PGP Just a Good Idea…

            Here we are in 2013 a world away from the days that one could trust that communications would not be intercepted and read by third parties.  However, with recent disclosures about government spy programs, elite hacker groups, and just normal people sneaking a look see at your computer, what can one do to protect their private communications and data?  Never fear there are ways of protecting your data in the guise of personal encryption systems; so let us look at one.

 

            In 1991 Phil Zimmermann created an encryption system that he named, “Pretty Good Privacy” (PGP).  So what is PGP?  According to Wikipedia, “PGP is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting, and decrypting texts, e-mails, files, directories, and whole disk partitions and to increase the security of e-mail communications.” (Wikipedia, 2013)  So how does it work?

 

            PGP combines some features from conventional and public key cryptography, making PGP a hybrid crypto system.  When a user encrypts their data with PGP, in the first stage it compresses the data.  Data compression strengthens cryptographic security. Most cryptanalysis use techniques to exploit patterns found in plaintext[1] data to crack the cipher. Compression reduces these patterns in the plaintext, thereby enhancing the cyphers resistance to cryptanalysis. (PGPI, 2013)

 

            PGP then creates a session key, which is a one-time-only secret key.  This key is a random number generated by the system or program.  This session key works with a secure, conventional encryption algorithm to encrypt the plaintext; the result is ciphertext[2].  Once the data is encrypted, the session key is then encrypted to the recipient’s public key.  This public key-encrypted session key is transmitted along with the ciphertext to the recipient.  Decryption of PGP data works in the reverse.  (PGPI, 2013)  PGP forms the bases of consumer level strong encryption.  For further information about PGP look up “OpenPGP” (RFC 4880).

 

            Why should I use a program like PGP to encrypt my data, I have nothing to hide.  Well you might not have anything to hide, but your personnel data is still valuable.  Hackers buy and sell your personal data on the internet every day.  For example, Facebook contains a “treasure trove” of personally identifiable information that hackers manage to get their hands on.  From Facebook you can reconstruct someone’s entire life and use that information to steal his or her identity.  With that much personal information left out in the open on a public website just image what might be on someone’s personal computer. 

 

            In the UK[3] personal data theft was behind 65% of all fraud cases according to the UK’s Fraud Prevention Service (CIFAS). (Pinsent Masons, 2013)  Moreover, in the Unites States 12.6 million Americans where victims of identity theft in 2012.  Leading to $21 billion in losses due to Identity theft in 2012 according to Javelin Strategy & Research’s, “2012 Identity Theft Report.” (Foley, 2013)  One way to protect yourself is to encrypt all of your personally identifiable information on your computer and in your communications, stopping hackers dead in their tracks.  When employed properly PGP can prevent hackers form accessing your personal data and protect you from Identity theft.

 

            Organizations and corporations also have the need to protect their information.  This includes customer information, contract data, sales data, and privileged communications.  All of which could be used by competitors, thieves, and for corporate blackmail.  In 2010, 90% of businesses in a recent study were attacked and breached.  With most of the data taken being personal information and credit and debit card numbers.  However, depending on the information stored at the source and the sophistication of the breach effort itself, a lot of other information could also be compromised like names, addresses, passwords, medical information, account numbers and Social Security numbers. (LifeLock, 2013) 

 

            The average cost of dealing with a data breach in the U.S. was $5.4 million in 2012, while the average cost world-wide for every record exposed in a breach was $136 million.  Furthermore, 64 percent of the breaches resulted from either human error or problems with transporting information or the systems storing the information themselves. (Schwartz, 2013)  With that said, encrypted databases, email, and transmissions protected by programs like PGP can and do protect data from both internal and external threats.  

 

            Strong encryption is not only for governments, you too can be protected by programs like PGP to.  The internet and the world of computing are not as safe as they could be you have to take measures to protect yourself from the evil hackers and the man (that be the government)!


 

Works Cited

Foley, L. (2013, 02 21). Identity theft: Annual number of victims increases to 12.6 million in 2012. Retrieved from Examiner: http://www.examiner.com/article/identity-theft-annual-number-of-victims-increases-to-12-6-million-2012

LifeLock. (2013, 10 30). Corporate Data and ID Theft. Retrieved from LifeLock: http://www.lifelock.com/education/articles/id-theft/corporate-data-id-theft/

PGPI. (2013, 10 30). How PGP works. Retrieved from The International PGP Home Page: http://www.pgpi.org/doc/pgpintro/

Pinsent Masons. (2013, 01 21). Personal data theft behind 65% of all fraud cases, says UK Fraud Prevention Service. Retrieved from Out Law: http://www.out-law.com/en/articles/2013/january/personal-data-theft-behind-65-of-all-fraud-cases-says-uk-fraud-prevention-service/

Schwartz, S. (2013, 07 15). Identity Theft from data breaches grows; as does the cost of those data breaches. Retrieved from IdentityGuard: http://www.identityguard.com/identity-theft-resources/identity-theft/identity-theft-from-data-breaches-grows-as-does-the-cost-of-those-data-breaches/

Wikipedia. (2013, 10 30). Pretty Good Privacy. Retrieved from Wikipedia: http://en.wikipedia.org/wiki/Pretty_Good_Privacy

 



[1] Plaintext is unencrypted data also known as red data.

[2] Ciphertext is encrypted data also known as black data.

[3] United Kingdom (UK) a country in Europe

Share

Comments are closed.