WhatsApp recently added end-to-end encryption to its instant messaging app. If you have this app, you would have noticed the following messages on your open chats:
WhatsApp explains the motivation behind this new feature on its blog: “When you send a message, the only person who can read it is the person or group chat that you send that message to. No one can see inside that message. Not cyber criminals. Not hackers. Not oppressive regimes. Not even us. End-to-end encryption helps make communication via WhatsApp private.”
It’s comforting to know that when we put our private thoughts and personal details into a chat, they are protected from prying eyes, no matter who those eyes may belong to.
The same should apply to the personal documents you receive from your bank, cellphone provider, insurance broker and utility. Documents like statements, invoices, policies and contracts contain private information that is valuable to criminals and it makes sense for these documents to also be protected from end to end in their digital journey.
Insist on end-to-end encryption for your personal documents
Security in the physical world involves putting a box, fence or wall around what you are trying to protect, to stop those inclined from getting at it. However, once criminals find a way around the physical barrier, they have full access to the goods.
Consider how you protect your car for instance: you could build a garage with an alarm linked to movement sensors, have an alarm and immobiliser installed in the car and if necessary, you can even add a tracking device. None of which, (as many unfortunate victims of car theft know) can really stop a determined car thief, especially the likes of Nicholas Cage or Angelina Jolie’s characters in Gone in Sixty Seconds.
Documents that contain personal information shouldn’t only be protected by simple ‘perimeter security’ that could be breached; leaving the information inside vulnerable to theft. A digital document should be protected at all points in its journey, as well as every point at which it resides.
Firstly, the document must be protected when it is created at the service provider. This will typically be done using a combination of various encryption applications, password protection, network security and access control.
Then the document must be protected while it is travelling from them to you. This can be done using encryption that ‘scrambles’ the information so that it is unreadable unless you have the ‘key’. If your document was actually a car, then this process would be like having pieces of the car all scrambled together with only the keyholder able to unscramble and make sense of the vehicle.
When the car (your document) gets to its destination, there may be a safe garage in which to park (your computer). Even if someone gains unauthorized access to the garage (your computer), because the car is scrambled, there is no use stealing it unless they have the key (your password).
Ensuring that your key is too difficult to replicate would be like making your password ‘unguessable’ even by a blunt force cyber algorithm.
What about document protection when in storage?
Your documents also need to be protected if they reside in a document repository. If your service provider is storing all customer documents in a repository, unencrypted, it’s like having lots of cars parked ‘unlocked’ in a multi-car parking garage. There may be security in and around the parking garage itself, but if a criminal is able to get past it, they will have access to all the cars inside, which are just waiting to be stolen.
In the digital world equivalent, to avoid your data being vulnerable when stored in a document repository,each individual document must be ‘locked’. In this scenario, when reverting back to the cars in the parking garage, it would mean that a criminal who bypasses the garage security will find themselves with access to a bunch of unusable cars.
As our lives move rapidly from the physical world onto digital platforms, so you, as a consumer need to demand that your digital identity be secured no matter where the information may reside. Just as Whatsapp has now secured all personal chats, you need to demand that all your personal documents are protected at all points in their digital journey and destination.