Q&A: Jon Callas of PGP

gallery

What you really want to do is encrypt the data and then it wouldn't matter how it goes. I suppose physical media is somehow intrinsically less secure and I'm not sure how much of that is our own bias towards thinking that networks are just more secure.

Could the security breach actually prove to be a good thing if it turns out to be a wakeup call for better data security?

If it is a wakeup call, then yes, it could be a good thing. But for that changes would need to cover all aspects of this incident. How do we make it cheap and easy to encrypt data between government people? How do we make it easy and secure to transfer data? How do we make it easy to sanitize and minimize data sets?

If this were a high tech disaster like an airliner crashing or a space craft going wrong, there would be an inquiry saying 'what can we do to make it right? Should people sending data around at all and if they do how do we make it a safe operation?' The main thing is the government should be looking at what policies should we have. Right know there's the 'let's find the scapegoat' phase and the union is trying to protect the guy who is just doing his job.

There are plenty of worse alternatives to having CDs fly around. They could be giving everybody access to a complete central database, which makes me and anybody else concerned about privacy cringe.

Do the vast proportion of businesses, individuals and governments still send unprotected email and why?

Yes they do, and mostly because they think this won't happen to them. They don't perceive the threat - the view the threat as being 'scary faceless hackers'. I can't think of how somebody would steal and email and so therefore it can't happen; even though I know in theory that anybody with an Ethernet sniffer could get that, it wouldn't happen to me. The thought is 'they wouldn't be looking for my things and there are many other things that I need to be doing'. One of the problems with dealing with risks is that you can thing of many more risks than you have budget.

These CDs: if they were piles of bank notes nobody would have thought to do with them what they did. It's the mental processes somebody goes through to figure out how valuable something is - banknotes are immediately valuable to everyone, data isn't.

Are the issues for secure transfer awareness or technical complexity?

The basic data management of how you would send these systems is no more difficult than setting up an email server. None of this is rocket science!

Assume I want to send you some information. I go to a transfer web site, and select on my disk the file I want to send to you, and give your name and email address. The web site uploads the file to an intermediate server, and sends you an email with a secure (SSL) link. It will send me an email when you start downloading it, and when you complete the transfer. If I wish to encrypt the file as well as have an encrypted link, I have to do that by hand, but this system would have stopped the HMRC incident.

So do we need a system that's more automated, that has less room for human error?

At some point we have to assume that people are at least moderately competent. Any system that says 'let's take the humans out because we know they're idiots' is destined to fail in its own charmingly unique ways. Human begins are simultaneously any system's biggest weakness and greatest strength. If you call me up and say 'I need such and such data - for all people with child benefit I need just this one item which is their postcode' - what if you don't believe that? Is that person being good or bad on that one thing? Are they a good security savvy public servant or are they being a faceless bureaucrat?

Email to a friend

Print this page