Is encryption and digital signature of email information a State matter?
Recently, there has been a lot of news circulating worldwide in relation to the unethical actions carried out by the U.S. National Security Agency (NSA) regarding electronic spying and wiretaps on important world political leaders, such as the case of German President, Angela Merkel, or French President, François Hollande.
These actions were not limited to just the European region but have also extended to Latin American countries; such as Mexico, Colombia, Peru or Venezuela. The attacks and privacy violations of the victims were committed via telephone and by electronic access of their email accounts.
In Mexico’s case, various sources are pointing at illicit access to email accounts, both institutional as well as personal; as it appears that both the email of the President, which is shared by various Government members, and that of former President of the nation, Felipe Calderón, were hacked.
The revealed information claims that this action was carried out by the NSA special division dedicated to characteristically more difficult issues, the so-called TAO (Tailored Access Operations); which was responsible for obtaining the server password of the electronic domain of both accounts. This meant access to critical information from the countries’ leaders; and therefore to information relating to State Affairs, relations with other countries and other internal affairs, both political and economic; as in the example from 2012 where they were able to know who would be the Executive members of President Enrique Peña Nieto’s new Government even before the official appointment.
This situation clearly shows the importance and need for appropriate measures to protect information, such as email encryption and/or digital signature; which in addition to protecting information from third parties, guarantees the authenticity of our emails and prevents the alteration of its content.
We have to be aware that the digital world makes communication easier and faster, but also poses many risks to the privacy and security of our information and identity making protection absolutely necessary. Today, securing communication channels when we use the internet is no longer an option but a requirement if we want to feel secure.
Cases such as the email espionage of members of the Mexican Government confirm that both companies as well as public institutions must invest in security measures to be protected.
In this sense; encryption systems, a commitment to the use of digital signature, and the protection of our email servers are excellent tools to strengthen and protect the information we share as well as our own privacy and intimacy.
If it is important to preserve our personal privacy it must be equally as important to protect corporate information and business identities who are just as vulnerable to espionage, information theft, and industrial sabotage.
Only the encryption of sensitive information, both on a personal and corporate level, can serve as a shield against violators of our personal, institutional or business privacy, and is the best measure we can take to reduce threats and risks that the internet exposes us to.
Also, when the time comes to consider implementing information encryption solutions, we must take into account that out of all of the email and/or digital signature encryption options available on the market, only systems based on cryptographic hardware, Hardware Security Module (HSM) can provide security and reliability levels necessary to preserve our privacy and make us feel safe.
“Cyril Drianne REALSEC Director Mexico,