Government rumblings and a HIPAA scandal have pushed themselves to the forefront of our encryption discussion this week. As we review the 2015 terrorist-linked San Bernardino shootings, former FBI administrator Jim Baker speaks out as to why law enforcement should be allowed access into phones and personal encrypted technology. In China, amidst a flourishing of state-run encryption research, 80% of surveyed citizens report being involved in a data breach. And, if you’ve ever worked with personal medical information, you’ve signed a HIPAA waiver, but what happens when those who comply with HIPAA fail to comply with encryption? Dig in to the encryption stories that are shaping our world today.
Transcript: Jim Baker | The Oath with Chuck Rosenberg
Former general counsel of the FBI, Jim Baker oversaw the FISA (Foreign Intelligence Surveillance Act) division at the Department of Justice and had a leading role in the investigation of the 2015 terrorist-linked San Bernardino, CA shootings.
During the 2015 case, leads had come to a standstill as all investigators were staring blankly at a locked iPhone with no way in. Tips had led them to find reason to search the phone for any communication prior to the shootings, and FBI agents had obtained a proper warrant. However, in light of the locked phone they were unable to go any further and so took their quandary to Apple who resisted the warrant.
Find out how the FBI bypassed Apple’s encryption and how that sets a precedent for future investigations – or doesn’t. Read the full article.
HIPAA Breach Settles for $1M in First Settlement Involving State Attorneys General
The sensitive medical data of over 3.5 million people was recently compromised in a breach that service provider Medical Informatics Engineering, Inc. (MIE) didn’t do enough to prevent.
An Office for Civil Rights (OCR) investigation revealed that a mandatory comprehensive risk analysis had not been done prior to the attack. Remediation was well timed, as a related data breach had occurred within the company, spurring the first lawsuit of its kind based on a HIPAA violation. In addition to nearly a million dollars in payouts, MIE will be required to implement a security package that can spot a cybersecurity attack and will now “install technology to prevent data exfiltration.”
One of five implicating factors brought up by state attorneys in the determination of MIE’s status was that the company charged with the protection of millions of users’ electronic protected health information (ePHI) “failed to use encryption.” Read the full article
A new government-sponsored study reveals trouble in China, when it comes to encryption.
Every province in People’s Republic of China has its own cryptography administration, while the state-run encryption agency falls under the direct purview of the Chines Communist Party General Office. There are differentiating laws on what is now considered “core encryption,” “common encryption” and “commercial encryption”. In the past several years, The National Information Security Standardization Technical Committee has enacted over 300 national cybersecurity standards, and in 2007 another state-run agency was created solely to promote cryptographic research.
That being said, 80% of Chinese survey participants recently reported being victims of a data leak. Chinese journalists purchased black market personal information at reasonable prices and “[n]otably, no major Chinese app utilizes end-to-end encryption.”
Will tech giants and the metastasizing digital transformation be enough to sway the encryption debate in China, or will the stalemate between state and personal privacy continue to allow cybercriminals to access the same backdoors? Read the full article.