Security is an illusion

We live under the constant threat of being hacked. In some cases, we have become immune to our e-mail addresses being used as agents for the selling of costume jewellery, Viagra and essay writing services. In other cases, our websites and Facebook pages have been taken over (see my previous article “Being Flogged on my Blog”) leading to more serious identity theft and personality hijacking. What can be done? Enter cryptography.

But pundits will argue that we have had encryption and firewall technology around for a long time and the best ones have kept one step ahead of the bag guys. But these technologies only get better “in the breach,” that is, only after the miscreants have crept in, wreaked their damage, and left a trail for us to research build further protections against. One might argue that the data security firms are the very ones sponsoring the hackers, not only to stress-test their products but also to create more customers. After all, isn’t that what arms manufacturers, pharmaceutical companies and private jails do?

And the threat of a breach to one’s security goes up exponentially as we put more of our identities online for convenience sake: banking passwords, medical records, demographic information, selfies taken at every day of our recent lives, purchasing transactions, the list is building… We trust “clouds” with our data, but do we know where these clouds exist? Are they in abandoned warehouses that are fire hazards, in desert server farms subject to climate change, or in countries where regime change is imminent? We just don’t know. All the more reason to encrypt our data from even those who are holding it in safekeeping. Like the old bank safety deposit box, that needs two keys, one of them being yours, in order to open it.

Okay, now we have got to the core need. I need a key, one that cannot be copied or stolen digitally, in order for my data storage box to be opened or closed. I need a physical key. Therefore, I need my data to be stored in a place which I can physically reach and use my physical key to access. Does that mean storing my data on a separate hard drive, not accessible to the internet? And does that imply placing it in a safe or bank deposit box with its own key somewhere within commuting distance? And when I need pieces of data to work on, I just retrieve them from this storage system described above, put them back on my laptop (that is hooked up to the Internet), hoping like hell that no one grabs anything while I am working, despite my fancy firewall protection software, and quickly returning my re-worked data to my safety deposit box after I have finished my work and after wiping my laptop clean? Seems like a rather convoluted process. The world, as we know it, would come to a grinding halt while we engage in these time consuming data security actions.

And the pundits of free enterprise will argue that this back-to-basics approach would be a restriction of our rights and options, a return to hiding our talents under a bushel, to inhibiting the hacker industry and the data security industry, and by extension, the arms, pharmaceuticals and private incarceration industries.

And so we say, “WTF,” and carry on our merry status-quo way, risking hackers, risking identity theft, risking losing all our social media friends who will un-friend us the moment we start behaving peculiarly, and losing our wealth when it is stolen from our bank. Our consolation is that information theft and cryptography has existed throughout the ages, like cat and mouse. Remember those Allied code breakers in WWII? They were the good-guy hackers of the day. Hackers and Cryptographers—one will never vanquish the other, in fact, one lives because of the other, and we are the poor suckers who give them life at our expense. So suck it up and get on with it—security is an illusion.