Tuesday, 19 June 2007

It just gets better

I received an email last week titled "CONSUMERS DEMAND: Protect Our Personal Information!". At first I went to delete it, anything which goes into my junk mail is normally crap, and if it has capital letters and exclamation marks in it, it is almost certainly sales crap. But something caught my eye about the content as I reached for the delete button, the word "encryption". I'm a sucker for that sort of thing.

The mail started something like this:

"Thought you might be interested in working on a blog post about key management (encryption management). Analysts at Gartner and Forrester agree this is a topic that needs to be discussed more publicly and by tech media."

Now this sounds VERY like a sales pitch to me. Anyone who cites G and F, and says that they agree that it needs to be discussed, blah, blah, blah, basically doesn't understand what they are proposing and is trying to sound knowledgeable by proxy. I know because I've heard it, recently, in my own office.

And er, "key management (encryption management)"? Where do I start on this one? I don't think I have to do I? Key management != encryption management, nor is either a subset of the other, in fact, what the hell is encryption management? Why do you have to manage encryption? Surely if you've managed your keys properly the encryption kind of manages itself?

One more thing, I used to work for Vormetric, and I don’t remember one single case of a consumer demanding to protect their personal information. In fact most of the time it was like looking for a needle in a haystack, and even then we had to convince them to take a look. However, he also just mentioned blogging, and I like blogging.

He continued: "Crypto experts Luther Martin and Gretchen Hellmann are available this week and next to be interviewed on this topic."

Aargh! Experts. Whenever I hear the word I automatically want to pull them to pieces, literally and metaphorically. I hear regularly that “so and so is an expert”, “this guy’s something else”. So, I usually make a call, spend 10 minutes ascertaining what they actually know, then downwardly adjust my opinion of them accordingly. No-one is so amazing that they know everything, but why do those who know the least shout the loudest? (Read my blog!)

But hang on, Hellman… yes, Gretchen Hellman is daughter of Martin, one half of Diffie-Hellman (the Hellman half!). Although I bet she doesn't like to be reminded of it at every possible opportunity, but OK, now I’m double interested.

So, I look up their names (Martin and Hellman), and find they are working at Voltage, co-founded by Dr. Dan Boneh, late of RSA. They have a pretty good looking key management system and some (ooh!) data security solutions. Good, things are looking chewy for a discussion.

After my post of last week about meeting my security heroes and having 5 minutes with them all, I think maybe I'm getting closer to a few more...

I'm speaking to Gretchen on Thursday, and I'll let you know how it goes.

No comments: