There's no such thing as ‘secure’ anymore. Debora Plunkett, NSA
MasterCard, Visa and American Express announce a new global standard to make online and mobile shopping simpler and safer.
October 1, 2013
Take Back Control
™Executive Summary
Businesses violate your privacy every day because collecting, using, sharing, and even losing your personal information is justifiable way to make more money. And as Edward Snowden has shown us, government agencies like the NSA routinely break the law with their own data collection practices. Over the last few years, privacy has grown from a back-office compliance issue into a global problem affecting more than a billion people.
But there's another problem – the Internet itself is at risk because much of its underlying security is getting too complex and less secure. The most common encryption technologies are being "cracked" by entities ranging from government agencies to anyone with access to new, powerful computers. And yes, they will one day be available to everyone using the Web.
So, the bad news is that the security problem has to be solved along with the privacy problem. The good news is that this White Paper explains how both security and privacy will be solved.
The author of this White Paper has long been a force in data security, with about twenty issued and pending patents. Many financial institutions are adding similar technologies to make sure that credit cards have the latest and best security.
The privacy problem has been solved by a firm and product called Make It Private (MIP). Its solution is simple: give each person control of his or her personal information in a way that can be used on any Website. This means that more that a billion Facebook, Gmail, Yahoo Mail, Hotmail, Google Docs, Office 365, etc. users finally have the option of privacy. This also means that millions of businesses will have desirable features like redactable email and centralized control.
The consumer version of MIP will be available for the 2013 Christmas season and is priced so that anyone wanting to take back control can afford it. The enterprise version of MIP will be available in early 2014 and will be priced to be less expensive than the vulnerable security products that it replaces.
If you’re not paying for it... you’re not the customer. You’re the product being sold.
EU Data Regulation:
Protect EU residents outside the EU. Require specific explicit consent. Safe transfer of data outside the EU. Data breach notification within 24 hours. Penalties up to 2% of worldwide sales. The right to be forgotten.
The right of portability.
Wall Street Journal
Security means the ability to prevent information from being inadvertently or deliberately disclosed.
If encryption is safe, why do the standards keep changing? And what happens to all the files stored with an old standard?
The NSA spent $250 million to undermine encryption systems used by millions of people around the world. New York Times
Once quantum computing comes into play, it's game over for conventional cryptography. InfoWorld
Industry Background
Privacy in the US is a compliance issue and is something that companies are forced to do, so they make the most out of this compulsory expense. To illustrate, the first Chief Privacy Officer course was offered back in 2000 and focused on things like preparing a company spokesman and how to testify before a committee... but nothing on how to actually protect a person's privacy! Privacy Policies themselves are misleading because they are linked to Terms of Use that eliminate any right to privacy. Google's, for example, states that if there is a data breach "WE EXCLUDE ALL WARRANTIES." Google is not alone – more than 10 million Websites have similar disclaimers. The reason is simple – collecting personal information is how companies make more money.
Things are very different outside the US. In Europe, privacy is explicitly regarded as a fundamental human right. This can be traced back to how the Nazis used punched cards to track Jews. Today, Germany is a leading privacy advocate to make sure that government tracking and abuse never happens again. The 1998 EU Data Directive was a first attempt at protecting its citizens. In spite of its flaws, the Directive has been adopted by all industrialized nations except the US, including our neighbors Canada, Mexico, and the Pacific Rim countries.
In business, firms like Facebook have raised privacy awareness to the point where almost half of those who quit do so because of the lack of privacy. But with more than a billion users, Facebook sees this as a justifiable cost of doing business.
These differences between the anything-goes US perspective and the fundamental-human-right EU perspective has been a source of conflict for years, and there are ongoing threats of a US-EU trade war over privacy.
Two related events recently pushed this privacy debate onto the front pages. The first was the announced overhaul of the EU Data Directive with a proposed new EU Data Regulation ("directive" was optional, "regulation" is mandatory). The Regulation contains provisions like the "right to be forgotten" and stiff penalties for non-compliance. Not surprisingly, US lobbyists have worked hard to delay or kill the Regulation, calling it "technically impossible." The second event was Edward Snowden's disclosure about the NSA spying on everything from foreign governments to US citizens. These two events are related because the outrage towards the NSA has crippled any opposition to the proposed Regulation.
Many US policymakers are frustrated with the lack of privacy leadership. On September 24, 2013, California announced a new law that would give its teenagers an "erase button to delete their Web mistakes." This is a direct copy of the new Regulation's "right to be forgotten." When the Wall Street Journal asked if there should be laws allowing people to remove data about themselves from companies that compile similar profiles, the overwhelming majority said Yes.
The need for privacy is finally being debated everywhere, from the United Nations with the President of Brazil "launching a blistering attack" against US policies, to millions of dinner tables around the world.
The Other Problem − Encryption
Before there can be any hope for privacy, there has to be a way to store personal information securely. Currently, this is being done using encryption technologies. This is where data is scrambled with the hope that it cannot be later unscrambled, or "cracked." But as computers get more powerful, this cracking becomes easier. Recent disclosures reveal that the NSA has found ways around encryption, and that it has also intentionally subverted encryption standards to make them even easier to crack. Bruce Schneier, one of the most respected encryption experts, has admitted, "the NSA is able to decrypt most of the Internet" calling this revelation "explosive." To make matters worse, new computers are being developed that will have near-infinite processing capabilities. They're called "quantum computers" and Google and the Chinese government already have them. Recent reports have stated that these new computers will crack some of the toughest encryption known to man and will put state secrets, financial transactions, and personal information at risk.
Make It Private asked HP, IBM, Symantec, and McAfee how their encryption products protect against quantum computers. None had an answer or even a plan.
Merchants won’t have to worry about keeping payments secure and consumers won’t have to worry about getting hacked.
Pymnts.com
Encryption is notoriously expensive to implement and manage. Tokenization’s ability to improve security and slash compliance expense makes it uniquely attractive. Yankee Group
While expensive now, a quantum computer manufacturer has stated that they will one day be available to anyone with Web access. As one headline says, "With Encryption Being Insecure, Whom Do You Trust?" Some feel that this even puts "military grade" security at risk.
Even if encryption was able to support the new privacy laws (such as the new "eraser button," which it does not), encryption is not a sustainable way to protect personal information.
Introducing Tokenization
The conceptual solution was in part derived from an interesting source. During World War II invading armies stole art, and one of the most prized art forms was the stained glass in cathedrals. French priests did something both simple and brilliant – they gave each piece of glass to a different parishioner who was told to hide it in a safe place. At the end of the war, each person was told to bring back his or her piece of glass. The art was impossible to steal because it was stored in multiple locations that were unknown by any one person. The individual pieces of glass had no value without a context, and the context (the lead frame) had no value without the stained glass. The latest and best type of security does the same with data – it removes sensitive fields from a file and stores them in separate locations. The original sensitive fields are then replaced with random pointers, or "tokens," that are later used to locate the sensitive fields, but only if and when a user authenticates and has permission. These fields are then seamlessly merged back into the original file for processing. Some refer to this process as "tokenization."
MasterCard, Visa and American Express have announced tokens as a new global standard to make the Internet simpler and safer. Tokens do not require complex key management. But their major benefit is that the original file does not contain sensitive data, so it cannot be cracked because the sensitive data is simply not there.
Major firms like IBM, HP, and Dell have begun to do the same because tokens solve the problems associated with encryption. Here's how Teradata sums this up:
At Make It Private, we know a lot about tokenization, based on a longstanding history of patented inventions in the areas of consumer privacy and data security.
The Hidden Power of Tokens
Even the major firms do not fully appreciate the benefits of how we design products. For example, encryption strength and token strength are very different:
Encryption strength comes from
when a file was created,
not when it is accessed.
Token strength comes from
when a file is accessed,
not when it was created.
With encrypted files, everything is locked in time with the assumption that nothing can be cracked. Encryption strength is limited by the standard at the time a file is created. Tokenized files are not locked in time because there is nothing to crack. Instead, their strength is tied to the latest authentication technologies at the time a file is accessed. So unlike encryption that get weaker over time, tokens actually gets stronger.
In addition, tokenized content can be changed and made more relevant based on who the recipient is, and where and when it's being accessed. Embedded forensics also record how a hacker attempts to crack sensitive information, even though nothing is ever at risk.
Privacy means the ability to retain control of information after it has been disclosed.
Teenagers need special protection as they text an average of 3,000 times every month!
It’s wonderful how well men keep secrets they have not been told.
What Is Privacy?
The word "privacy" cannot be found in the Declaration of Independence, the Bill of Rights, or any of the Amendments. A century ago, Supreme Court Justice Louis Brandeis defined privacy as "the right to be let alone" which he said was one of the rights most cherished by Americans. About fifteen years ago, the Center for Democracy and Technology said, "Justice Brandeis' vision of being 'let alone' no longer suffices to define the concept of privacy in today's digital environment. Individuals should be able to interact in modern society without losing control over their personal information. The modern right to privacy also entails, therefore, the right to control our personal information even after we disclose it to others."
"Control after disclosure" is privacy's Holy Grail. It gives individuals (and companies and governments) the ability to control their data when, for example, it's stored in the cloud or sent to someone via email.
The problem is that no products offer control after disclosure. Until now...
Introducing
MIP is a browser plug-in that gives everyone the "technically impossible." By simply right-clicking a field, the contents are separated and sent to a highly secure token vault. The private information never touches the Website:
Websites sell or leak your private information. You have no control.
Right-clicking a field stores private information in a separate, secure vault. You have total control.
Individuals, companies, and even government agencies now have:
Privacy and security that cannot be cracked, even by a quantum computer. Privacy's Holy Grail – control after disclosure.
Support for Justice Brandeis' right to be let alone.
Support for the new EU Data Regulation, including the right to be forgotten. Support for the new California "eraser button."
MIP raises the privacy bar in additional ways:
A user's name and personal information are never requested by MIP. As shown in the stained glass example, everything in the vault is stored out of context in random bits. A government order to hand over the tokenized information for Jane Doe would result in us saying, “Who’s that?” If the order included a specific User ID or email address, we would comply by handing over random bits of information without any context.
Here are just some of the steps a hacker must use to break MIP's privacy: 1. Know which token vault (or vaults) to break into.
2. Crack internal encryption (can be done, this is just a speed bump). 3. Know what file (or files) to access.
4. Know what data in the file(s) is real vs. just "background noise." 5. Know what bytes in the data are significant.
6. Know how the pieces of the bytes are to be put together. 7. Know how to put the bytes together to form the content.
Search engines cannot locate tokenized personal information.
Regular email
Redacted email
To break the privacy of any other privacy (or security) product requires only the second step. Congratulations to any person who does all seven MIP steps! But even if successful, they will only have a word like "Smith" or a number like "4030504." What Smith or 4030504 (the piece of glass) relates to is still unknown because there is no supporting context (the lead frame). And the context is stored in an unknown file on an unknown client device. Personal information with no context is still private.
One of the developments stemming from the Edward Snowden disclosures is that individuals, companies, and even government agencies are less likely to trust US-based products. MIP has been designed so that the token vaults can be hosted in any country if local storage and processing is preferred.
When firms like Google crawl the Web, only the tokens will be scraped and put into their search results. No tokenized personal information will appear in any search result.
Other privacy competitors may try to copy MIP, but we're the first firm to say that the less we know about you, the better we can serve you. We're passionate about privacy and want everyone to be protected, so we've priced it at less than an anti-virus product. The consumer version of MIP costs less than $35/year.
For enterprise users there are even more challenges, features, and benefits.
Introducing
for the Enterprise
Gartner says that within five years, 90% of businesses will have personal information that they don't own or control, and that it "makes sense to hand over personal data" to a third party for management. The most obvious third party to do this is, of course, the owner of the data. Gartner recommends a "people-centric approach to protecting information." MIP permits companies to start doing this right now.
MIP Enterprise includes the following additional features and benefits:
Field-level protection provides more granular control, as shown on the left. Two ways to redact tokenized content after it has been disclosed: by
deleting its contents or by changing the recipient permissions. This is of special importance to law and accounting firms.
In addition to redaction of content, MIP token content can be changed after it has been disclosed. This ensures that price lists, inventory information, newsletters, etc. are never out-of-date. This enables new, simpler dynamic content.
Price lists Inventory Newsletters
Enterprise-grade hierarchical permissions (such as department groupings) enable the management of sensitive information on a need-to-know basis.
Optional warnings and auto securing help prevent sensitive data from accidental disclosure.
Embedded forensics and a centralized control panel increases visibility and control for the entire enterprise.
Current products cost more than $100/seat/year for just encryption. We want every business to have better security and privacy, so MIP Enterprise will be priced at less than $100/year.