Underscoring the importance of encryption in our increasingly data-driven digital lives, this year’s World Science Festival features its first-ever session on cryptography, entitled Keeping Secrets: Cryptography in a Connected World. During this discussion expect a well-rounded panel—including mathematician and computer scientist Brian Snow, scientist/journalist Simon Singh, cryptanalyst Orr Dunkelman and cryptography researcher Tal Rabin—to break down cryptography, addressing its strengths and weaknesses as well as its impact on security and privacy.
At its heart modern cryptography is all about mathematical algorithms, computer programming and physics, but there’s a practical side to the discussion as well, particularly when you consider the nature of the data that’s being encoded and decoded.
The debate over when, why and how to keep secrets—while certainly not new—has taken on a new sense of urgency in the current age of digital information. Just about every piece of vital information about us is stored somewhere on computers, and those computers often have connections to the Internet, forming the so-called “cloud” we keep hearing about. This means our personal information—credit card, bank account and Social Security numbers, Web browsing habits and online accounts (not to mention the passwords used to access those accounts)—is vulnerable for poaching and posting for all to see.
We can employ a number of tactics to guard our privacy—changing passwords regularly, using common sense about the personal information we volunteer and keeping vigilant watch over our smart phones, laptops and other connected mobile gadgets. Of course, none of these guarantees that our secrets are completely safe, especially when someone with the will and skill to steal digital data really wants it.
Just ask Sony, which recently admitted that hackers had breached its PlayStation Network and stolen customer information (including possibly credit card numbers). The company was quick to point out that some of the customer data taken was encrypted and that encryption levels would be “enhanced” moving forward.
If encryption works so well, why isn’t all data encrypted? First of all, encryption is not infallible. Think of it as a puzzle that someone must solve in order to decode a message. If puzzle isn’t very well thought out, there are computer programs that can easily decipher an encrypted message. Also, encryption requires extra time, money and effort on the backend by the people storing your personal information (aka the people in the cloud). They’ve got to add software and hardware to manage encrypted data as well as the keys needed to encode and decode this scrambled info, so they usually pick and choose what they want to encrypt. (Sony, for example, says it encrypted credit card numbers but not personal information on its PlayStation Network.)
Any cyber security expert will tell you that the best way to protect data is to create a layered defense. When it comes to securing online info (whether it’s for keeping secrets or protecting privacy) there is no layer more important than the ancient art of cryptography.