Data Protection & Encryption - Challenges and Solutions!

In the recent elections, the victory of Donald Trump has alarmed privacy advocates who worry that self-described “law and order President,” may take a more heavy handed approach towards issues of security. The principle concern is about attempts to weaken or impair the encryption techniques that is mainly used to protect sensitive data and maintain user privacy.According to the CIA Director, use of strong encryption is a red flag of nefarious activity. However, still the government should be careful and cautious when it comes to forcing companies to comply with law enforcement surveillance efforts. In the past, Trump went to the extent of boycotting Apple for its stand on encryption as it pledged to fight a court’s judgment to help the FBI to unlock the iPhone used by the shooter in San Bernardino terror attack. In response to the situation stated above, Senators Diane Feinstein and Richard Burr presented an enactment, “Compliance with court orders act of 2016” (CCOA) which forces tech companies to sidestep their own, when given a court order to do as such.Well then, as a strategic approach for starters to limit the collection of data. The reduced quantity of data is critical considering the scenario where any encryption backdoor mandate predicated by policies to compel companies to collect and store information about their users.Limiting the collection of data provides two significant benefits to companies. First, less data means lesser impact due to any potential mandate.Second, minimizing the bulk collection of data can also help a company mitigate the consequences of a hack or data breach.Here we are talking about a crime syndicate that can hack into any network with great ease and it is impossible to stop such organizations from hacking data. In the past commercial entities like Yahoo!, Verizon and ADP have faced such situations. In other words, it is not a question of a company getting hacked, but it is a question of when the enterprise gets hacked.Another solution to the above situation Is that the companies could prepare themselves for implementation of an advanced encryption technology that minimizes or eliminates the need to store encryption keys. Mathematical algorithms based encryption techniques is hard for someone to break unless there is a backdoor or an alternative source for the hacker or criminal to expose the user’s data.   Various other policies and limitations could compel the companies to disclose the data of a user or as store it under a court order. To address this requirement company could move to a more advanced encryption model that takes advantage of ephemeral keys to protect the data exchanged between different parties. However, there would be times when we think that ephemeral keys are not sufficient and the need to keep more permanent keys is necessary.For example, a document or a collection of data that stores in the database for longer periods need to have a more sophisticated method of encryption and key management to unlock the data.Here comes the role of biometrics, where the identity of an individual can act as a virtual permanent key, that key would distinguish him from other persons while accessing his database. Hence the companies could be safer and are not subjected to court orders.