VTech Holdings Ltd. fell to a three-year low after the Hong Kong-based company said hackers who infiltrated its online services gained access to the profiles of more than 6 million children whose files lacked encryption.
Almost half of the 4.9 million parent accounts that were accessed belonged to users in the U.S. and the rest were scattered around the globe, the maker of children’s electronic toys, smartwatches and computer tablets said in an online post. About 6.4 million children’s profiles were accessed, with almost half containing information -- names, gender and birth dates -- from kids.
Lack of Encryption in Healthcare Insurance
The FBI warned that medical devices and other hospital and healthcare systems need some serious
security upgrades to weather the coming onslaught of malicious hacking. With an impending deadline to shift to electronic medical records, which fetch a high price on the black market, healthcare systems are an increasingly alluring target for cyber-criminals.
Along with its customers, the Health Insurance companies also suffer from the the hacks of the records that are NOT Encrypted. Aside from the brand and reputation damage and cost of credit monitoring, the company could even be hit with fines for HIPAA violations due to failure to protect sensitive medical data. Customers face much more severe losses due to lack of encryption such as losing their benefits to imposters and the exponentiating possibility that Medical Implant devices as with millions of other Internet of Things (IoT) devices whose software lacks encryption could face personal injury or even loss of life.
Encryption and Political Rhetoric
After the recent attacks in Paris and San Bernardino, encryption has once again become a political target. Despite there still being no solid evidence the attackers benefited from or even used encryption (in at least one case, they coordinated via distinctly unencrypted text messages) in the U.S. law enforcement and national security hawks have used the tragedies to continue pressing tech companies to give the US government access to encrypted communications—even if that means rolling back security and changing the nature of their businesses.
In the wake of the numerous incidents that have been traced to the Islamic State, otherwise known as ISIS or ISIL, academics and security advocates say officials are again seizing on public fear to push more aggressive surveillance legislation. This month, the French newspaper Le Monde obtained documents from the Ministry of Interior considering legislation to block the use of the Tor anonymity network, a series of virtual encryption tunnels that allow people to share information online without compromising their privacy. The documents also show discussionto “forbid free and shared Wi-Fi connections” used in public places like cafes and airports, during a state of emergency.
Similarly, the British Parliament is in the process of passing something called the Investigatory Powers Bill, which, according to its current draft, would drastically expand the government’s online surveillance privileges and require Internet and phone companies to have “permanent capabilities” that can intercept and collect data passing through their networks.
Why Encryption isn't == Terrorism
It took nearly two weeks for French officials to piece together how a team of nine terrorists planned the deadly Nov. 13 terrorist attacks in Paris that killed 130. And during that time, intelligence officials filled the media vacuum with their own theories for what happened.
A Nov. 15 New York Times story(which was later silently pulled) said the attackers were “believed to have communicated using encryption technology, according to European officials who had been briefed on the investigation.”
According to Motherboard on Dec. 9, At a Senate Judiciary Committee hearing that day, FBI director James Comey went so far as to suggest that companies providing users with end-to-end encryption might need to simply, well, stop doing that.
No government has provided a concrete example of when encryption has stopped them from getting information that they deemed necessary to investigate a terrorist attack, that they weren’t able to get through other means,
Amie Stepanovich, the U.S. policy manager for Access Now, a nonprofit dedicated to defending digital rights.
The simplest analogy for why the narrative around encryption as being anything more than enabler for the privacy and security that people and companies need comes from Whitfield Diffie who helped lead a revolution in computer cryptography decades ago.
"This is like saying, well, you know, cars are of use to bank robbers. This was at one time a very major thing," he said. "Nobody ever took seriously at that time the notion that you should cut down the abilities of cars in order to solve one particular sort of crime."
I look forward to your thoughts and inputs on the critical and timely topic of encryption and it's role in ensuring the privacy, safety and security of people, processes and technology both in your personal and professional lives.