Please help me with the following essay. The questions are: Is using an encrypti
ID: 3631178 • Letter: P
Question
Please help me with the following essay.The questions are:
Is using an encryption system like PGP a good idea for individuals? why? what about for organizations? again, why?
-----------------------------------
Essay expectations:
Use information from the modular background readings as well as any good quality resource you can find. Please cite all sources and provide a reference list at the end of your paper.
The following items will be assessed in particular:
1. Your ability to consolidate ideas from reading materials
2. Some in-text references to modular background readings.
----------------------------------------------------
Essay Readings:
There's a program out there called Pretty Good Privacy (PGP), that provides personal encryption capabilities essentially equal to those available to almost all governments and capable of ensuring information privacy against almost if not absolutely all attacks. It has a long and interestingly checkered history, including having been at one time an illegal munition of war. Originating as freeware, it now exists in both free and commercial incarnations.
WikiPedia has an excellent introduction to PGP and its variants (http://en.wikipedia.org/wiki/Pretty_Good_Privacy). You'll also want to look at the discussion and links to some versions of the program on Phil Zimmermann's website (http://philzimmermann.com/EN/findpgp/) and at the GNU Privacy Guard website (http://www.gnupg.org/), which provides a free implementation on the Open Source model.
You may also want to consult some of the material in the background information for further discussion of some of the relevant issues. It sounds like a pretty good idea -- to most people.
But Bruce Schneier has written an article called "Why Cryptography Is Harder Than It Looks" (http://www.schneier.com/essay-037.html), arguing that current encryption systems don't do what they are supposed to do.
Explanation / Answer
Pretty Good Privacy (PGP) is a data encryption and decryption computer program that provides cryptographic privacy and authentication for data communication. PGP is often used for signing, encrypting and decrypting texts, E-mails, files, directories and whole disk partitions to increase the security of e-mail communications. It was created by Phil Zimmermann in 1991. "If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors, oil companies, and other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable military grade public-key cryptographic technology. Until now. PGP empowers people to take their privacy into their own hands. There's a growing social need for it. That's why I wrote it.", Why do we need it? Encryption can provide a means of securing information. As more and more information is stored on computers or communicated via computers, the need to insure that this information is invulnerable to snooping and/or tampering becomes more relevant. Any thoughts with respect to your own personal information (ie. medical records, tax records, credit history, employment history, etc.) may bring to mind an area in which you DO want, need or expect privacy. As teachers, we are often called upon to handle sensitive student information. We need to have access to student records, but maintain the confidentiality of their information.. Encryption is seen by many people as a necessary step for commerce on the internet to succeed. Without confidence that net transactions are secure, people are unwilling to trust a site enough to transact any sort of business using it. Encryption may give consumers the confidence they need to do internet business. Encryption can also provide a means of "message authentication". The PGP User's Guide explains, "The sender's own secret key can be used to encrypt a message thereby signing it. This creates a digital signature of a message...This proves that the sender was the true originator of the message, and that the message has not been subsequently altered by anyone else, because the sender alone possesses the secret key that made that signature." This prevents forgery of that signed message, and prevents the sender from denying the signature. E-mail is certainly not secure. While you may believe that the use of a password makes your business private, you should be aware that sending information without encryption has been likened to sending postcards through the mail. Your message is totally open to interception by anyone along the way. You may believe that your personal e-mail is not incriminating and does not contain content that you must keep secret, and you may be right. But there are many common situations, where users have a legitimate need for security both to protect that information and to insure that information is not tampered with: Consumers placing orders with credit cards via the Internet, journalists protecting their sources, therapists protecting client files, businesses communicating trade secrets to foreign branches, ATM transactions, political dissenters, or whistle-blowers -- all are examples of why encryption may be needed for e-mail or data files, and why it might be necessary to create a secure environment through its use. Although the benefits and advantages of PGP have been clearly presented , individuals should understand that utilizing PGP requires knowledge and expertise on the system . This lessens the efficiency and appropriateness of PGP as a security system for individuals since not everyone has the capacity to understand the commands or protocols that make PGP work . This will require time and effort for learning the language of PGP , which is easily facilitated by organizations Organizations have enough time and resources for one or more of the members of their organizations to learn the codes to make PGP work which will make the system work to their advantage (Schneier , 1997 ) Another thing that makes PGP more suitable for the use of organizations is that it was clearly designed to oversee the security flaws and deficiencies of a large system , analyzing and evaluating the system , the implementation of software and hardware , etc . PGP was meant to oversee a large-scale security system which complicates its structure and dimensions . For these reasons , we realize that PGP is clearly beneficial to organizations as compared to the possible contributions that it might provide for individuals in terms of the commonly much needed e-mail security , and nothing else The paragraph below show you its effectiveness for the indivisual and the company: The software separating the investigators from a potentially invaluable mine of information about the shadowy terrorist group, which destabilized Italy during the 1970s and 1980s and revived its practice of political assassination four years ago after a decade of quiescence, was PGP (Pretty Good Privacy), the Rome daily La Repubblica reported. So far the system has defied all efforts to penetrate it, the paper said. Palm-top devices can only run PGP if they use the Palm OS or Windows CE operating systems, said Phil Zimmermann, who developed the encryption software in the early 1990s. Psion uses its own operating system known as Epoc, but it might still be possible to use PGP as a third party add-on, a spokesperson for the British company said. There is no way that the investigators will succeed in breaking the code with the collaboration of the current manufacturers of PGP, the Palo Alto, California-based PGP, Zimmermann said in a telephone interview. "Does PGP have a back door? The answer is no, it does not," he said. "If the device is running PGP it will not be possible to break it with cryptanalysis alone." Investigators would need to employ alternative techniques, such as looking at the unused area of memory to see if it contained remnants of plain text that existed before encryption, Zimmermann said. Reference: 1.http://www.pcworld.com/article/110841/pgp_encryption_proves_powerful.html 2.http://www.ed.uiuc.edu/wp/privacy/encrypt.html 3.http://en.wikipedia.org/wiki/Pretty_Good_Privacy