No More Secrets

Core Public Sector Reform, Eamonn Brosnan

In the span of 40 years, Canadian society has gone from paper files in cabinets, to electronic storage of everything from medical records, to what you had in your coffee at Starbucks this morning.

Our lives have become itemized and catalogued into easily accessed databases filled with our intimate details. We have, in fact, willingly surrendered our privacy.

In many situations we happily reap the benefits of this access to data, while hoping that the information is secured against prying eyes. We go to doctors and marvel that they can bring up test results and recommendations from specialists on their computer. But this information is stored on computers, and computers are inherently insecure.

In 1992, Robert Redford starred in “Sneakers” which was about a group of shady characters who tested security systems for a living. In the movie, they were blackmailed into stealing a piece of hardware that could decrypt all encryption and security systems. The catch phrase at the end of the movie was “No More Secrets”.

What was fiction in 1992, has become reality in 2017. The reality that our personal information has become open access has become something that we mostly pretended doesn’t exist. The situation is getting worse as we digitize and catalogue more and more confidential information. From credit cards being stolen, to ransomware being installed on corporate computers, to blackmailing companies to pay large sums of money to get their data back. With all the private information that is being shared and used, we are all seemingly under siege.

Recently, there is a new threat in using wireless computer networks like your home WiFi, or the WiFi at Starbucks. Most people use WiFi networks without even thinking about security. It is used by retail companies to connect their computers, instead of running cabling they save money by using a wireless WiFi network. It is used in offices that are handling sensitive data.

Now, we have discovered that all encryptions used in these networks have a security flaw that allows other people to gain access to the network to monitor the traffic and steal valuable information. Criminals can grab any data that is transmitted over the WiFi. That could be your credit card number,  your health records, or your HR records from work.

This is a serious problem. The wireless networks that we all use are far more open than we realize. Soon, people will design new security protocols that will be immune to the current hack. Brilliant minds are probably working on the problem now. They likely will have a solution soon. But, as confident as I am that a solution will be found, I am equally confident that a breach in that system will be discovered soon after.

So what are we to do?

Electronic security is a cat and mouse game of releasing new security systems just before the “bad guys” have hacked the last ones. This cycle will likely not stop.

Consequently, we need to place regulations on organizations that hold sensitive data they must use wired networks. Would this protect their data from criminals? Of course not, the only computer that can’t be hacked is one that has been melted into a solid block. But it means that it would be harder to hack into the information.  It isn’t a panacea to secure our data, but we can at least make it more difficult for hackers to access the information.