Data Security

NSA (The National Security Agency) has been in the news lately.  I am ambivalent about the whole thing.  Certainly knowing what is happening in real time is a great advantage for security and for law enforcement.  But, is it worth its price?  The almost complete loss of individual privacy.

Quite probably we prefer to keep our privacy but is that realistic?  Our ideas of security rely on now obsolete ideas about how to protect things.

I can recall my grandfather commenting that locks keep out honest people.  It is not so different now.  Firewalls, encryption, passwords and PINs have become the locks of today, but the fact remains.  Locks do not keep out everyone.  People with powerful computers hardly notice them.

While the idea of NSA is annoying, it is not a grave concern.  Much as I find it difficult to say, this is one of the areas I still have a vestige of trust for our governments.  I am not so confident about the employees there however and there have been breaches of security at a personal level.  To my knowledge, everyone who has been found has been dismissed.

What I am occasionally concerned about it is “The Others.”  While they may have fewer resources than NSA, they still are becoming adept at pickling the locks that surround our  digital treasures.  Criminals, foreign governments and their agencies, bored teenagers and more are testing the locks.

Some of the problems are of our own doing.

While we may not open the front door to a biker gang, we seem less reluctant to keep the digital door closed.  Using 1234 for your bank card PIN or “password” for your on-line bank access are probably somewhere far down the list from good practice.  Be a little cautious and almost all of the risk will go away.  The NSA probably does not care much about your texts and email.

Security depends on several things.

  • If the data is worth less than the value of the effort to get it, it is reasonably secure.
  • As the cost of brute force techniques declines, you may need to revisit your passwords and make them stronger.  A 5 character passw0rd with only lowercase characters has about 12,000,000 possibilities.  If a semi-competent computer can check 100,000 combinations per second, then two minutes later, at most, it is in.  Using uppercase numbers and some special characters can make it much harder.  With 70 character, there are 1.7 billion possibilities.  Now it takes five hours.   A 10-character password with 70 characters is at 30 trillion seconds to solve.  About 95,000 years.  Passwords and PINs  are the “what you know” key.
  • Another key is “what you have,” the bank card for example.
  • Still another is “what you are.”  Fingerprint or iris scan.
  • Requiring more than one key for the lock makes it far harder for the miscreants.

Some obvious steps.  Do not let others handle your bank card or credit card.  It does not take long to clone one.  Change your PIN and passwords periodically.  Use biometric information when possible.

Here is the point.  If NSA wants to look at your private records they will and not long after they start trying to break in.  Their computers are considerably more capable than the 100,000 tests per second variety.  Practically, you have no lock good enough.  I would prefer privacy but I cannot have it so I am not going to worry about the NSA.  Besides what can they have of mine that matters much?

The irony.  For years people have been complaining that the government does not listen to them.  As soon as one of their agencies starts to listen, they complain about that.  How odd.

Don Shaughnessy is a retired partner in an international accounting firm and is presently with The Protectors Group, a large personal insurance, employee benefits and investment agency in Peterborough Ontario.  |  Twitter @DonShaughnessy  |  Follow by email at moneyFYI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: