Posts tagged " Encryption "

GDPR: how to email data securely to comply with the new regulations

April 5th, 2018 Posted by Industry Focus, IT Services No Comment yet

The European Union’s General Data Protection Regulation (GDPR), which comes into force on May 25, will govern the storage and processing of data rather than its collection. It also includes some very important consumer rights. The most important are the right to be informed, the right of access, the right to correct errors, the right to erase data, the right to restrict processing, and the right take it elsewhere (data portability). How useful these will be in practice remains to be seen, with the help of our loan associates, will help you.

Emails are like plain text postcards because they can, in theory, be read at any of the many servers through which they pass, or by someone tapping a line. Of course, “read by” is unlikely to mean “read by a human being.” However, software can look for things like passwords and credit card numbers. Check out
A more likely problem is sending emails to the wrong address, either because users have got their own email addresses wrong (this happens surprisingly often), or through human error. Pick the wrong address from a list of auto-complete suggestions and you could send personal data to the wrong recipient. This would be a data breach that might have to be reported.

It would obviously be good thing if all emails were encrypted by default so that only the intended recipient could read them. Three decades of history says this isn’t going to happen soon even though it would help secure investments and asset protection information, if at all. Public key encryption is too hard for people who just want to send normal emails.

Some large organisations do have encrypted email services, such as the NHS, but that doesn’t help the rest of us.

Some people do choose secure email services, such as ProtonMail in Switzerland and Tutanota in Germany. However, you also have to send external recipients a password – for example, in an SMS text message – to decrypt the email.

Tutanota users get an email that says “you have an encrypted email” and you click a link to read it, and reply to it, in a browser. You have to export the email if you want to keep a copy.

There are also plug-ins for Gmail and the Microsoft Outlook email program that provide secure email services. If one of your employers is using a secure system, they might let you join in.

If there’s no other alternative, you should encrypt and password-protect your images and documents before sending them as email attachments. Again, you must send the password separately, either via a different messaging service or in the post.


Online storage locations

It’s a good idea to upload attachments and then send people a link. However, bear in mind that you are uploading documents to the company that probably runs the biggest surveillance operation on the planet. Encrypt your documents before you upload them.

Encryption protects data if an online storage service is compromised – it has happened – or if your email is hacked.

Unfortunately, using Google Drive brings up an extra complication. If you are using Gmail, then you can assume that your data is being held in, or passing through by arizona bus company, or accessible from the USA.

GDPR does not oblige users to store data on servers inside the EU. However, there are extra requirements if servers are outside the EU. First, you need to have a legitimate reason for transferring personal data outside the EU. Second, you must have the consent of the person whose data is being exported. Third, you must give that person the option to opt out.

In another post, the aforementioned Liz Henderson explains how to create a GDPR Privacy Notice, and you could adapt her sample to cover Gmail storage outside the EU.

You could switch to using an email service that operates wholly within the EU (see above), if only for any people who opt out, or you could upgrade to Google’s paid-for service.

Google claims that its G Suite and Google Cloud Platform (GCP) services are fully compliant with GDPR, because it offers to sign EU Model Contract Clauses and a Data Processing Amendment. The fine print notes that “the parties acknowledge and agree that Non-European Data Protection Legislation may also apply to the processing of Customer Personal Data” and that “Google will not process Customer Personal Data for Advertising purposes or serve Advertising in the Services”.


Donald Trump

What Trump means for Tech?

January 24th, 2017 Posted by Uncategorized No Comment yet

Thanks to BBC reporter Dave Lee for the following insights:

With Mr Trump, the future leaves many uncertainties. While we can draw a lot from what he has said in the past, more difficult is separating freewheeling campaigning Trump from measured, lawmaking Trump.

Much of the detail below comes from research carried out by the Information Technology and Innovation Foundation, a US-based non-profit group.

It pulled together a report on what Mr Trump has said and pledged when it comes to technology. When lacking in specifics, the report authors drew from attitudes in other areas in an attempt to predict what may happen. You can read the report for yourself here.

Privacy and encryption


Tim Cook – Chief Executive of Apple

The issue:

In the wake of the shootings in San Bernardino, the FBI called on Apple to weaken the encryption on its iPhone in order to assist the investigation into the shooters. The company refused, saying the personal privacy of its users should take precedent. That stance was backed by the majority of the tech community, but not by Mr Trump. User privacy when using technology is a battleground that will continually rear its head during Mr Trump’s term. Today many people are concerned about his views on the surveillance state.

In his own words:

“Boycott Apple until such time as they give that information.” (Campaign rally, February 2016)

“I would come down so hard on [Apple chief executive Tim Cook] his head would be spinning all of the way back to Silicon Valley.” (Bloomberg interview, February 2016)

The call to boycott Apple over the encryption row seemed very much in the heat of the moment. Indeed, Mr Trump said “I just thought of that” during the rally. It wasn’t a boycott that was taken seriously – even tweets on Mr Trump’s Twitter account were shown to have come from Apple devices (even if Mr Trump himself is understood to use an Android device).

When speaking about the controversial power of the NSA and its surveillance capabilities, Mr Trump said:

“I assume when I pick up my telephone, people are listening to my conversations anyway, if you want to know the truth. It’s pretty sad commentary, but I err on the side of security. When you have people that are beheading [you] if you’re a Christian and, frankly, for lots of other reasons, when you have the world looking at us and would like to destroy us as quickly as possible, I err on the side of security.” (Speaking on Hugh Hewitt radio show, December 2015)

What it means:

We don’t really know. Attitudes towards “America First” and support of the military might have assumptions leaning towards Mr Trump at least maintaining the power of the security services in the US, but we’re yet to hear firm policy on the specifics. Mr Trump has said he wants to restore the Patriot Act at which, among other things, used to give the NSA powers to collect bulk data on American’s phone records until that power was taken away by Congress. As with previous administrations, we can expect the war on terror to be the primary justification for these powers to exist. When it comes to encryption, the Apple row gave Mr Trump a chance to make his thoughts perfectly clear, and while the boycott may have been flippant, his attitudes seem firmly set on supposed security over privacy.

Bringing foreign talent to Silicon Valley

Foreign Talent

The issue:

One point of concern for tech firms is the future of the H1-B visa.

The H1-B is considered vital for technology companies that want to fill their ranks with skilled developers and engineers. It’s a temporary residency, but companies can choose to sponsor employees to remain in the US indefinitely.

In his own words:

“I know the H-1B very well. And it’s something that I, frankly, use, and I shouldn’t be allowed to use it. We shouldn’t have it. Very, very bad for workers. And second of all, I think it’s very important to say, well, I’m a businessman and I have to do what I have to do. When it’s sitting there waiting for you, but it’s very bad. It’s very bad for business in terms of — and it’s very bad for our workers and it’s unfair for our workers. And we should end it.” (CNN Republican debate, March 2016)

Mr Trump has been seen to have done a U-turn. He seems to believe the H1-B visa is being abused to bring in cheaper labour, rather than skilled labour. He cited an example in Florida where he said American workers at a Disney theme park were being forced to train their cheaper, foreign replacements.

What it means:

Mr Trump is in favour of highly-skilled immigration, particularly when immigrants have come in to study at top US colleges. It seems likely he will either alter or abolish the H1-B visa and attempt to enforce an alternative that clamps down on what he sees as abuses of the current system.

America’s readiness for cyberwar

Computer hackerResearchers predict a major cyberattack within first 100 days of Mr Trump’s presidency

The issue:

Cyberattacks are becoming more frequent, more powerful, and more dangerous. Forrester Research on Wednesday predicted that “within the first 100 days, the new president will face a cybercrisis”.

And so while much debate in the run up to the election was about Mr Trump’s possible control of the nuclear codes, there’ve been questions over how he’d handle the growing cyber threat from the likes of China, Russia and stateless hacking groups.

In his own words:

“It is a huge problem. I have a son – he’s 10 years old. He has computers. He is so good with these computers. It’s unbelievable. The security aspect of cyber is very, very tough. And maybe, it’s hardly doable. But I will say, we are not doing the job we should be doing. But that’s true throughout our whole governmental society. We have so many things that we have to do better. And certainly cyber is one of them.” (Presidential debate, September 2016)

The quote above was widely mocked as being utterly incoherent. The New York Daily News called it “an out-of-touch comment that would come from your tech-illiterate grandpa”.

Mr Trump was also reluctant to follow the FBI’s lead in blaming Russia for hacking the Democratic National Convention – one of several cyberattacks that were arguably pivotal in winning the race for Mr Trump.

But Mr Trump certainly wouldn’t be the first person in power to have a lacklustre understanding of how technology works, and so it’s broad policy rather than expertise that is most important.

What it means:

Unlike traditional war, where observers can see jets in the sky or tanks rolling across land, cyberwar is much harder to track. It may be that we never learn Mr Trump’s precise thoughts on the USA’s cyberattack capabilities, and they could be enacted in secret.

His campaign website provides vague descriptions of what his administration would do, including an “immediate review of all US cyber defences and vulnerabilities”.

He’s also said he wanted to develop the US’s offensive capabilities so the country could retaliate against cyberattack. This wouldn’t be unprecedented as cyberweapons have been used by the US in the past.

The AT&T-Time Warner mega-deal


Telecoms giant AT&T is set to buy Time Warner, thus becoming even more giant.

In his own words:

“As an example of the power structure I’m fighting, AT&T is buying Time Warner and thus CNN, a deal we will not approve in my administration because it’s too much concentration of power in the hands of too few.” (Speech, October 2016)

It’s a fair point about a large concentration of power. AT&T would not only control the biggest network providing information to the masses, but also much of the content they were creating and broadcasting. Time Warner owns HBO and Warner Bros, not to mention CNN, a news outlet attacked repeatedly by Mr Trump and his supporters during campaigning.

AT&T-Time Warner isn’t the only deal he’s taken aim at, either:

“Comcast’s purchase of NBC concentrated far too much power in one massive entity that is trying to tell the voters what to think and what to do. Deals like this destroy democracy and we’ll look at breaking that deal up and other deals like that. That should never, ever have been approved in the first place, they’re trying to poison the mind of the American voter.” (Speech, October 2016)

What it means:

Another “wait and see”, unfortunately. At this point, there’s just no way of deciphering whether Campaign Trump is the same as President Trump.

If Mr Trump did want to follow through on his words, it wouldn’t simply be a case of stepping in and calling a halt. It would be a long, expensive process through the courts that would make Mr Trump look distinctly anti-business. This would especially be the case if the government went after Comcast some five years after it bought NBC.

On Wednesday AT&T offered an olive branch with this rather flattering statement: “From a company perspective, we really look forward to working with President-elect Trump and his transition team.

“His policies and his discussions about infrastructure investment, economic development, and American innovation all fit right in with AT&T’s goals.”

Amazon’s future

Amazon CEO Jeff Bezos

Amazon CEO Jeff Bezos

This issue:

If Mr Trump and Jeff Bezos were rappers, you’d call this a “beef”.

Mr Trump has made no effort to hide his disdain for Mr Bezos, the billionaire founder of Amazon.

Mr Bezos also owns the Washington Post, the newspaper that perhaps did more than any other to take on Mr Trump’s campaign.

The newspaper was the first to publish the infamous video of Mr Trump making disparaging remarks about women and bragging about sexual assault.

Mr Trump considers Amazon to be a company that is avoiding tax and is anti-competitive.

In his own words:

“Amazon is getting away with murder tax-wise. [Bezos is] using the Washington Post for power so that the politicians in Washington don’t tax Amazon like they should be taxed.” (Sean Hannity Show, Fox News, May 2016)

In various tweets, Mr Trump also suggested that Mr Bezos was using the Washington Post, which like many newspapers loses money, as a way of reducing Amazon’s tax bill. However, the Washington Post isn’t part of Amazon – it’s a company Mr Bezos owns privately, so such a move would not be possible.

That said, Amazon is part of a technology collective that goes to great lengths to pay as little tax as possible, prompting law changes in several parts of the world.

Ironically, using big losses as a way to avoid paying taxes is precisely what Mr Trump has done for much of his professional life, a move he said made him “smart”.

What it means:

Mr Trump’s tweets were an example of the next president taking the bait. The insults followed Mr Bezos saying he’d gladly fund a rocket that would take Mr Trump on a one-way trip into space.

So while Mr Bezos may now regret starting the #SendDonaldToSpace hashtag, we don’t know if Mr Trump will see through his threat to single out Amazon. What’s more likely is a clamp down on tax avoidance across the board, with a likely focus on the myriad inventive ways tech companies relocate their earnings.

The future of energy tech


The issue:

A key area of growth in the US is in renewable energies and businesses built around it. But to accelerate growth of companies like Tesla, the US government has long offered attractive subsidies as a way of tempting in customers who ordinarily could not afford renewable energy.

In his own words:

“The concept of global warming was created by and for the Chinese in order to make U.S. manufacturing non-competitive.” (Twitter, November 2012)

One of Mr Trump’s strongest areas of support was in the so-called coal country area, traditionally populated by coal mines and industries. The region has suffered as concern about climate change pushed governments to embrace renewable energy instead.

Mr Trump turned that on its head by calling climate change a hoax, playing to a crowd that would not notice, nor care, about the incremental changes in climate the Earth is going through.

What it means:

Mr Trump has pledged to “unleash America’s $50 trillion in untapped shale, oil, and natural gas reserves, plus hundreds of years in clean coal reserves”, and the money for it may in part come from ditching subsidies offered to renewable energy efforts.

It may mean that tax credits given to people buying electric cars are no longer be offered. At the moment, a Tesla Model 3, for instance, is reduced from $35,000 to $27,500 when tax credits are factored in.

What all of this means together…

Uncertainty, frustration and an increased fragility for the global home of tech innovation.

Mr Trump certainly won’t want to go down as the president who destroyed Silicon Valley, but the concern here is that of the few policies that have been explained in detail, some seem directly at odds with each other.

How do you promote “great” American companies which provide jobs, while simultaneously dragging Amazon, a massive employer and innovator, through the courts? How do you protect innovation at Tesla when taking aim at efforts to curb climate change?

Silicon Valley may be in America, but it’s by no means an entirely American success story. The region’s success grew out of being an attractive, progressive destination for the best brains in the world.

This industry worries that may be under threat.


How much do you value your privacy?

January 16th, 2017 Posted by Subjects, Voice No Comment yet

I’ve got nothing to hide, so why should I care?

This argument is commonly used in discussions regarding privacy. Colin J. Bennett, author of The Privacy Advocates, said that most people “go through their daily lives believing that surveillance processes are not directed at them, but at the miscreants and wrongdoers” and that “the dominant orientation is that mechanisms of surveillance are directed at others” despite “evidence that the monitoring of individual behaviour has become routine and everyday“.


Most of us do value our own personal security/privacy more than we think. “Imagine upon exiting your house one day you find a person searching through your wheelie bin painstakingly putting the shredded notes and documents back together. In response to your stunned silence they proclaim ‘you don’t have anything to worry about – there is no reason to hide, is there?”.

Of course, most likely you don’t have anything suspicious to hide, but do you really want them looking at your bank statement, seeing receipts for things you’ve bought, letters from your children’s school…even the number of wine bottles in your recycling might be embarrassing?!

Your technological life is no different – you might not be breaking state secrets online, but would you want someone reading your private texts or messages? The heartfelt message to a loved one, an angry text to a friend, something mean said on the spur of the moment? It is essentially the same as your offline life.

Have you considered encryption?

Unless you are very tech-savvy, the likelihood is you haven’t. Luckily, there are some very forward-thinking people and companies out there trying to make encryption the norm. The following apps are all downloadable free of charge.

  • Signal – is an encrypted instant messaging and voice calling application for Android and iOS. It uses the Internet to send one-to-one and group messages, which can include images and video messages, and make one-to-one voice calls.


  • ChatSecure – The app uses open-source, publicly auditable encryption libraries to keep your private business messages private. It’s really flexible, letting you choose between connecting via your existing Google account, or creating a new account on a public XMPP server. Users who want even stronger security can connect to ChatSecure from their own private server. And unlike with many rival apps, ChatSecure doesn’t require your phone number of any other personal data to get started.


  • Gliph is a secure messaging service that you can use on all of your computing devices. When you’re on the go, use the iOS or Android app on your smartphone. When you’re at the office, use the Gliph desktop app so you can send and receive messages using a mouse and keyboard. Another key feature is “Real Delete,” which lets you permanently delete a message from both the sending and receiving device, as well as the Gliph server, whenever you choose. You can also attach a pseudonym to your main account at any time, so you can use a screen name for personal chatting and switch back to your real name for professional communications.


  • Wickr is a secure messaging app that lets you set an “expiration date” for every message you send; just select a date and time for your media to expire, and it will automatically be deleted at that time. That way, you don’t have to worry about a third party inadvertently reading private communications that are left on a contact’s smartphone. Meanwhile, the app features end-to-end encryption for all messages, and it lets you remove metadata from individual messages, such as the time it was sent, as well as geo-location data. Another handy feature gives you the ability to completely clear away message files that have been manually deleted but still reside on your smartphone’s memory. Wickr also has standard messaging features, like the ability to chat with groups of up to 10 people at once.