I'm not sure that counts as holding knowledge and experience in a particular industry. It's hard to see how that demonstrates commitment to excellence or seeking career advancement or enhancement, either.

I have to wonder if other talented individuals like sales@voltage.com and marketing@voltage.com are already listed in one of these fine publications.

Because I'm on the program committee for the 2010 Key Management Summit, I knew that there's a Google AdWords campaign happening now to increase awareness of the event. Despite this, I was surprised to see the following ad when I last read my Gmail:

Key Management Summit - 2010.KeyManagementSummit.org - IEEE Conference on Encryption Lake Tahoe, NV. May 3-7 2010

While I'm probably the right kind of person to target with this ad, I have to wonder exactly how Google chose to show it to me. I don't get work-related email at my Gmail address, and the email that's in my Gmail Inbox right now is stuff like announcements of end-of-year sales that various small presses are having (up to 75 percent off in some cases), information about my kids' Boy Scout camp for next Summer, and confirmations that various Christmas gifts have shipped. There's nothing there that's even remotely related to encryption or key management.

Maybe the logic behind AdWords is even more clever than you might first think. Or there might be terms like "encryption" or "key management" hidden somewhere in those emails about Christmas gifts.

How serious is phishing? According to a paper by Cormac Herley and Dinei Florêncio of Microsoft Research, it may not be as serious as we're led to believe. Here's what they say about this.

We find the oft-quoted survey-based estimates of phishing losses unreliable. In particular the victimization rate found in most surveys is smaller than the margin of error, and dollar losses are estimated by averaging unverified self-reported numbers. We estimate that recent public estimates overstate phishing losses by as much as a factor of fifty.

In other words, they claim that the victimization rate for phishing is statistically indistinguishable from zero and that estimates of the losses due to phishing are wildly inaccurate. Herley and Florêncio then try to make their own estimate of the annual losses due to phishing and come up with the figure of $61 million, which is much lower than we're usually led to believe. If that estimate is accurate then it's essentially not worth doing anything about phishing because any industry-wide effort to fight it will cost more than the $61 million in losses it could prevent.

If phishing is really not as lucrative as we're usually led to believe, why do people keep doing it? Herley and Florêncio have an answer for that too:

Repetition of questionable survey results and unsubstantiated anecdotes makes things worse by ensuring a steady supply of new entrants.

In other words, people keep trying it because they're mislead into believing that they can make money doing it. If this is the case, the best strategy is to ignore phishing and it will probably go away.

Which is true? Is phishing as serious a threat as we're often led to believe, or is it essentially not worth worrying about? Unfortunately, there's not enough accurate data to answer this question, so we'll have to keep making decisions about how to deal with phishing based on our own experiences and the data that's available.

I recently received an e-mail from Thawte that explained how they are going to discontinue their Thawte Personal E-Mail Certificates and Web of Trust. Here's how they explained this:

Over the past several years, security compliance requirements have become more restrictive, while the technology infrastructure necessary to meet these requirements has expanded greatly. Despite our strong desire to continue providing the Thawte Personal E-mail Certificate and Web of Trust services, the ever-expanding standards and technology requirements will outpace our ability to maintain these services at the high level of quality we require. As a result, Thawte Personal E-Mail Certificates and the Web of Trust will be discontinued on November 16, 2009 and will no longer be available after that date.

The Thawte Personal E-mail Certificates implemented an interesting idea. They assumed that all you can really verify with an e-mail exchange is an e-mail address, so that's all you could have for your identity until you had your identity verified face to face by one or more WOT notaries. Once enough of these notaries vouched for your name, that name could be included in the certificates that you got from Thawte. I was actually one of these notaries, which is why Thawte sent me this message.

The Thawte root CA certificates were in the commonly-used browsers, so this provided an easy way to get a useful, yet free, certificate, and Thawte Personal E-mail Certificates were one of the more common certifictates that you'd see used to sign and encrypt e-mail. It's a pity that we won't have them any more.

You'll still be able to buy certificates with your name and e-maill address in them, of course. Maybe that's really what this was all about.

Last week, I heard something interesting about credit card numbers. Someone that I was talking to claimed that a recent study showed that over 95 percent of people can be tricked into thinking an email is actually from their bank if the email includes the first four digits of their credit card number. We're used to seeing the last four digits being used this way, and that makes some sense, but the first four digits really aren't suitable for being used this way. 

In a 16-digit credit card number, the first six digits form the issuer identification number (IIN) that identifies the bank that issued the card. The next ninedigits are the account number, and the last digit is a checksum that's calculated from the previous 15 digits. In most cases, it's fairly easy to guess the IIN. There's a list of known prefixes to IINs here, and some of these are very easy to guess. In some cases, the first four digits are actually the same for fairly broad categories of cards.

I haven't been able to find the paper that this discussion was based on, but I wouldn't be surprised if it does exist. People in the payments industry know the structure of card numbers and know that the first four digits of a card number isn't a good way to authenticate someone. The average guy on the street probably doesn't know that, however, but that might need to change. Apparently, it's becoming necessary for people to learn more about payments processing than they really want to know.

A few days ago, I received what must be the lamest spam ever. Here's what it said:

Hi Sir, You have a wonderfull offer to getting world wide companies. Please. If you are increase your bussiness then me. Regard's Thomes

It's somewhat amazing that this message made it past our spam filter, but what's even more amazing is the fact that someone actually thought that he could make money off his email campaign that sent out this message.

I've seen some poorly-designed spam over the past few years. Some spammers didn't even take the time and effort to make the content of their spam consistent. Like messages that claim to be from one bank yet tells you that your account at an entirely different bank has been suspended and that you'll be unable to access your balance unless you click on a link that installs a virus on your computer.

At least that spam made a better effort. It at least had flashy graphics that made a reasonable effort of making the message look like it really came from a big commercial bank. This message from "Thomes," however, makes no effort at all to even try to look legitimate. It must the lamest spam that I've ever seen.

I predict that some day we'll notice that very few consultants encrypt their email. This will be because of the secure email products that they were forced to use when they worked at larger companies. My experience with ice cream leads me to believe this.

When I was a kid, we would frequently get ice cream on the way home from school. I always wanted to get a clown cone, a scoop of ice cream in a sugar cone that's decorated with candy to look like a clown. Clown cones don't actually taste that good because they've usually been sitting out for quite a while before you buy them, but they certainly look good, and that's why I always wanted one.

My parents, however had different ideas. They knew that clown cones don't actually taste very good, and they never let me get one. After years of being cruelly denied clown cones, now I'm the dad, and nobody (except my wife of course) can tell me that I can't get one. I do this every time I take my kids out for ice cream, cheerfully ignoring the fact that the clown cones really don't taste that good as I do it.

Now consider the people who have to use email encryption on the job. Many of these people aren't lucky enough to be using Voltage's SecureMail, which is extremely easy to use. Some of them even use PKI and S/MIME to protect their email. They probably hate every minute of this, but are forced to use S/MIME anyway.

Some of these people are going to become consultants one day. They'll be their own boss and won’t have a security department to force them to use S/MIME. I expect that many of these people will rebel against their terrible experiences with S/MIME by intentionally avoiding using encrypted email as much as they can, ignoring that fact that they really should be protecting sensitive information.

What's the solution to this? Use Voltage's SecureMail, of course.

It’s sometimes convenient to divide communication systems into the end points that attach to a network and the network itself. This provides the framework for thinking about the end-to-end principle. This tells us that whenever possible, operations should take place as close to the end points as possible instead of being implemented in the network. Conventional wisdom tells us that the closer we follow the end-to-end principle, the easier it is to create reliable systems. This principle has guided the evolution of the Internet for many years. Is it still appropriate today?

There are certainly some cases where it’s proved to be useful to violate the end-to-end principle. It’s usually not practical to do content scanning and filtering at end points, for example. These work better when they’re implemented in the network instead, like at a gateway appliance or a firewall. That's where these functions are typically carried out these days, although it's also common to have the same functionality at the end points. An example of this is how virus scanning is often done at both an anti-virus appliance in the network as well as on a user's desktop.

Some types of encryption also work better when they’re implemented in the network instead of at an end point. This frees users from the burden of managing cryptographic keys, and can make technologies like encrypted email much easier to use. This has also proved to be a useful alternative to end-to-end encryption, and most encrypted email today is encrypted at a gateway appliance instead of at an end point.

Not all cases where it’s useful to violate the end-to-end principle involve security. Network address translation (NAT) is a useful technology that’s not implemented at end points but has nothing to do with security, but many of the examples where it’s useful to push functions away from end points seem to. Could this be a general principle: that security often needs to be implemented in the network instead at an end point? There seems to be a fair amount of resistance in the IETF to technologies that violate the end-to-end principle, so if this is true, we may never actually see standards for many useful security technologies.

The 2009 Ernst & Young business and risk report is now available. The predictions that E&Y has made in previous editions of this report have been fairly accurate, so I always look forward to seeing the next edition of it. Like the reports from previous years, this year's report has a few interesting things in it.

The first thing that I noticed was an obvious non sequitur by Edmond Escabasse. He's the CEO of Asialis and a member of the board of directors of ParisTech Telecom. He's also the person who wrote the section of this year's report that talked about how regulation, convergence and the evolution of economic models are important to businesses. Here's what he said.

In the complex world of telecoms, care needs to be taken to avoid confusing industry drivers with sector risks. Instability is driven by a number of factors, such as the capital intensive demands of infrastructure, constant technological disruptions and the rapid rate of service development. Taken together, they make for an industry that is as unstable as it is innovative.

He then follows with this totally unrelated statement.

In this light, regulation is key to ensure that all players get fair remuneration for their work, avoid economically unjustifiable network migration and are allowed to cooperatively evolve with other segments of the industry.

It's not at all clear to me why regulation is needed to ensure that companies make a fair profit, don't make bad investments and negotiate mutually-beneficial deals with other companies. Shouldn't successful companies do these things on their own? If they can't, they probably shouldn't be in business. Perhaps Mr. Escabasse's view of the world has been affected by the telecom bubble of 1997-2003. But even if this is the case, it's not clear why regulation will keep managers from making bad decisions, which was really what caused the telecom bubble.

One thing that's interesting in this year's report is the fact that there a new threat to businesses listed. This year "business model redundancy" is the 9^th biggest threat, and appears on the list of the biggest threats for the very first time. This is a threat because "technological change and industry transitions are making long-established business models obsolete, forcing industry-leading firms to reinvent their corporate strategies and structures."

This reminds me of the hearings before the Subcommittee on Economic Goals and Intergovernmental Policy of the Joint Economic Committee, back in June of 1982 when the Post Office tried to get their monopoly extended to cover email. The Post Office's pitch, "The future of mail delivery in the United States," is hard to track down these days, but it shows how they tried to justify this. Luckily, the Postal Rate Commission and the Federal Communications Commission didn't let them do it, and the use of email became widespread. And you didn't need to deal with the Post Office to get it. That's a bit of email history that's probably not widely known.

The recent large deployment of secure email at Wells Fargo that Voltage recently announced is just one of many large deployments of Voltage's SecureMail in the past year or so. This might be enough to make you wonder exactly where secure email is on the technology adoption life cycle. Has it crossed the Chasm that was popularized by Geoffrey Moore and entered the Early Majority phase yet? Or is it still stuck in the Innovators phase?

To understand this, it might be helpful to describe exactly what the technology adoption life cycle is. It turns out to predate Moore's book Crossing the Chasm by over 30 years, and its first version actually modeled the adoption of a fairly different area: it was actually first used to describe how farmers adopt new agricultural technologies. The first discussion of the technology adoption life cycle was the 1957 report The Diffusion Process, by George Beal and Joe Bohlen that was published as a supplement to Iowa's Regional Extension Publication No. 1, How Farm People Accept New Ideas. This model was then described in the 1962 book Diffusion of Innovations by Everett Rogers, where Rogers generalized the process to more that adoption of agricultural technology by farmers.

Beal and Bohlen modeled the adoption of new technologies by farmers as a process with five stages: Awareness, Interest, Evaluation, Trial and Adoption. In the awareness phase, people know about a new technology, but lack details about it. In the interest stage, people want more information about a new technology. In the evaluation stage, people think about a new technology and whether or not it will benefit them. In the trial stage, people start small-scale experimental use. In the adoption stage people have large-scale, continued use of a new technology. What's interesting in Beal and Bohlen's discussion of these five stages is how the most common way for people to learn about new technologies change at each step in this process. The most common ways to learn about a new technology in each phase are shown below.

We can summarize this by saying that when people move past just interest in a technology and start to evaluate it, then the source of their information changes from the media to people that they know. At that point, it seems reasonable to assume that the marketing efforts of technology companies should change. I don't know if sales and marketing people at technology companies use this model, but I wouldn't be surprised if they do. Curiously, salesmen come in dead last in every phase. Maybe they're never perceived as being a good source of information because they can probably be relied on to give information that's biased towards their products.

When it comes to individuals, Beal and Bohlen divided them into categories that are determined by how soon they adopt new technologies. This is where they divided people into the categories of Innovators, Early Adopters, Early Majority, Majority and Nonadopters. This is the model that Moore popularized in Crossing the Chasm, changing Majority to Late Majority and Nonadopters to Laggards when he did. Where is secure email on the technology adoption curve? Has it made it past Moore's Chasm?

Technologies reach Moore's Chasm in the Early Adopters phase. This means that if a technology is in the Early Majority phase then it's definitely past the Chasm. If it's still in the Early Adopters phase, then it might or might not have. People who are early adopters tend to take risks, but only to achieve very focused goals. They'll even work with start-ups to do this. People in the Early Majority are pragmatic. They don’t like the risks associated with new technologies but are willing to look at technologies when they've been tested by others.

Based on my experience at Voltage in the past five years, it seems to me that secure email entered the Early Majority phase in the past year or two. Before then, it was definitely only used by Early Adopters. Back then, Voltage's customers were ones that felt willing to take the risk associated with a small company and a new technology because the technology solved certain problems cheaper and easier than alternatives. More recent customers, however, seem to see secure email as an established and proven technology. They're now willing to deploy it widely, and Voltage now has several customers with over 100,000 users of its SecureMail products.

If Voltage's experience is representative of the entire secure email market, then secure email has crossed Moore's Chasm and is on its way to becoming used by a majority of businesses. That means that we'll probably see even more adoption of secure email in the future, and large deployments like the one at Wells Fargo should get more and more common. They might even become so routine that they're not even interesting any more.

Encrypted email is getting very popular these days. Voltage now has roughly 10 million users of its SecureMail product, for example, and other secure email vendors probably have similar numbers that they could cite. That's why I wasn't really surprised to see the counter on the Zix Corporation web site that shows how many users they have. When I checked this, the number was roughly 14 million. That's a respectable number, isn't it?

But as I looked at this web site, this number increased by one. A short while later it increased by one again. The number of users of Voltage's SecureMail typically increase by several thousand at a time instead of one by one, so this seemed a bit odd. To see what was really going on, I looked at the source code of Zix's web page. You can do this in Internet Explorer, for example, by going to the View menu and then selecting the Source option of the menu that appears.

When I did this, I was a bit surprised to see that the counter that shows how many users they have is based on the clock of the computer where the web browser's running and has no obvious connection to the actual number of users that Zix has! Here's part of what I found. This is the code that creates the number of users that is displayed on the Zix web site.

function ZixCount2()
{
    today = new Date ();
 startDate = new Date (2009,0,06);  //months in js run 0-11 (must reset when changing goal)
 startVal = 13885156;  //starting Value (must reset when changing goal)
 var one_day=1000*60*60*24;
 
 perWeek = 100000;  //set rate per week
 rate = 604800/perWeek;
 
 goalDate = new Date (2009,0,8);  //Set a Goal Date (months in js run 0-11)
 goalVal = 13996467;  //Set a Goal Value
 
 if (goalDate <= today){
  startDate = goalDate;
  startVal = goalVal;
 }
 
 currentVal = Math.round(startVal + (today.getTime() - startDate.getTime())/1000/rate);
 
 if (goalDate > today){
  daysLeft = Math.ceil((goalDate.getTime()-today.getTime())/(one_day));
  daysTotal = Math.ceil((goalDate.getTime()-startDate.getTime())/(one_day));
  dailyOffset = (goalVal-currentVal)/daysTotal;
  currentVal = Math.round(currentVal + (dailyOffset*(daysTotal-daysLeft)));
 }
 
 
 //document.write("Current Val = " + currentVal);
 //document.write("<br />");
 //document.write("daysLeft = " + daysLeft);
 //document.write("<br />");
 //document.write("daysTotal = " + daysTotal);
 ChangeValue(2, currentVal);
    timerID = setTimeout("ZixCount2()",rate) } // -->

So the number of users that the Zix web site shows doesn't really seem to be related to how many users they actually have. Instead, it's just based on what time it is. You can even change the number of users that the web site shows by changing the date and time on your computer's clock!

I'm not sure why Zix did this. I don't doubt that they have millions of users of their email encryption product, but it certainly looks like the number on their web site doesn't really correspond to the number of users that they actually have.

The recent story by The Sunday Times about the energy cost of using Google for a search seems to have been revealed as an exaggeration. We'll have to wait a while and see which people remember more - the correction or the original inaccurate claim:

Performing two Google searches from a desktop computer can generate about the same amount of carbon dioxide as boiling a kettle for a cup of tea, according to new research.

That's not just wrong – it's obviously wrong. The Times eventually added a few extra words to their original article that tried to clarify what they actually meant, but it still looks like a case of people trying to use statistics who shouldn't be using them. The fact that this article created such a stir may tell us that one of the ways proposed to combat spam may be impractical due to environmental concerns. This is the idea that one way to stop spam is to force senders of email to pay a tax in the form of lots of computation when they send an email.

The problem is, of course, that the computation that would be needed to send an email could also be quantified in terms of carbon dioxide. Imagine the uproar if the following was claimed about this anti-spam technique:

Sending a single email can generate the same amount of carbon dioxide as boiling two gallons of water, according to new research.

So it certainly looks like the idea of paying tax in computing power won't fly as a means of preventing spam these days. It's never been a very popular idea, but it certainly looks like the anti-spam researchers need to come up with another idea or two.

Today, Voltage announced that Wells Fargo has dramatically increased the size of their deployment of SecureMail, Voltage's line of products that's used to encrypt email. The new Wells Fargo deployment will be hundreds of thousands of users. While this might have been a big deal a few years ago, these days, it's almost not even newsworthy. After all, there are roughly 600,000 SecureMail users at a large retail business and another 250,000 SecureMail users at a large health care business. Each of these deployment was fairly easy, and required minimal support from Voltage's support team. If you're new to secure email, this may not sound impressive, but if you've used it for a while, this is simply astounding. Just a few years ago, there was no way to realistically deploy secure email to a few hundred thousand users unless you were the US government and didn't mind spending a billion dollars or so.

I almost feel sorry for people who are just getting their first exposure to secure email these days, because it's not really very interesting anymore. Not long ago, it definitely appealed more to computer hobbyists who enjoyed tinkering with the secure email system to get it working much like ham radio operators enjoy tinkering with their radios to get them to work. Now, it's much easier and cleaner, and hobbyists have to find other ways to amuse themselves.

The people for who Voltage's SecureMail is their first exposure to secure email won't be able to tell stories to their coworkers one day about how they overcame seemingly insurmountable obstacles and actually managed to send an encrypted email. Some might not even know they're using it. There's still plenty of difficult software out there, though, so they won't miss out on the experience of fighting with it. This seems to be an unavoidable part of working in the twenty-first century.

Any security product needs to be very simple to use if it’s going to become successful. If they’re not simple to use then the cost of supporting difficult products can easily outweigh any benefits from them. That’s why Voltage’s SecureMail has the minimal level of user involvement. If a person sending an email can click on the "Send Secure" button instead of the "Send" button, the can use SecureMail. There’s nothing else that they need to do.

It’s probably possible for people to use more complicated secure mail systems. President Obama probably has no difficulty using secure email on his BlackBerry, but he has a fairly large staff to configure it for him. He probably has fairly good tech support too. Similarly, generals don’t seem to mind using digital certificate from the Department of Defense’s PKI to send signed and encrypted email, but they also have a staff to take care of any problems that might occur.

People that don’t happen to be the President of the United States or a general officer still need to encrypt email, however, and they normally have to do it on their own. In these cases, ease of use is critical.

There are also probably good reasons why people simply don’t want to use secure email that takes more effort than clicking on "Send Secure" instead of "Send." It’s probably very similar to the reason that many people don’t use the latest social networking application, or whatever the trend du jour is. This may be because they just have better things to do.

When you’re young, you tend to have lots of free time, but also don’t get paid much. This means that you have the time to do what you want to do but sometimes can’t afford to do these things. You’re resource constrained, not time constrained. Not too many years later, most people find that this situation has reversed. At that point, they find that they’re married, have children and that their job now carries more responsibilities than can easily be done in an eight-hour day. At this point, there are more demands on their time than there are hours in the day, and they’re now time constrained instead of resource constrained. When that happens, learning a new security technology is now competing with dozens of other priorities for the little time that’s available.

To most people, spending the time to learn a complicated security application never becomes a high enough priority that they decide to do it. There’s always something else that’s more important. This isn’t limited to security, of course. This may also explain why you see lots of younger people using the newest social networking applications while those that a bit older often don’t get around to using them: there's often a better use of their time.

There's a post on McAfee's web site that answers the question "Is information security compliance really a cost center?" like this:

No. Absolutely and unequivocally not. I am drawing the line in the sand. Business leaders need to understand there is no more need for proper security to justify itself over and over again. It saves you time and money (period).

Properly implemented information security provides business process improvement, technology improvement and threat reduction. Compliance controls that cover each of these areas to accepted “best practices” will save your organization money by the truckload and provide for expansion of your business tenfold if not more.

Far too often businesses require “measurable” savings when the cost reductions and business enablement is as obvious as a freight train hitting you while you are siting on the tracks. Below I will detail a simple walk-through of a compliance driven organization versus a non-compliant organization which makes it obvious that it is better and more efficient to be compliant as a business.

In most situations, the term "compliance" means regulatory compliance, or being compliant with data security and privacy laws and regulations. If this is how we interpret "compliance," then compliance is definitely a cost center, at least in many cases. Here's why.

Businesses tend to make investment decisions that maximize the benefits that they receive from the investments. They might be maximizing profit, or something else like market share. This means that when they decide to use a particular security technology, there's probably a good reason for doing so. It also means that when they decide not to use certain security technologies, there's probably a reason for that also. This means that you'll almost never hear discussions like the following:

CSO: We should encrypt the hard drives on our laptops. Our model shows a 60 percent ROI over a three-year period for the total cost of deploying and supporting full-disk encryption software.

CFO: Bah! I don't care about ROI arguments. Instead, we should wait for the government to mandate that we use that technology.

So it's reasonable to assume that investments that are made purely as a requirement for regulatory compliance are ones that wouldn't have been made on the basis of the value of the investment alone. This means that they don't make sense from a business point of view, and that mandating them forces businesses to make investments that they really shouldn't make.

Passing data security and privacy laws may force some security spending, but it's probably at the cost of other security projects that deserved to be funded instead. This means that the net result of data security and privacy laws may be just to reallocate spending from projects that had a good justification to ones whose only justification is to become regulatory compliant. That's probably not a good idea.

There are cases where it makes sense to do some of the things that are also required by regulatory compliance. Data breaches can be extremely expensive, for example, so it's often the case that there's a valid business case for using encryption. This means that there's a strong business case for using persistent encryption of sensitve information. There's also a strong business case for using encrypted email.

If you're really curious about the details of these business cases and don't mind slogging through some detailed risk models, you can take a look at Kevin Soo Hoo's doctoral dissertation "How Much Is Enough? A Risk-Management Approach to Computer Security." He did a careful analysis of the cost-benefit analysis of several information security technologies and found that the case for encryption is strong. The business case for encryption is still valid in the absence of the need for compliance. Other security technologies aren't as lucky.

Compliance may not always be a cost center, but in many cases it is.

Where I live in San Jose, there's a shortage of parking. Every house has a two-car garage, but most of the garages are used for storage instead of parking. Add a few families with three or four cars, and you have a situation where the demand for parking spaces exceeds their supply. One of my neighbors actually blames the Bush administration for our parking problems. I'm not sure of what line of reasoning led him to that conclusion. I was fortunate enough to have my wife listen to those particular details.

This is probably a case where there's a difference between perception and reality. I seriously doubt that politicians in Washington did anything that created The Great San Jose Parking Crisis, but there's at least one person out there who believes otherwise and I doubt that any amount of facts will change his opinion. His perception and reality will probably never agree.

Information security has its own set of mismatches between perception and reality. For example, there's the perception that e-mail is in danger of being intercepted and read while it's on the Internet, but that it's safe inside the firewall. On the other hand, the reality is that e-mail is definitely in danger of being intercepted and read inside the firewall. It's fairly easy for anyone on your network to watch the traffic on it, and it's also easy for mail administrators to read people's e-mail. I know of many more cases of an administrator intercepting and reading e-mail that I do of e-mail being intercepted and read on the Internet. Most security people you talk to will probably have the same story. Despite this, the perception is that e-mail is safe in the very place that it's at the most risk.

This may or may not be a serious problem. If all of your employees can see all of your data, then you have nothing to worry about, but this is probably not the case. There's almost certainly lots of sensitive information contained in some of the e-mails that are sent within any business. Your HR people probably send documents back and forth that contain all sort of sensitive information in them including salaries, social security numbers and more. Executives preparing for their quarterly board meetings probably send documents back and forth that contain all sorts of sensitive information about the financial situation of their company and its future plans. Sales managers probably send messages to other sales managers and to the sales engineers who support them that discuss the details of the deals that they're working on. All of this sensitive information may never leave your network, but you also may not want it to get into the wrong hands, and that doesn't necessarily mean that a hacker gets his hands on it. So if you're considering encryption as a way to protect sensitive information, don't forget to protect information when it's the most vulnerable, and that's when it's still in your network.

Industry analysts estimate that spam currently accounts for close to 90 percent of e-mail messages sent and causes billions of dollars in economic losses annually. The problem with spam is very similar to that of pollution: spammers profit from their activity at the expense of the rest of the population, just like polluters of the environment profit while annoying or endangering others. So it seems reasonable that our understanding of the economics of pollution may give us some insight into the economics of spam. The work of Nobel Laureate Ronald Coase is particularly useful for this.

In 1991, Coase was awarded the Nobel Prize in Economics for his contributions to understanding how property rights and transaction costs affect the structure and functioning of an economy. Coase showed that if we assume that transaction costs are negligible, as long as property rights are clearly defined, the equilibrium that a market will reach does not depend on who initially owns the affected property. All that will change is who profits from the transactions that lead to the equilibrium.

An example of this principle is a locomotive whose coal-burning engine showers sparks over the land that it passes. Reducing the level of sparks emitted is possible, but requires that the owner of the train incur the additional costs to purchase some sort of spark-reduction equipment. To quantify this, let’s assume that a train normally produces 10 units of sparks, but these can be reduced at a cost of $200 per unit eliminated, and that each unit of sparks does $300 of damage to the land that it passes. So if the train produces 10 units of sparks there will be no additional costs for the owner of the train, and the train will do $3000 of damage to the land that it passes. If the train produces no sparks at all, there will be additional costs of $2000 for the owner of the train, but the train will do no damage to the land that it passes.

If the owner of the train is free to shower sparks over the land that his train passes, the owners of the land will be willing to pay the owner of the train $300 for each unit of sparks that they eliminate. This situation will reach an equilibrium where the owners of the land will pay the owner of the train $1200 to reduce the sparks down to only four units, which the owner of the train will use to finance the modifications to his trains that the reduction in sparks requires. On the other hand, if the owner of the land is free to deny the owner of the train the right to shower sparks on his land, then the train owner will be happy to pay the landowner $1200 to compensate him for his inconvenience, and the landowner will then be happy to endure four units of sparks. The end result that we arrive at is the same in both cases, with the only difference being who is paying whom. And since both parties prefer the arrangement where four units of sparks are produced to any other, it will be the state that this market eventually reaches.

Coase showed that this will always happen as long as there are no transaction costs. So as long as we have clearly-established property rights, we will reach an equilibrium between a polluter and the victims of the pollution, and the equilibrium that we will reach will be the same no matter who owns the property rights to the environment.

If we apply this model to spam, we see that spammers are analogous to the train owners and recipients of e-mail are analogous to the owners of the land that the train will damage with its sparks. But in the case of spam, there is no way for spammers and recipients of e-mail to reach an agreement that limits the amount of spam to a mutually-acceptable level. First, there are no property rights to enforce; neither the spammers nor the legitimate users of e-mail can claim any exclusive right to use the Internet for messaging. Next, there is no efficient way for spammers to reach an agreement with their victims. Because of this, the amount of spam sent remains unchecked by market forces, as does the annoyance suffered by users of e-mail.

Thus Coase's result provides an easy solution to the problem of spam: define ownership of the Internet and the rights to use it. Once we do this, market forces will then drive the amount of spam that is sent to an acceptable level, with slight inefficiencies possible due to the transaction costs involved. And since the equilibrium that the market will reach does not depend on to whom we assign ownership of the Internet, we will even end up with the same reduction in spam if we decide to assign the ownership of the Internet to the spammers – a truly remarkable result.

The American Bar Association has an interesting point of view about encrypting e-mail. In their Formal Opinion 99-413, they say that lawyers can send unencrypted e-mail over the Internet without violating the ABA Rules of Professional Conduct. This means that lawyers are allowed to send confidential client information by unencrypted e-mail. Here’s how they describe the basis for this decision:

The Committee believes that e-mail communications, including those sent unencrypted over the Internet, pose no greater risk of interception or disclosure than other modes of communication commonly relied upon as having a reasonable expectation of privacy. The level of legal protection accorded e-mail transmissions, like that accorded other modes of electronic communication, also supports the reasonableness of an expectation of privacy for unencrypted e-mail transmissions. The risk of unauthorized interception and disclosure exists in every medium of communication, including e-mail. It is not, however, reasonable to require that a mode of communicating information must be avoided simply because interception is technologically possible, especially when unauthorized interception or dissemination of the information is a violation of law.

So the ABA is willing to rely on the fact that people should expect their e-mail not to be read by anyone else that the intended recipient and the fact that intercepting and reading e-mail is illegal to protect confidential client information. This seems to be a fairly odd position. If you're in the health care industry, I don't think that the ABA's reasons would be enough to satisfy the requirements of HIPAA. And I'm fairly sure that an auditor checking to see if you're compliant with the PCI DSS wouldn't buy those arguments either. The ABA's guideline is the weakest that I've seen. It's not that difficult or expensive to encrypt e-mail these days. Perhaps the ABA should revisit this issue with this in mind.

There's a lot of spam these days. A recent report from Symantec shows the relative frequency of the the types of spam are the most prevalent today. This is shown in Figure 1. It certainly looks like we have a wide variety of annoying spam to choose from, doesn't it?

Figure 1. Breakdown of types of spam messages sent by type.

According to widely-quoted data Ciphertrust, however, all types of spam aren't equally effective. If we weight the data from Symantec by the clickthrough rates estimated by Ciphertrust, we get an entirely different picture. This is shown in Figure 2. From this, it's fairly clear which types of spam are effective and which ones aren't. You have to wonder why some spammers even bother. Why waste your time on an ineffective spam campaign if you can change your product and get a much better response? Spammers are fairly clever at finding ways to get their messages past spam filters. How could they have missed this obvious optimization?

Figure 2. Breakdown of total clickthroughs on different types of spam messages.

PKI is an interesting technology that has received its share of bad press. These negative comments have typically focused on the problems that most implementations of PKI have – they tend to be expensive and too hard for average users. What's often not considered is the fact that not many applications can use the digital certificates that PKI creates and manages. This means that after you spend a fair amount of money deploying your PKI, you'll find that you can't do much with your certificates except encrypt and sign e-mail or authenticate to a web server. Just those two uses probably doesn't justify the cost of deploying and supporting a PKI. Most applications don't support PKI and modifying them so that they do can be expensive, perhaps even very expensive.

I recently gave a talk about some innovative applications of cryptography in the entertainment industry. In this talk I mentioned that I'd heard that the Department of Defense has requested $5 billion to PKI-enable their core mission-critical applications. It turned out that a person in the audience was involved in that budgeting exercise and she told me that this estimate was way off.

It seems that the estimate of $5 billion came from a call which polled various departments about their needs and how much it would take to PKI-enable their most important applications. According to the person at my talk, most of the people on this call had no idea what PKI was or why they'd need budget to PKI-enable their applications. So when they were asked how much they needed, they said that they needed nothing. This means that the $5 billion number probably grossly underestimates the actual costs. Because of this, a more realistic estimate for the cost of PKI-enabling the DoD's applications might be more like $10-20 billion.

Ouch.

A while back a heated discussion started on a mailing list that I subscribe to. This particular list is for the discussion related a certain security standard, and the cost of using PKI was the topic that seemed to get peoples' interest.

The opponents of PKI pointed out that it's typically very expensive and too hard for the average user to use. There are certainly real-world statistics to back up these claims. According to a report by the GAO , the average cost of PKI in the US federal government has been a bit over $220 per certificate. Another analyst report estimates that the TCO of a secure e-mail solution based on PKI is over $800 per user per year. I don't recall any compelling arguments from the proponents of PKI. Instead, they focused on the need for some way to verify the origin of e-mail and to protect it from eavesdropping. I don't recall any claims that PKI was the best way to do this, but just that it's a way that's available now.

I usually try to stay out of heated discussions on the Internet, but this time I couldn't help adding a comment that didn’t really add anything useful to the discussion. I did this by mentioning that if PKI is really as expensive as the GAO report would have us believe, then in many cases there’s probably a cheaper alternative. I proposed that you could use your FedEx account number as a way for people to be able to securely get information to you, so that it would more or less be acting like a public key. Using FedEx isn't cryptographically secure, but it's probably good enough for most uses. In cases where you're not sending too many documents, this has a good chance of being cheaper that using PKI-based e-mail. This wasn't meant to be taken seriously, of course.

Like many other comments via e-mail that aren't meant to be taken seriously, this one was misunderstood. The first reply to it asked if I was suggesting that a FedEx account number could be used as a user's identity in some sort of identity-based encryption scheme. So I was stuck explaining that I wasn't being serious and that my comment wasn't meant to be taken literally. Identity-based encryption may be very useful in some applications, but this probably isn't one of them.

We've have seen more than 39 states adopt data breach disclosure laws since California Senate Bill 1386, these laws help with cleaning up the mess left behind by a breach. Now, however we are starting to see the first laws trying to address the problem of preventing the breach from happening in the first place. The first state to do this is Nevada with Massachusetts, Washington and Michigan to follow shortly. These laws mandate the use of encryption to prevent sensitive customer information from being compromised when that information is transmitted out of the business.

Nevada Revised Statue (NRS) 597.970, which is effective October 1, 2008.

NRS 597.970 Restrictions on transfer of personal information through electronic transmission.

1. A business in this State shall not transfer any personal information of a customer through an electronic transmission other than a facsimile to a person outside of the secure system of the business unless the business uses encryption to ensure the security of electronic transmission.

2. As used in this section:

(a) "Encryption" has the meaning ascribed to it in NRS 205.4742.

(b) "Personal information" has the meaning ascribed to it in NRS 603A.040.

This certainly looks like it requires encryption, but a closer look at the law also shows that there's no penalty for breaking it.

NRS 597.100 Criminal penalty. A person who willfully and intentionally violates any provision of NRS 597.010 to 597.090, inclusive, is guilty of a misdemeanor.

However, this law opens up businesses to law suits and in combination with the prevailing data breach disclosure law, having encryption will limit a businesses liability in the event of a data breach. So adding some low cost encryption software seems like a small price to pay for protecting your customer and employee data from being exposed after all.

Nevada businesses - take a look at www.voltage.com/nevada

UPDATE: From the WSJ - October 16th, 2008

"In Nevada, companies that suffer a security breach but comply with the new law would cap their damages at $1,000 per customer for each occurrence. Those that don't comply would be subject to unlimited civil penalties under the proposed enforcement plan, said James Earl, executive director of the state's task force for technological crimes."

Encryption has a reputation of being notoriously difficult to use. There were probably good reasons to believe this at one time, but that time has passed. I finally realized this a while ago when I had to deal with the problems caused by a canceled credit card. I found some fraudulent charges on one of my credit cards. I had the old card canceled and a new one issued, but that caused another problem.

I collect books. Some books are hard to find, so I have standing orders placed with several book dealers. If they ever find a copy of books that I’m looking for in the price range that I can afford, they'll bill my credit card and ship me the book. So when the credit card number that I used for these orders was canceled, I had to get a new number to several book dealers throughout the world. I decided to send my credit card number in an encrypted e-mail, and used Voltage's VSN hosted e-mail service to do it.

Unsure that the recipients would be able to read the encrypted e-mails, I also sent another message that explained that an encrypted e-mail would follow that contained my new credit card number and that they should let me know if there were any problems.

Nobody asked for help.

Every single recipient was able to decrypt and read the messages that I sent them and update the credit card number that they had on file for me. That’s almost certainly proof that encryption is now easy enough for the average user.

Imagine trying to do that five years ago. You'd probably have an e-mail exchange that would go something like this:

"OK, you first need to get a digital certificate."

"A what?"

"No, really, it's easy. Just go to this URL and fill in the form."

"OK. Wait a minute. What's my 'organizational unit?' What's my 'locality?' Do I really have to read and understand this 'certificate policy?' That looks like a job for my lawyer."

"Never mind. I'll just e-mail you my credit card number in the clear."

A coworker of mine sometimes wonders if our modern technology has really made things any better for us. He probably has a point. In some cases, it probably hasn't really made things better. In other cases, it probably has.

When I bought my first house many years ago, I was surprised to see how many documents were being furiously faxed back and forth at the last minute between the various parties to the deal. Puzzled by this, I asked how they managed to close on mortgages before the days of fax machines. "Oh," I was told, "we didn't need this stuff back then."

So it looked like when fax machines created the ability to easily send additional paperwork back and forth, additional paperwork somehow became necessary when it wasn't necessary before. There was no drop in the foreclosure rate for mortgages after the introduction of fax machines, so that it looks like the additional faxed documents didn't decrease lenders' risks any. There was also no increase in the number of mortgages processed due to the ability to fax documents. So this use of fax machines is probably an example of modern technology that hasn't really made things better.

On the other hand, some technology does seem make things better. Using a fax machine didn't seem to make processing mortgages any better, but using e-mail does seem to do this. There's at least one mortgage company that I've heard of that uses encrypted e-mail for mortgage documents. This has let them make their process more efficient - so efficient that they're now processing about 20 percent more mortgages per year. This amounts to an increase in their revenue by about 20 percent, so this is probably a case where new technology actually made things better.

In a recent article in The Sydney Morning Herald, a Nigerian official tried to make it seem that not that many Nigerians try to pull Nigerian scams on people. He claimed that of the roughly 140 million inhabitants of Nigeria, less that 0.1 percent are involved in these scams. That doesn't sound too bad, does it?

Wait a minute! Just 0.1 percent of 140 million people is still 140,000 people. Microsoft has roughly 91,000 full-time employees; Intel has roughly 86,000. So saying that less that 0.1 percent of Nigerians are involved in these scams just limits the number of people involved to the size of some of the world's biggest companies. That's hardly encouraging.

"No one in this world, so far as I know — and I have researched the records for years, and employed agents to help me — has ever lost money by underestimating the intelligence of the great masses of the plain people."

H. L. Mencken, "Notes On Journalism," Chicago Tribune, September 19, 1926

A recent study estimates slightly more that 29 percent of Internet users have bought something after clicking on a link in a spam e-mail. That's right - over 29 percent. Our in-boxes are flooded with spam because it's profitable!

The astounding thing isn't just that people are buying things advertised by spam, but that they're buying things like V!agara or R0lex watches and applying for m0rtgages. Would you really trust an on-line merchant that can't even spell the name of their product correctly? Apparently more than one in four people don't have a problem with that.

As much as I hate to say it, it looks like H. L. Mencken might have been right.

"What's in a name? That which we call a rose
By any other name would smell as sweet."

William Shakespeare, Romeo and Juliet (II, ii, 43-44)

Identity-based encryption (IBE) is now a well-established technology. It has roughly 10 million users worldwide and is used by some of the world's largest companies. But it wasn't always this way.

Shortly after Dan Boneh and Matt Franklin invented the first practical and secure IBE scheme, Dan and some of his students founded Voltage to commercialize the IBE technology. In the early days of Voltage, the fact that the "I" in "IBE" stands for "identity" caused more that a few problems. Back then, I had more than one conversation that went roughly like this:

Me: "We have this great new technology called 'identity-based encryption.' It's a public key technology, but it doesn't use certificates, so you avoid lots of the headaches that using PKI for encryption causes. It will let you encrypt e-mail that contains sensitive or private information at a fraction of the cost of doing the same thing with PKI."

Customer: "Oh, we're the encryption group. You need to talk to our identity management group."

Me: "D'oh!"

Some people argue that IBE should really be called "identifier-based encryption," because the string that IBE uses for a public key comprises more than just an identity. It also contains information like the validity period of the key as well as the URL of the key server where a user gets his IBE private key. Despite this, the term "identity-based encryption" has stuck, and it has been identified so strongly with the technology that it's probably impossible to change things now. Using a different term sure would have made it easier in the early days, though.

The information security industry has been in search of its "killer app" for many years, an application that is so compelling that it will be universally adopted. The killer app for information security is probably encrypted e-mail, but it will be a few years until that's widely realized.

People are inherently social creatures, and love to communicate with others of their kind. Because of this, voice calls seem to be the killer app for the telecommunications industry and e-mail seems to be the killer app for the Internet. Because of the lack of glamor with point-to-point communications, however, these two technologies are often overlooked, but they're the ones that people use and use often, and they seem to have roughly the same popularity.

Voice calls may be dull compared to flashier digital multimedia content, but they're still where the money is. The worldwide movie revenues are less than a week or two of the worldwide telephone revenues, for example. And the dull technologies are also wildly popular.

Given the choice between giving up their phone of giving up e-mail, people are about equally divided. When comparing e-mail to other Internet technologies, however, it's no contest. Given the choice between giving up e-mail and giving up browser-based web access, people cheerfully give forgo the web in favor of e-mail. The web may be nice to have, but e-mail is a necessity, and most businesses really can't function without it.

So if e-mail is the killer app for the Internet, it's likely that it will eventually need the protection that encryption can provide. Many people would currently like to encrypt their e-mail, but have found that it's just too difficult to do. Fortunately, this has recently changed, and we probably have the recent data security and privacy laws to thank for it.

Although it has been used by power users for many years, encrypting e-mail has been notoriously difficult for the average user to do. So difficult, that e-mail encryption remained a small and insignificant niche of the information security market. Recently, however, regulators have made it more difficult to justify sending many business e-mail unencrypted. This has created a huge interest in e-mail encryption products, with e-mail encryption now topping the lists of projects that corporate IT departments plan to roll out in the near future..

Motivated by the increased market for their products, e-mail encryption vendors have invested heavily in research and development, the result of which has been a new generation of products that are much easier to use than their predecessors. Messaging analyst firm Ferris Research estimates that one new technology, identity-based encryption (IBE), can reduce the TCO of encrypted e-mail by a factor of at least three to five, with most of the benefits coming from its improved ease of use. Such a reduction can make a big the difference between an ROI that is acceptable and one that is not. It can even create an ROI that is strong enough to stand on its own, even without the need of regulatory compliance to justify an investment in the technology.

So now that encrypting e-mail has become easy enough for widespread use, it's probably only a matter of time until it's widely adopted. But when that happens, it will seem to disappear as it becomes just another part of the communications infrastructure. It will be a dull technology, but one that's wildly popular. And given a choice between that option and being a flashy technology with limited adoption, the dull yet popular route is probably preferable. So although encrypted e-mail may indeed become one of the killer apps for the information security industry, we probably won't even notice when this has happened.

There are a few instances of perfect crimes. In the US, for example, the way in which state and federal laws interact apparently makes it impossible to try a person who commits a crime in the small part of Yellowstone National Park that lies in the state of Idaho due to the way in which jurors must come from both the district and the state in which the crime was committed. This creates the possibility of a crime for which the criminal cannot be tried.

The fictional character Randolph Mason in Melville Davidson Post's classic crime story "The Corpus Delicti" managed to get his client acquitted of murder due to a technicality in the way that the state of New York defined the crime of murder (and caused the public outcry that eventually led to changing the law), creating another perfect crime - one that is not actually illegal due to the way in which the law is written.

It also seems that spammers may have found another way to commit the perfect crime. The combination of the nature of the victims and the ease with which the perpetrators of spam-based stock manipulation schemes evade prosecution makes these schemes seem like they are virtually impossible to stop.

The Internet is flooded with spam that touts penny stocks, inexpensive shares of relatively small companies. Such spam is commonly part of a scheme to manipulate the price of these stocks, and now accounts for an estimated 15 percent of all spam sent. Manipulating stock prices in this way may be the perfect crime.

In these schemes, spammers gradually buy shares of a penny stock over time - buying enough to make it worth their effort but not enough on any one day to create a noticeable change in the trading volume of the shares. Once they have accumulated enough shares, they send out millions of e-mails that claim that this stock is virtually guaranteed to increase in value, perhaps due to some big deal that's about to be signed or a discovery of additional gold or oil reserves by the hyped company. The spammers then sell their shares in the first few hours of the first trading day after the e-mails are sent, when enough demand is created by the e-mail blast to temporarily increase the price of the stock and keep it high while they sell their shares.

The spammers do not make huge profits from each of these pump-and-dump schemes they run. A recent study suggests that spammers earn an average of roughly 4.29% from their investment in each of these schemes while the victims of the schemes lose an average of 5.5% of their investment. A return of 4.29% may sound small for a criminal enterprise, but if a spammer can earn 4.29% on his investment every week, he will end up making well over 800% annually, turning an investment of only $1,000 into over $55 million in five years.

Because relatively small numbers of shares are involved, the total loss for each of the gullible investors is quite small, and a spammer is lucky to make a few thousand dollars off each scheme. On the other hand, because the victims experience relatively small losses from each scheme, they have little incentive to complain loudly about their losses. The spammers are like a mosquito that only takes a drop of blood, hoping that the discomfort that they cause will not be noticed by their victim. In most cases, this turns out to be the case.

Investors in penny stocks realize that their trading is a high-risk activity, and a loss of 5.5% is not exceptional for such investors, who often make investments based on equally-inaccurate information, like anonymous tips on internet message boards and discussion groups. Thus their loss from buying the stocks hyped by spam is often not large enough or unusual enough to attract their attention. Penny stock investors seem to just write off the spam as yet another of the many bad tips that they receive that leads to a small loss when they use it to make an investment.

Such stock manipulation schemes are illegal in many countries, but the nature of the internet makes it infeasible to enforce many of the laws banning it, and spammers are smart enough to operate from countries where enforcement is not likely. Many are also clever enough to not target victims in their own country, making local law enforcement organizations even more unlikely to take any action against them.

Spammers are also careful to cover their tracks, often using "botnets," large collections of compromised computers, to send their spam in a way that leaves no trace of the identity of the spammer. This makes it extremely difficult for law enforcement to trace the true origin of the spam, making prosecuting them virtually impossible.

So spammers may have found a way to target victims that may not even realize that they have profited the spammers, and to do so in a way that makes it extremely unlikely that they will ever be prosecuted. Stopping spam may be the only realistic solution to this nuisance, but spammers seem to be able to stay a step ahead of e-mail filtering technology, so we may continue to see stock spam for quite a while. But unless there is a breakthrough in anti-spam technology that makes stopping stock spam from being read by gullible investors feasible, it may be another example of the perfect crime.

Lots of buzz around Google making your Gmail safer by making it easier to turn on encryption. Two things come to mind - firstly it's interesting how just by changing a simple default it's possible to increase overall security. Eliminating user clicks is critical in providing useable security - bravo Gmail team.

The second point is that simply securing the pipe between your computer and Gmail is not really enough to protect your most sensitive communication. Emails by definition travel all over the place, so if you really want to make sure you are protecting your email then you need to encrypt the email itself. No other way to do it. But of course the problem with email encryption solutions over the past 15 years has been that they are all too difficult to use - a few clicks too many for the ordinary user.

One easy to use approach that you may want to try is the Voltage Security Network, especially if you routinely send work documents home via gmail (or any other public email system) - take the free trial.

I just wanted to fill everyone in on the "Applications of Pairing Based Cryptography: Identity-Based Encryption and Beyond" that took place last week. As many of you know, NIST is the federal government standards body that defines the all-important FIPS standard that is used not just in the US federal government, but in governments across the globe. (We just got a FIPS inquiry from a customer in Singapore, for example.) We've been actively keeping the NIST computer security lab up to date on IBE standardization for the last few years, and they finally decided that IBE was important enough that they wanted to hold a conference to educate themselves about Identity-Based Encryption. The details of the conference are at http://www.nist.gov/ibe. (Slides for all the presentations are there also.)

Overall, the event was extremely successful. More than 80 people showed up to the event, including about five people from the NSA, and representatives from the US Navy, the Social Security Administration, and the US Patent Office. Sathvik gave a great talk (even with a number of storm-induced power outages during the presentation) on the successes of IBE (over 500 Enterprise IBE implementations), including some detailed use cases from Voltage customers. Ingrum detailed how the VSN service works, and the power of IBE on a panel with a research director from Homeland Security, the head of the IETF, and a representative from Trend Micro. Xavier talked about the varieties of IBE, and showed how the BB algorithm is a natural choice for performance and security. Luther detailed the mysteries of curve selection and the computation of the Tate pairing for a big finish to the first day. I gave a talk on policy-driven key management, and participated in a panel on "Is IBE Needed?" (duh!) with Jon Callas, the CTO of PGP, Radia Perlman from Sun, and Brent Waters from SRI. The panel was great, as instead of attacking IBE, most of the panel was spent with all participant criticizing the numerous flaws in traditional PKI. My favorite moment was a quote from one of the panelists: "IBE is an incredibly cool concept." Almost as good was hearing about how powerful pairing based cryptography is. I could have spent most of the panel just agreeing with all the great stuff supposed opponents were saying.

The last talk of the conference was a wrapup by Bill Burr of NIST. He stated that he thought that there was a need to re-examine their approach for actually getting government data encrypted. In general, I think there's a fair amount of energy now in the government space around looking at IBE solutions and potential paths to standardization that would allow IBE into new arenas (for example, the US Navy is already working on a trial of IBE for their disaster recovery ship, the USS Comfort.) If this conference is any indication, we should see some movement within the government sector.

Here's the official workshop summary.

Terence

Archiving email has quickly become a big headache for enterprises. Banks and brokerages have been dealing with archiving requirements for a number of years, but by 2006, all public companies will fall under the Sarbanes-Oxley archiving requirements. Not complying can be expensive, as recent examples have demonstrated. But archiving large volumes of email introduces a new concern: how do you handle archiving of encrypted messages? In other words, how do you ensure either that messages always get archived in the clear (as, for example, SEC rule 17a4 mandates), or that archived encrypted messages can be accessed at some point in the future? The traditional solution to this problem with PKI is to use a special archving key (sometimes referred to as an Alternate Decryption Key, or ADK). Every email, in addition to being encrypted to the message recipients, is encrypted to the archiving key. If an encrypted message needs to be decrypted (either in order to be placed in a cleartext archived, or to be accessed at some point in the future), an approved administrator or machine can use the archiving key to get access to the plaintext. Unfortunately, special archiving keys introduce a number of issues:

• Giving a copy of the archiving key to a machine represents a major security risk. If you want an automated process to be able to decrypt messages (for example to place in a cleartext archive), the process must be given a copy of the archiving key. However, these archiving keys are generally long-lived (years), so if the process/machine is compromised, an attacker will gain access to every encrypted message in the system.
• Giving a copy of the archiving key to a person represents an even bigger risk. Once an individual is given a copy of the archiving key (for example to perform an audit), that user must be indefinitely trusted with the entire organization's email. If the individual were to leave the company, any existing encrypted messages are potentially vulnerable, and a new archiving key must be generated and distributed to all encrypting agents.
• Enforcing the use of the archiving key can be difficult. For messages to always be decryptable by the archiving agent, every encrypted message must be encrypted to the archiving key. If the archiving key is not included, for example because the encrypting agent was not aware of the requirement, the message will not be decryptable, potentially resulting in regulatory non-compliance.

With IBE, mixing encryption and archiving becomes much easier. Because all private keys can be generated on-the-fly from a single master secret, no special archiving key is required. If an authorized administrator or machine needs to read a message encrypted to 'foo@bar.com', it simply downloads the corresponding private key and decrypts the message. There's no way to encrypt a message such that it can't be decrypted at some point in the future; an organization can never lose access to its messages. Also, because a decrypting agent needs to be given access only to an individual recipient's private key, IBE doesn't introduce new security risks. No long-lived key needs to be stored by the archiving engine; IBE private keys are generally short-lived (e.g. one week), and can be requested on-the-fly by the decrypting entity. If that entity is compromised or becomes untrusted, only a small subset of emails are potentially vulnerable. Currently, the percentage of encrypted emails within the enterprise is small enough that these archiving issues haven't fully reared their head. But as privacy regulations start to butt up against archiving requirements, a practical encryption/archiving architecture will become increasingly important.