« More about art, technology, and experience | Main | Visit to the 9/11 Memorial Museum »
Thursday
Dec182014

Lessons from Sony

The Sony hacking blow-up — with all of its aftershocks — surely has a lot to teach us. And it will be interesting to watch how various strains of corporate America — as well as non-corporate citizens — modify their habits in response.
 
I run a startup called Tunnel X that offers, for free, secure, private online conversation. Tunnel X takes a number of measures to help ensure that your online conversations aren’t read by anyone other than the person you intend.
 
I talk to people all the time about what we do — friends, industry people, fellow cocktail partiers — and overwhelmingly the response is, “that’s cool. But I don’t need that. I’m not a drug dealer or a terrorist or a cheater. Who cares what I’m saying?”  Well, I doubt many people at Sony, if any, anticipated what happened. Regular email and regular texting — not to mention social apps like Facebook and Snapchat — are simply not secure. Even if you are not being individually targeted, your account could be in a large group that get hacked and released to the public. How would you feel about every email, every text, you have written and received going out to the public domain? (Gizmodo has a good take on that here.)
 
Practices will have to change. I predict that by the end of 2015, things will look different. Security will be better (there will still be weaknesses, but security will improve). Encryption will be more widely implemented. And people will be more careful about what they send over the Net. I think people should be able to have a private conversation online. That’s why we created Tunnel X. 
 
How is Tunnel X different from, say, corporate email? (And of course this is a broad comparison — different companies have different policies and practices, and I don’t pretend to know how Sony operate their IT.) 
 
First, our focus is on security. Access to our servers is conscientiously protected. You might think, well, Sony is a big, resourceful company with an IT department — aren’t they protected, too? The answer is, you would think so. But we have seen again and again, at many companies, including Adobe, a software company, that security lapses are commonplace.
 
Second, all the messages stored on our servers, waiting for people to read them, are very well protected with state-of-the-art, 256-bit encryption. This is relevant to the Sony incident because the hacker team broke in and didn’t just intercept some messages coming through. They grabbed a huge number of stored messages. If someone manages to break in and steal all of our messages, they still won’t be able to read them. 
 
Third, access to individual accounts is notoriously easy for hackers to obtain. Even many of the secure messaging apps use basic username/password authentication. At Tunnel X, we use a long, 256-bit key to sign you in. On our web site, this is derived from a digital photo that you can recognize and keep safe on your computer plus a 6-digit PIN (on mobile we generate the image file for you and keep it in the app on your phone).
 
Lastly, Let’s remember the context in which you read and write messages. Your inbox sits on your computer screen most of the day. We read our texts waiting in line to order a sandwich and sitting in a conference room. Taking our more sensitive conversations out of the promiscuous stream of email and texts is a good move.

 

PrintView Printer Friendly Version

EmailEmail Article to Friend

References (21)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Inspired Silver
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Jared Londry
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Jeff Halevy
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Corey Park
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Corey Park
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Eric Gonchar
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Eric Gonchar
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Eric Gonchar
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Buy Eczema Cream
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Kion Kashefi
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Amir Hasan Mojiri
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Namita Chittoria
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Amir Hasan Mojiri
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: Www.Feedage.Com
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony
  • Response
    Response: meez coin hack
    Eric Liftin - MESH Architectures - Mesh Blog - Lessons from Sony

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>