Recently I attended the Digital Security & Identity conference in Wellington. My role was to facilitate a discussion on Social Media Surveillance and its implications, but it was an earlier speaker whose presentation stuck in my mind.
Vikram Kumar is the CEO of MEGA and his talk was on Online Privacy. If we weren’t paranoid about the GCSB and the like before Vikram began, we certainly were after. There was even a scary YouTube clip shown explaining the Panopticon which will certainly become another blog post. With the Dotcom saga and the GCSB Bill coming to pass it was a timely presentation.
Vikram stated that “the future of the internet was encryption”, and if you check out the MEGA website you can see they’ve built a business model around that: “we use a state of the art browser based encryption technology where you, not us, control the keys.” The example he used in his presentation was that emails are like a postcard: once picked up they are very easy to read. Encrypted emails on the other hand are like a letter: covered up so a nosy postman/neighbour/GCSB officer cannot read it without opening it and alerting you that your mail is being tampered with.
There have been many examples (and ACC are a prominent one) where confidential emails have been sent to the wrong person and when opened have caused embarrassment and/or legal issues. With encryption, even if someone received the misdirected email, it would be useless without the key.
Person + key > email > Person + key = 🙂
Person + key > email > Person + NO key = 🙁
It sounds wonderful and is likely a popular product offered by MEGA. Indeed the future of the internet could be encryption.
However, I can see one snag: Encrypted emails could also be the perfect Trojan.
Encrypted emails in their ‘letter’ like form won’t be able to be screened by the likes of the IT security team in the way they can access the ‘postcard’ type emails. If the sender’s email was somehow compromised before it was encrypted, then a virus could be inserted and sent to the recipient. Yes? And once opened the virus is then ready to go to town. Or have I been watching too many James Bond movies?
Now for those that know me will understand I am not the ‘tech’ guy at Mosh, so if you read this and have some valid points on how this issue is a non-issue and that it can easily be solved by [insert technical solution here] then please comment below. You just might help me sleep better at night.
PS – If you would like an injection of paranoia then do watch the Panopticon clip.