After a careful review of the features and benefits of the encryption program, Pretty Good Privacy (PGP), and the reviews about the product, it is my opinion that using an encryption is still a good idea for individuals and organizations, provided that it is used responsibly at all times. The operative word here is responsible use. In his article, “Why Criptography is Harder than it Looks”, Schneier (1997) sums up the objectives of encryption programs as follows: … it helps provide accountability, fairness, accuracy, and confidentiality.
It can prevent fraud in electronic commerce and assure the validity of financial transactions. It can prove your identity or protect your anonymity. It can keep vandals from altering your Web page and prevent industrial competitors from reading your confidential documents. Clearly, the objectives of the program are noble and the encryption programs address a most vital need individuals and organizations for security and protection against external threats. Even Schneier (1997) admits the need for one. The deeper issue that he raises, and one that needs to be addressed by programmers, is technical in nature.
He points out to the vulnerability and exposes the flaws of the existing program against threats and attacks. This is a very valid concern, and one that deserves immediate attention as unscrupulous individuals are getting more and more technically savvy in stealing data for their own criminal purposes. It does not help that in some cases, the same programmers who created encryption programs are themselves the perpetrators of crimes against fraud. The challenge is for programmers to continuously update and improve the features of encryption programs and increase the level of security while providing ease of use / convenience to users.
There are many possible threats to individuals and organizations that Schneier identifies: electronic commerce schemes; privacy violations; electronic vandalism, among others. Presently, commerce and communication continue to grow at a rapid pace and is projected to grow even further in the future. Hence, the need for security is becoming more and more vital, both to individuals and to organizations alike. Lenstra (2006), in his article “Cryptographic Compliance: Good or Bad? ”, once again raised the issue of technical flaws of present encryption programs.
In it he decries the inadequacy of the present programs against threats of attacks. It is generally felt that the intended level of cryptographic security of several of the standardized cryptographic tools is no longer adequate simply because processing is getting faster. To make matters worse, it was shown that one of the standardized—and widely used—tools does not even reach that intended level of security. As a response to the clamor for increased levels of security, Lenstra (2006) further informs that new standards are in the make that will lead the way for the migration to an adequate level of cryptographic security by the year 2010.
Suite B Cryptography was recently announced by the US National Security Agency (NSA). It is meant ‘to provide industry with a common set of cryptographic algorithms that they can use to create products that meet the needs of the widest range of US Government (USG) needs. ’ Although targeted at US Government use, there can be no doubt that use of Suite B Cryptography will spill over to general use. As a consequence, the usual compliance approach will soon virtually force companies worldwide to adopt the methods included in Suite B Cryptography.
All these discussions go back to the central issue of responsible use of the encryption programs, or any other program for that matter. While efforts are being pursued to improve on existing weaknesses of current programs, governments must continue to be vigilant against hackers / threats to individual and organizational security. Stiff sanctions must be imposed on anyone found guilty of committing fraud. Until sanctions are not considered deterrent factors by unscrupulous individuals who make a living out of cheating, it will grow unabated. After all, cheating will always be a part of commerce.
Thieves don’t follow rules. They just attack. Thus, it will always pay to be conscious of our security, whether as individuals or as organizations. Individuals and organizations must take an active part in protecting themselves against any form of threat. As Scheiner (1997) cautions, Honest users cause problems because they usually don’t care about security. They want simplicity, convenience, and compatibility with existing (insecure) systems. They choose bad passwords, write them down, give friends and relatives their private keys, leave computers logged in, and so on.
It’s hard to sell door locks to people who don’t want to be bothered with keys. In times like this, it always pays to be safe than sorry. REFERENCES Lenstra, A. (2006). Cryptographic Compliance: Good or Bad. Retrieved 7 July 2009 from http://ditwww. epfl. ch/SIC/SA/SPIP/Publications/spip. php? article1150 Schneier, B. (1997). Why Cryptography Is Harder Than It Looks. Retrieved 7 July 2009 from http://www. schneier. com/essay-037. html. Wikipedia. (modified 2009) Pretty Good Privacy. Retrieved 7 July 2009 from http://en. wikipedia. org/wiki/Pretty_Good_Privacy