By now, you’ve probably heard of the mess that is the Panama Papers. If not, let us give you a brief overview:
The Panama Papers are a set of leaked documents containing 11.5 million confidential documents connected to Mossack Fonesca, the world’s fourth biggest offshore law firm. The documents detail how some of the world’s most powerful (and richest) people use offshore bank accounts as tax havens.
The documents were obtained from the Panama law firm by an anonymous source, who gave them to the German newspaper Süddeutsche Zeitung, which shared them with the International Consortium of Investigative Journalists, which shared them with a large network of international partners.
Did you catch that? The confidential data changed hands three times before it was leaked to the entire world. As of now, we don’t even know the full extent of the damage.
Now, we could debate about whether it’s wrong or right given the allegations, but that’s not really the point. The point is, this confidential data was stolen and is now publicly available…which has been happening quite frequently.
Target, Apple, Panama, and the Internet of Things
Rewind to a few years ago, and there was really only one type of data breach people talked about: the retail data breach. It involved someone stealing your card information from a retailer’s point of sale (POS) system and using it to go on a shopping spree. Dangerous? Definitely. Complex? Not really. Most of the bad guys broke into the retailers’ system pretty easily, then installed malware, which then found clear-text cardholder data. Unfortunately, not rocket science.
Fast forward to today, and we’re seeing that data breaches are evolving. People aren’t just breaching financial information – they’re now stealing medical information. The cyber crime industry has exploded. We’re in the age of the Internet of Things. We’re more connected to our device (and between multiple devices) than ever before. Which means breaches are more complex, as are the questions that come with them, such as, “what does this mean for the future of encryption?”
In today’s world, we know our information is incredibly susceptible to interception. And we know the key to protecting that information is encryption. But now, we’re seeing a privacy debate emerge. It’s no longer just about protecting ourselves from malicious intent; it’s a question of how far we’ll go to do so.
We’ve seen this question emerge with Apple and the FBI. Should we allow updates that override encryption in order to get information for a case? Do we jeopardize our own security and privacy in doing so?
The debate over security vs. privacy will undoubtedly continue to be a topic of conversation with the Panama Papers as we find out what they actually contain. Will it help us in learning who the crooks are, or hurt innocent people who were actually storing money legally? Or will it do both?
What we do know is, due to the state of the cyber world, encryption is a must if we want to keep our payment information safe. This is why Bluefin was the first company in North America to receive PCI validation for a Point-to-Point Encryption (P2PE) solution that encrypts POS payments, preventing clear-text cardholder data from reaching a merchants’ system. And since introducing the solution in March 2014, there has been an increased awareness of how the catastrophic effects of payment data breaches are related directly to unencrypted credit card and debit card information in the POS.
However – the big question is whether we will become a society of encryption, where every piece of information — such as private emails, legal documents, and even social media messages — is encrypted in order to keep us safe? And if we do, what type of repercussions will follow?