Coronavirus Pandemic Reminds Us That Security Is Important During the Zoom Boom

Published at: April 3, 2020

Even with all the looming uncertainty surrounding the global COVID-19 pandemic, system security needs to remain at the forefront of companies’ planning. 

Businesses around the world are shutting down under local, state or national decrees as COVID-19 fears bring caution regarding public gatherings. Unsurprisingly, hackers have used the unprecedented opportunity of chaos and panic to probe weaknesses in information technology systems. One of those systems happened to be the United States Department of Health and Human Services, making the act even more egregious, considering the circumstances.

But the problem extends beyond hackers and threats to companies and individuals. During times of crisis, civil liberties also come under threat, and cryptography often provides a shield against unwarranted encroaches by the government.

So, whether you’re a business worried about paying server and security costs during this economic turmoil or an individual protecting your digital assets, cryptography can serve you well.

Hackers will continue to be opportunistic 

It’s an unfortunate byproduct of crises, but hackers can wield social, economic and financial chaos for their gain.

For example, hackers launched a distributed denial of service attack against the Department of Health and Human Services last month in a bid to slow down the COVID-19 response. The current narrative makes the hack seem distinctly malicious in its effort to make the pandemic response slower, but there is likely more to the story.

The surging number of cases and by extension the hoarding of medical data under a consolidated government system presents an opportunity for hackers to abscond with sensitive information. Moreover, when emergency responses elicit rapid reactions, much of the system’s security may be a patchwork of protocols not backend tested thoroughly.

For example, cases being uploaded from the field — such as hospitals, makeshift testing centers, etc. — to government servers that aggregate and display current COVID-19 metrics may contain serious security flaws due to the rapidity of their development. Applications developed by small teams to assist doctors in times of crisis may also not follow security standards, specifically the Health Insurance Portability and Accountability Act — commonly referred to as HIPAA — compliance laws, which are esoteric and outside the scope of most technology-focused engineers.

Hackers, looking for medical data that can be sold at a high value on black markets, likely view this as a gold mine. The hacking incident against the Health Department is probably not the first, nor will it be the last, of ongoing attempts to infiltrate prominent security systems. 

Cryptography provides a useful layer of defense against such intrusions. Masking medical data identifiers and other sensitive information is possible with a variety of cryptographic standards available today. Many projects in the crypto sector explicitly focus on financial applications, but the cryptographic modules for protecting and verifying sensitive data translate to other industries, such as healthcare, very well.

That’s not to say that cryptography is a panacea to the ongoing fallout of COVID-19. In some cases, governments are covertly using the dilemma as a method to subvert encryption entirely, such as is occurring in the U.S. 

Government surveillance covertly gaining favor among amid crisis

Hidden behind all of the headlines about the Federal Reserve interest rate, the S&P 500 tanking and COVID-19 cases was a proposed legislation effort that has profound consequences on the field of cryptography. 

Known as the EARN IT bill, U.S. Congresspeople have proposed a bill that would effectively grant the U.S. government the ability to access “any digital message.” The bill would create a consortium of law enforcement agencies headed by the Justice Department that would institute a standard verification mechanism for any digital message. If the message does not use the standard “verification” of the government’s technology to authenticate the message, then the sending/receiving parties can be sued into oblivion.

Concerning cryptography, this is a disastrous bill. The proposed document cleverly avoids the explicit use of the word “encryption,” but its language indicates that cryptography would become illegal, as all messages cannot be private between two counterparties. The government gets a backdoor.

Encryption would become illegal by default because it preserves privacy and authentication of a message between two parties, preventing the ability of a third party to snoop on the message’s contents.

The bill is still in its early stages, but it shows, once again, that governments do not approve of widespread encryption use among the public. Whether it be the Clipper chip scandal of the 1990s or the subversive move by Congress that is masked by a national crisis, the government’s efforts are persistent.

Fortunately, cryptography — which is empirically just math — does not adhere to the caprices of hackers, governments or opportunities to subvert its influence. The grassroots encryption movement started by cypherpunks and bolstered by the crypto community has spread the technology to an extent that is unlikely to fade away at fiat decree.

For businesses enduring the turbulent COVID-19 situation, don’t forget to account for your security during these vulnerable times. As individuals, remember that cryptography is your friend in protecting your civil liberties during a public health crisis.

The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Dr. Huang Lin is the co-founder and CTO of Suterusu, a project developing trustless privacy technology. He holds Ph.D. degrees in applied cryptography and privacy-preserving distributed systems from Shanghai Jiao Tong University and the University of Florida. He has worked as a postdoctoral researcher at Ecole Polytechnique Federale de Lausanne on applied cryptography for genomic privacy and blockchain-based data monetization.

Tags
Related Posts
Blockchains Are an Excellent Solution for Privacy, Part 3
Some entrepreneurs have been trying to increase data privacy by combining encryption and blockchain technology. There are projects like Oasis Labs and Enigma that focus entirely on preserving users’ privacy. Meanwhile, others have been focusing on preventing data retention by companies. Thus, there is no way to guarantee that personal data is deleted in a company’s data system. Blockchain technology’s reliable consensus ensures that people’s data is used correctly. Protection against software and hardware attacks Companies like Oasis Labs, which designed the Ekiden system, run smart contracts outside the blockchain within a Trusted Execution Environment, or TEE, node to enable …
Blockchain / June 22, 2020
Blockchains Are an Excellent Solution for Privacy, Part 2
From a technical viewpoint, blockchain is a growing records list that is cryptographically tied to and managed by a peer-to-peer network. At the same time, they join a protocol of communication among nodes to validate new blocks. Essentially, a blockchain is a way of validating data transactions in a permanent and immutable manner to guarantee that the transaction: Has not been corrupted. Avoids double-spending. May transfer value. We can also say that blockchain technology is a decentralized network where all the records are engraved in a distributed way and shared in several devices spread throughout the world. The records are …
Blockchain / June 21, 2020
Blockchains Are an Excellent Solution for Privacy, Part 1
Several data violations, like the Cambridge Analytica scandal, have brought forth questions regarding how companies and governments should deal with the data entrusted to them, and they have also increased the search for the development of new technologies to preserve the privacy of companies and users. Consequently, countries and regulators have rushed to set new compliance requirements to deal with user privacy and data collection — like the General Data Protection Regulation in Europe or the General Data Protection Law in Brazil, to name a couple. Parallel to that, there has been a new trend to seek new technologies like …
Blockchain / June 20, 2020
This Is Our Last Chance to Protect Our Privacy Amid the COVID-19 Crisis
As the coronavirus continues to spread a total lockdown across the world, governments are creating the foundations for a new society of total surveillance. Can we stop the global pandemic without sacrificing our freedom? I believe we can, but the technology we deploy today should preserve privacy, not destroy our liberties due to global panic. Suspending fundamental rights during a crisis may seem comforting, but historically, the declaration of a state of emergency without end leads to new forms of fascism. Yet, from the Chinese censorship of doctors during its COVID-19 outbreak to the absurd lack of preparedness for a …
Blockchain / March 26, 2020
The Need to Report Carbon Emissions Amid the Coronavirus Pandemic
JPMorgan Chase, the first American bank to create and successfully test a digital coin representing a fiat currency, also provided the most fossil fuel financing out of any bank in the world, according to a 2019 report titled “Banking on Climate Change.” The bank recently joined a chorus of other financial institutions and endowments that have declared that they will, going forward, be reluctant to provide funding to the fossil fuel industry — which energizes emerging digital technologies and companies — in order to mitigate the effects of climate change. In a hard-hitting report released to clients on the same …
Blockchain / March 30, 2020