Solution to Keep the US Government from Snooping

Solution to Keep the US Government from Snooping

In light of continuing news reports of the U.S. government snooping on email and related communications insecurities, Dave Anderson, senior director at Voltage Security offers an engaging commentary. He highlights the value of Solution to Keep the US Government from Snoopingencryption, where the intended email recipient, who is validated, is the one to decrypt the email’s data in order to read it. According to Anderson, the ultimate solution is a stateless key management encryption solution that generates crypto keys on demand, and only when encryption and decryption is needed.

“Email is such a ubiquitous form of communication in business today, not just for simple status communications to employees, but also to distribute content and information outside of the organization to customers, partners and suppliers. Most companies are using email to send sensitive information, including financial, HR, health care and other personally identifiable information, often times without realizing the ease of this information being exposed and lost unless the email and attachments are encrypted. 

“Email can be made private and not subject to exposure or snooping, if the proper encryption methods are implemented to protect the email and all attachments end-to-end, all the way through to the intended recipient. Identity-based encryption, which employs a user’s identity as part of the algorithm to generate the encryption keys on-demand, can effectively encrypt and secure email content and corresponding attachments, both structured and unstructured data, and can maintain that level of encryption from the moment it is created until it is decrypted and read by the intended recipient.

“Many of the surveillance programs in the recent news have employed a process not where they are breaking the crypto, but simply sniffing the email and payload content either before it has been encrypted or after it has been decrypted before it’s sent to the recipient. Gateway solutions are common in these scenarios where the sniffing happens at the gateway, once the gateway receives a clear text email but before the gateway encrypts, or alternatively once the recipient’s gateway receives the encrypted email and then decrypts, but before it gets sent to the recipient.  

“Email security has been available since the dot-com era began as PKI programs provided encryption solutions that could be integrated and used within common email systems.  However, these PKI-based solutions were very difficult to properly deploy. They were very manual in nature and therefore, not user friendly, and often the integration with email systems was difficult and not seamless.  Many companies did not deploy email encryption at this time simply because of these issues, although continued to use email to communicate sensitive information, assuming that other security controls, such as user access and authorization, VPN, or DLP solutions, would keep their email secure, which obviously hasn’t been the case.

“PGP, and other PKI-based encryption solutions, force the customer to adopt a manual, difficult process for generating and managing the crypto keys and certificates used to encrypt, decrypt, and validate users. The key management behind these systems is very difficult for the average enterprise to adopt, and is quite costly over the long run, as the management processes for these systems require a great deal of manual activity and oversight. A better alternative is a stateless key management encryption solution, where crypto keys are generated on demand, only when the user needs to encrypt and decrypt.  Stateless key management, combined with an identity-based encryption solution, completely removes the complexity, cost, and management overhead from an email encryption solution, and can be rapidly adopted and integrated into an enterprise.”

About the Author

Dave Anderson is senior director at Voltage Security.

Featured

  • The Business Case for Video Analytics: Understanding the Real ROI

    For security professionals who may be hesitant to invest in video analytics, now's the time to reconsider. In a newly released Omdia report commissioned by BriefCam (now Milestone Systems), the research firm uncovered a compelling story: more than 85% of North American and European organizations that use video analytics achieve a return on investment within just one year. The study, which surveyed 140 end users across multiple industries, demonstrates that security technology is no longer just for security — it's a cross-organizational tool that delivers measurable business value far beyond traditional safety applications. Read Now

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Only 35 Percent of Companies Include Cybersecurity Teams When Implementing AI

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

Featured Cybersecurity

Webinars

New Products

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities 3

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area. 3