PGP Corporation - CEO Blog

Predictions for 2009

"Regular readers of this blog know I’m not a big fan of making year-end predictions. With each passing year I’ve become more of a believer in Alan Kay’s view that, “The best way to predict the future is to invent it.” Now I can’t preview here the great products and services PGP Corporation will bring to market next year, but I would like to comment on some other predictions I’ve seen recently."

Death by Point Solutions

"If ever there were a time that seemed to fulfill the Chinese curse, “May you live in interesting times.”, surely this one does. With financial markets reeling from the perfect storm into which they’ve sailed, the United States in an historic governmental transition, and businesses and consumers alike wondering what could possibly happen next, these are undoubtedly “interesting” times."

The NEW Data Wars Have Begun - Chapter 3: New Enemy, New Strategies, and a Few Old Weapons

"If you’ve been following my blogs for the last couple of weeks, you know that we have entered a new phase in the war against hackers and cybercriminals. Moving forward, the bulk of data breaches perpetrated against private and public enterprises will be driven by large well-organized criminal syndicates based primarily in Eastern Europe and Asia."

Bletchley Park Needs YOUR Help

"Yesterday I had the privilege of visiting Bletchley Park to announce a new initiative that PGP Corporation is co-sponsoring with IBM to support the fine work being done at The National Museum of Computing (TNMOC) in the United Kingdom. TNMOC is housed at the same Bletchley Park facility that hosted the largest code breaking operation of World War II. It is dedicated to preserving the computing machines and history that have been critical in the development of Europe’s IT industry and the study of computer science worldwide. TNMOC already contains the largest collection of functioning historic computing devices in Europe."

The NEW Data Wars Have Begun - Chapter 2: Armies and Insurrections

"I’ve written previously about the dangers of “fixed embattlements” in both warfare and data security. I’d like to extend this metaphor one step to provide some perspective on the changes that are now occurring in the war on cybercrime as well as how we need to change our mindset. This is big business for criminals, in one year alone the cost of cybercrime has jumped from $2 billion in 2006 to $7.1 billion in 2007 so we need to look at how the war is being fought if are even going to begin to win some battles."

The NEW Data Wars Have Begun

"It was heartening to see the news yesterday that eleven suspects have been arrested and charged with executing the epic TJX data breach. It was the largest data breach ever recorded when it occurred. The thieves made off with more than 40 million customer credit card records and authorities now estimate personal and corporate losses are in the hundreds of millions of dollars and rising. While the arrests are certainly good news, this case points out some of the key changes that have occurred in the battle to protect confidential information in the last couple of years."

Vannevar Bush

"March marked the 118th anniversary of the birth of Vannevar Bush. Little known outside of “Big Science” circles, Bush was responsible for the development of the federal scientific research system as we now know it."

Cold Boot Attack Commentary

"It’s been really interesting watching the variety of reactions to the announcement two weeks ago that a Princeton based team had found a way to extract data (including encryption keys) from laptops even when they are supposedly "off"."

Metrics that Matter

"Regular readers of this blog know that I rarely use this space to directly promote PGP Corporation, preferring instead to focus on issues relating to public policy and individual privacy. Recently, though, I’ve started to notice a disconcerting trend in the way vendors, particularly in the security space, discuss their accomplishments. I have to admit that I’m grateful I’m not an IT executive these days trying separate the wheat from the chaff."

The 2007 Seasons Greeting: "We've lost your data. Happy holidays!"

"Back on January 2 of this year, I wrote that 2006 would be remembered as the "Year of the data breach," and expressed my hope that 2007 would be remembered as the "Year of Secure Data." Proving the utter folly of making predictions about the future, 2007 didn't exactly turn out that way. As 2007 draws to a close, it's clear that it was a far worse year for data breaches than 2006. In fact, we didn't even make out of January before T.J. Maxx announced it had lost the personal information of 93 million people, making this the largest loss of personal information in history."

2007: Do Not Track

"You may have noticed the news out of Washington that the Federal Trade Commission (FTC) held a workshop a few weeks ago on the topic of "behavioral targeting" of Internet advertising. For those of you not familiar with the term, it basically involves presenting advertising based on your specific Web usage patterns."

2007: IBM Keynote

"I had the privilege recently of delivering the keynote address at the 4th Annual IDC Security Forum in New York with Julie Donohue, IBM's VP of Security and Privacy Practices. Those of you who are regular readers of my blog know that I've been preaching the need to "Protect the Data" since we re-formed PGP Corporation 5 years ago. What I learned in listening to Julie is that the ideas we were promoting in 2002 have gone mainstream in a big way."

2007: Hotels need to offer data security, not just a nice view

"One of the most fun parts of my job is when my friends tell me how they're using PGP products to protect their personal and professional information. Whether it's preventing their children from inadvertently altering financial records or preventing competitors from accessing new product plans, I always enjoy these stories tremendously."

2007: Corporate Currency

"Last month, we initiated PGP Corporation's participation in a new program to highlight the risks associated with unsecured corporate data. We believe that data is the new corporate "currency," and we're committed to bringing products and practices into the mainstream that treat it as such. The interesting thing about this particular metaphor is that it’s quite instructive in highlighting just how far we have to go in developing standards of conduct for handling confidential information."

2007: Do You Have the Time?

"This year marks the 60th anniversary of the creation of the Bulletin of Atomic Scientists' famed Doomsday Clock. The clock was originally conceived as a way to promote the risks associated with the unconstrained proliferation of nuclear weapons. Although it's certainly a morbid metaphor, there's no denying the Doomsday Clock has achieved its primary objective: No nation has chosen to exercise its supposed first-strike capability since the clock first appeared."

2007: H1B Visa Program: If it's broke, please DO fix it!

"Newspapers from coast to coast covered last week’s announcement by the U.S. Citizenship and Immigration Service that they had received more than 150,000 applications for the 65,000 H1B visas available this year. The more startling aspect of the announcement was that it was made the same day the program opened for the year."

2007: Psychology of Security & Privacy

"One of the most interesting and under-reported events at the recent RSA® Conference 2007 was the release of a paper by Bruce Schneier. Entitled "The Psychology of Security", the paper focuses not on how to make systems more secure, but on the plethora of variables that determine whether or not we feel secure as individuals. The paper is available at www.schneier.com/essay-155.html, and I encourage anyone with an interest in computer or any other kind of security to review it."

2007: Protecting Information: In the Zoo or Out in the Jungle?

"As it does every winter, the information security industry gathered last week in San Francisco for the annual RSA Conference. More than 300 vendors and 15,000 security professionals focused on one thing: making companies more secure. And there was one obvious and I think very positive development this year: For the first time, there was a real focus on protecting not just the network infrastructure, but also the data that resides therein."

2007: The Perfect Wave

"At this time of year, the world's best professional surfers gather just south of San Francisco at a beach called "Mavericks". They gather and they pray for the the giant storms to form 2,000 miles to the north in the Gulf of Alaska. When the weather and currents all cooperate, the result is some of the largest perfect waves on earth. In 1994, the leading big-wave surfer in the world caught one of these forces of nature at Mavericks and died surfing it. This is not a game for the faint of heart."

2007: The Year of Secure Data

"One clinical definition of insanity is doing the same thing over and over while expecting a different outcome. When it comes to information security, 2006 proved this maxim. Based on the number of reported data breaches, it's clear that the classic methods of protecting confidential information aren't working as intended. From simple laptop theft to the kind of socially engineered breach experienced by ChoicePoint, the "bad guys" appear to be winning the war—and nearly all the battles."

Celebrating 15 Years of PGP Encryption

"We are celebrating a number of anniversaries this quarter in the cryptography community. Today, PGP Corporation acknowledged the 15-year anniversary of Phil Zimmermann's first release of PGP® encryption. As Phil noted in today's press release, back then, cryptography was considered a criminal act in some quarters and today it's being legally mandated in many parts of the world. Yes, we have come a long way, but we still have a long way to go."

Offline Identity Theft Pt.2

"Last week, we covered the myriad ways your identity can be stolen using simple offline techniques. This week, we’ll look at the slightly more sophisticated and no less criminal approaches being used by online crooks."

Offline Identity Theft

"Id like to spend the next 2 weeks discussing identity theft. Why? First, because its the fastest-growing crime in North America."

Encryption: Myths and Urban Legends

"PGP Corporation recently commissioned a study that, among other things, measured common beliefs about encryption."

Know Thine Enemy and Thine Customers

"This week, we have a classic example of what happens when you build a point security product without a broad understanding of the environment into which it will be deployed."

EMC-RSA: Why Protecting Just the Back Office Isn't Enough

"It's been interesting watching the financial and industry analysts dissect the EMC acquisition of RSA..."

Buying into a Culture of Security

"The merger wave of 2006 hit the IT security sector yesterday..."

Security issues? What security issues?

"It's been interesting watching the IT analyst community "rediscover" the encryption market recently."

Quantum Cryptography Breakthrough?

"Three or four times per year, I read reports about a new "breakthrough" in cryptography."

Password Recovery: Fact or Fiction?

"I suppose it's a sign of just how ubiquitous PGP encryption has become that we now have companies developing products to allow for the "recovery" of lost passwords"

PGP Extensions to OpenPGP

"Occasionally, someone asks me if other vendors supporting OpenPGP isn't bad for PGP Corporation."

OpenPGP

"In the last few months, a number of email security vendors have announced support for OpenPGP, the encoding scheme used in all PGP products."

Protecting Your Personal Financial Data

"I mentioned 2 weeks ago that the real threat to individual privacy in the U.S. today comes from the dual threats of identity theft and the large-scale collection and dissemination of personal financial, medical, and other information"

Perceptions of Encryption Yet to Catch Up with the Reality

"A recent survey by The Ponemon Institute proves just how long it can take perception to catch up to reality"

Preventing Identity Theft

"Its been interesting watching Congress debate whether or not the President broke the law in ordering wire taps on certain phone calls by suspected terrorists."

Microsoft Joins the Privacy Bandwagon

"It was heartening to see Microsoft get on the privacy bandwagon so enthusiastically this month."

Europeans Lead Data Privacy Movement

"One of the great ironies of the advent of the Information Age is that our personal information is less secure from prying eyes than ever."

PGP Encryption for BlackBerry Devices

"As promised, PGP made big news yesterday. PGP Corporation and Research in Motion (RIM) announced the PGP Support Package for BlackBerry."

Whole Disk Encryption Extends PGP Universal

"There has been great excitement this week as we announced PGP's first stand-alone full disk encryption product line, PGP Whole Disk Encryption."

Oracle Sees Need for Persistent Encryption

"The big news in San Francisco this week is that Oracle OpenWorld is in town..."

Turing Award Recognizes Creators of TCP/IP

"Once a year the Association for Computing Machinery (ACM) bestows on one or more computer scientists the Alan Turing Award..."

Time for Congress to Recognize Our Fundamental Right of Personal Data Privacy

"One of the consequences of the data breaches at CardSystems, ChoicePoint, CitiBank, etc. is that Americans are beginning to recognize just how public and vulnerable the details of their personal lives can become."

CardSystems NOT Just Another Data Breach

"Coming on the heels of similar announcements from Bank of America, CitiBank, and Time-Warner, the disclosure that CardSystems' database of credit card data had been breached seemed like just another in a string of similar announcements."

Zimmermanns zFone

"I was really gratified to see the enthusiastic response PGP inventor and advisor, Phil Zimmermann, received when he announced his latest project at BlackHat last week."