What is the role of encryption in data privacy?

Curious about how encryption keeps your data safe? In this must-listen episode of “Talk Tech with Data Dave,” hosts Alexis and Data Dave tackle the burning question: “What is the role of encryption in data privacy?” With a question straight from the top—posed by Preston Gregg, CEO of D3Clarity—Dave dives deep into the world of encryption, demystifying its crucial role in protecting sensitive information.

Join Alexis and Dave as they explore the fascinating evolution of encryption, from ancient sealing wax to today’s cutting-edge digital keys. Discover how modern encryption methods, like HTTPS, safeguard your online communications and why understanding privacy policies is more important than ever. Packed with practical advice and insightful analogies, this episode is a treasure trove of knowledge for anyone interested in the intersection of technology and privacy. Don’t miss out—tune in to learn how encryption is the key to keeping your data secure!

HAVE A QUESTION?
Ask Data Dave about all things data, cloud, or technology.
We'll be happy to answer your question on the podcast.

Click the button or send us an email to: techtalk@d3clarity.com

Published:

July 9, 2024

Duration:

00:20:06

Transcript

Alexis
Welcome to Talk Tech with Data Dave. I am Alexis, your host of this podcast, along with my dear friend, Data Dave, who is here with me today. Hey, Dave. 

Data Dave
Hey Alexis, how are you today? 

Alexis
I’m good. I am excited about the question today as usua. This question came from the big boss, my boss, your partner, Mr. Preston Greg. He suggests the question about encryption and data privacy. So, I’m excited to read it off to you, but as always, I’d like to remind people that you can always submit a question to us at talktech@d3clarity.com, and we would love to answer your question in the podcast. So send us those questions. Because although I have lots, as we’ve discovered, your questions are usually 

So the question from Preston today, what is the role of encryption in data privacy? We’ve got a couple of things there. So, we’ve got encryption which you and I have talked about a little bit before, but I’d love to talk more about that. And obviously data privacy is something we talk about often. So yes, what is the role of encryption in data privacy? Take it away, Dave. 

Data Dave
Okay, encryption and data privacy encryption is actually incredibly valuable to data privacy, certainly at the technical level. So, let’s talk a little bit about both of those.  

Let’s talk about. data privacy first. When we talk about privacy, we’re talking about the restriction of information to only the parties it is intended for. That’s reasonable definition of privacy in this context. So that means that if we’ve got some information and I want to keep it to myself, then I want to keep it private. If I want to give it to you, I want to make sure it gets to you and only you. And you keep it private. 

So now we’re talking about both the construct of communication and the construct of keeping it safe, secure, and not unintentionally public. So, if I want to keep a document private in the physical world, I might put it in a safe and lock it. And there’s a key to that safe. I might put it in a box and lock it. And there’s a key to that box and nobody can look at that except the person who has the key. And that’s a physical key. Or it could be a numeric key, let’s assume it’s a physical key.  

So, the concept of encryption as we get into the electronic space is the electronic box that you put a document in and you lock it and say, “I have the key and that key is who I am, and I can open that box and read that document.  

Alexis
The “electronic box” being my computer. 

Data Dave
Potentially your computer, but just the file that it’s in. Or just the file itself. You can encrypt just the file and then that you know you’ve encrypted just that file, or a set of files or whatever. So the box can be varying sometimes.  

Alexis
Okay. Okay.  

Data Dave
Way back when.  We’d write letters and you’d drop wax on it and seal that wax. And that is essentially encrypting that letter. Is it really keeping it private? Not really. It’s really saying, “We know if it’s been opened cause the seal has been broken.” 

Alexis
Right. 

Data Dave
So, it didn’t stop anybody from necessarily breaking the seal, but it did mean you knew it had been broken and you knew where it came from because the seal had a specific imprint of the person who sealed it.  

So, that is the concept going back of privacy in the sort of physical world. If we want to keep ourselves private, our communications, whenever we close the door, we lock the door. I just closed my door so that nobody could inadvertently hear what we’re saying. And so they keep themselves private as well. The concept of privacy is keeping things to ourselves.  

In the electronics, we use encryption and this encryption idea is the codes and ciphers, if you like, of encrypting, and we’ve all played around with very basic codes and ciphers when we’re kids of doing letter transpositions and saying, “I’m going to write this down, but I’m going to change all the A’s to L’s and rotate everything and so on.” 

Alexis
Right. Classic decoder ring from a cereal box. Definitely did that as a kid, no questions asked. 

Data Dave
Exactly. That is a way of keeping things private. Because only you knew which decoder ring that you used when you wrote that document. That’s the concept there in terms of codes and ciphers.  

When I was in the military when I was in the army, we had to encrypt our own radio communications with burst communications in very early days of digital communications where we had to do it manually. And first of all, we’d encode it. Every word had a code, and then we take those codes and encrypt them by hand.  

Alexis
Oh my goodness. 

Data Dave
With what was what was called a “one-time pad” which had a set of secrets, a set of numbers in it that at a certain time interval, you moved to the next number in the pad, and when you’re done with the page ripped off, throw away and the sequence of managing those numbers was,  “This was used once. It was only used once, only you had it, and only your base had it.” They were matching pairs, so it’s called a shared secret encryption. So, you could communicate we still use a lot. 

Alexis
So, you would encrypt it, and then when it got to them, they had the matching side and that way they could unencrypt so they could understand it. 

Data Dave
That way they could unencrypt and read. It that’s exactly right. 

Alexis
Could you imagine if that’s how we did work now? 

Data Dave
Well, actually it is. It’s just done extremely fast by computers. Instead of doing it like that. 

Alexis
There we go. Yes. 

Data Dave
Right. We still use shared secret keys. Which is, “You’ve got a key. I’ve got a key and we communicate with each other. That’s how we exchange information”.  

Because when we’re talking about privacy, it’s not just about, “If I lock something in a box and don’t let anybody see it.” That’s not really very useful. What I really want to be able to do is send it to you so you can decrypt it. It’s private between us, or it’s private between myself and my bank. Or it’s private in whatever context we want to make it private, so we’re only publishing it intentionally.  

And so, the basic form of encryption is shared secret encryption. There’s lots of algorithms and lots of mathematical constructs and different key lengths and so on that make it harder to crack. As computers have got bigger, the little numbers that we had when we were in the 1980s and 70s and 60s and so on, were very short. And by modern terms, easy to crack when you look at the Enigma machine of the Second World War, and so on – by modern standards, relatively easy to crack.  

Now we’ve got 128 bits, 500 bit, you know, very long numbers that form these keys cause we’ve managed them with computers and then we can do asynchronous keys -or asymmetric keys as well- where… “I have a key and only your key can decrypt it and only things that you encrypt with that key… I can decrypt and you can’t actually decrypt it yourself. 

Alexis
Well, so they’re not the same. It’s just one way? Okay, okay. Did you say it’s asynchronous? 

Data Dave
Asymmetric, yes. 

Alexis
Asymmetric, okay. 

Data Dave
Symmetric keys or shared secret keys. And then asymmetric keys and what we usually term public-private keys. Public, you’ve probably heard that phrase more than asymmetric, but I’m not going to go into the details of how all that works because that’s a set of conversations. 

Alexis
Okay. 

Data Dave
For another day. I think for. 

Alexis
More detailed maybe then for me. 

Data Dave
I’m not going to say that. 

Alexis
Maybe not for this podcast. How about that? 

Data Dave
Because a lot of this is hidden from us now, because we kind of take it for granted a little bit. 

Alexis
Yeah, I think that was what I was implying when I said, “Could you imagine if we worked like that today?” Like, I think I understand that our e-mail is encrypted and if I send you an e-mail, no one besides you can really open it. But I guess I know that on a very high level. I take it for granted. I assume it’s there and I hope for the best. 

Data Dave
Yes, a lot of things are encrypted, so there’s things… like you’ve probably heard the term encrypting data at rest. 

Alexis
I think I’ve heard you say that before. Yes, OK. 

Data Dave
Right. And that is one of the standards where whenever data is stored, it must be encrypted. So, the SOC compliance that we did, that we have, and the HIPAA compliance, requires that all data be encrypted at rest. What that manifests itself to is that we’ve got a corporate policy that all the data on the disks, on our laptops and on any servers, has to be encrypted. 

Alexis
Well, believe me, I know that policy well because it’s my job to enforce it. It’s my job to enforce it on 30+ computers around the world. It’s very difficult. I’m sorry. That’s my rant. Okay, I’m back. 

Data Dave
It’s not that difficult because we created the policy and then we’ve got things that manage it for us, and various other things, but what that means is that all the data on that disk is encrypted. It is mathematically locked down by the user of that computer where that user has the key. You don’t know it. It’s embedded within your identity as Alexis at D3Clarity that you have a key that is a mathematical key that allows you to encrypt and decrypt the data that resides on your disk drive. 

If I was to take that disk drive out of that computer and try and read it in a different computer, I could not do it without your key. 

Alexis
Right. 

Data Dave
And so that is essentially locking that box, but to the using of that computer once you’ve logged on to that computer, that computer is now open and your key is available to that computer such that you can read all that data. That’s the way that that behaves once you’ve logged on, you barely know about it. Right. But there’s also the policy of we must have a screensaver. That’s not so that people can’t see what you’re doing over your shoulder, so much as it means that that disc now has to have its key presented back to it in order for you to use it again. 

Alexis
Right. 

Data Dave
Which is your logon. 

So, now somebody plugs into that computer and doesn’t have your log on. They can’t access it unless it’s something that you’ve permitted to run in the background and things. 

A lot of this comes from the same place, which is that encryption of this data, which is essentially making your computer into that locked box that only you have a window into. 

When it comes to communications, we have to be careful because we have to decrypt that data with our key and then I have to send it to you so that you can read it and then when it goes onto your computer, you have to encrypt it with your key cause now it’s yours. But what happened between you and I? 

Alexis 

It went through one of those tunnels that you told me about that one time. Those tubes that are fuzzy and not clear. I’m remembering things! Look at this! I don’t know what they’re technically called, but it works in my brain. 

Data Dave
Exactly. It went through one of those encrypted sockets or pipes or pseudo pipes if you like, which is what you’re looking for when you see HTTPS in the top of the browser window. 

Alexis
Socket, yes. 

Data Dave
Like my Zoom has HPS on it right now, which means all those packets are encrypted between me and that server. Between my computer and that server.  

Not all data is encrypted as it travels. A lot of e-mail is not encrypted, so be a little bit careful about putting things like credit card information and things like that in emails. Company e-mail is usually fine. But you don’t know when it’s going across the Internet. When it’s going out into the broader world out there from yourself to I don’t know, from our e-mail server to somebody else’s. You don’t know unless you’ve explicitly signed and encrypted that e-mail. Then it could go across the Internet in the clear between some of the bigger e-mail traffic. 

Alexis
That’s something I had never really thought about before. 

Data Dave
Right. And it’s not between you and I because it never goes outside of our domain. 

Alexis
Right. 

Data Dave
But if it’s going from the D3Clarity domain to Gmail. We don’t know what happens between Microsoft and Google. 

Alexis
Right. Or between the D3Clarity domain in a different domain, right? 

Data Dave
Right between the D3Clarity domain and the different domain.  

Now I was intentional on using Gmail because if you happen to have two domains that are managed by Microsoft, they probably encrypt it. But if you’re reaching out beyond that, you don’t know. So be careful. And I’m not saying it’s not. I’m not gonna say it’s not. I’m gonna say you don’t know that it is. 

Alexis
Good advice, yeah. That’s perfect, yes. 

Data Dave
And so, you have to be careful because, in the early days of the Internet, none of this was encrypted. It was all in the clear because when the Internet was first invented a lot of it wasn’t clear. And these threats and so on weren’t there for people spoofing and different things and phishing and all these other things that occur that we deal with everyday. 

Alexis
Right. 

Data Dave
So, we have developed these encryption and these techniques to keep things private, to keep things safe, and keep things authenticated, shall we say? 

Alexis
We’ve been talking about encryption and privacy as kind of like the two main items, but what is the difference, if any, between encryption and privacy in general and encryption and specifically data privacy? Like what? Is there a specific role that encryption plays when it comes to data privacy, not just privacy in general? 

Data Dave
They’re subsets of each other, right? So, data privacy and your privacy. If we talk about your identity for a minute, encryption is a technology more than anything else. It’s a mathematical approach, and it’s technology.  

Privacy is an ethical construct. If you think about it that way, we use encryption to protect our privacy. We don’t have to protect our privacy. We like people to protect our privacy on our behalf. 

Alexis
Yes. 

Data Dave
And you should read people’s privacy policies. People will publish their privacy policy, and as you know, the SOC2 requires us to have data-in-motion encryption and data-at-rest encryption, which is what we’ve just done. Those are policies to protect our privacy, protect our customers privacy, and protect our data. 

The encryption is a technology that supports that. It’s the same as if you were transporting cash. You’d put it in a briefcase and handcuff it to your wrist, right? You’ve seen that in the movies and various places. That’s a policy. And the briefcase is the technology. So the policy is that it’s going to go into a locked briefcase, and only people at the ends have the technology to open the briefcase.  

If we think about nuclear launch codes and requiring the two keys to be turned at the same time. And the right buttons being pressed, that is policy, and the fact that there are two keys is technology.  

It’s the same kind of thing when we deal with organizations, we should be reading their privacy policy, which is how are they going to behave as it pertains to our privacy and what are they going to publish or sell to third parties. And we should be aware of that. And we should also read their policy in terms of what technology are they going to use to ensure our privacy? 

Alexis
I like what you’re saying there, but my question is, what’s the alternative?  

So if I read the policy and I see that they are… okay, I don’t want to use just the privacy part because if they’re going to sell my information, I’m probably going to be like, “Nope, don’t want to use you.” Although the truth is, people sell my information every day and I really don’t care about it. So that’s a different story, but.  

As far as like what technology like you just said, what am I looking for when I’m looking through a privacy policy? To make sure that my data privacy is being encrypted? To make sure that my privacy is being secured when I’m using this platform? or I’m using this service when I’m using whatever? 

Data Dave
Right. You should be looking for the fact that they’re not going to do anything that you don’t want done with your data. The fact that ownership is a big deal, right?  

Some of the social media sites actually, when you publish a photograph, you no longer own that photograph. So, that means they’ve actually got publication rights to that photograph. So, you need to be careful with some of that and you need to look at who owns the rights to what you’re putting out there and therefore, what are their policies around what they’re going to do with it and how are they going to protect it from unintended access? And what I mean by that is… 

So there’s the policy of the organization, and then there’s the spoofing, phishing, and theft, right. Which is the theft of your identity, which is taking your private information and use it in order to steal from you or from your bank or whatever. And that’s the unintended. That’s not the company’s policy. Now the encryption technologies stepping in to prevent unintended access. 

Alexis
Absolutely. 

Data Dave
We use the technologies to prevent unintended access, which would be, again, the cash being moved in the briefcase. We’re going to use a steel briefcase to move this cash and an armored truck. Right? That’s the technology that says, “Okay, I’m pretty confident because they’re using this technology that my data is going to or my cash is gonna get from here to there without being interfered with by people. Bad actors that I don’t want to interfere with my cash.” 

Alexis
And encryption is just the mathematical technology version of that, right? 

Data Dave
Exactly. Encryption is the mathematical technology version of that which is my data is locked in this briefcase in this box, so that when I put it on my disk it sits there so nobody can steal it. Nobody can take it off my desk. And if they did, they’d only get the box. They wouldn’t get the document. Same as your safe in your house that has your passport in it when you’re not using it. And then if you take it to somewhere else, you take that, you make sure there are policies around that and then take it somewhere, put it in a briefcase that’s locked, and lock your wrist, whatever it is, and then take it to the bank and put it in another safe box. 

Alexis
Right. 

Data Dave
The usage of that technology is policy. 

Alexis
The original question what is the role of encryption in data privacy? Again, I think the answer to that is whole lot of stuff, but it’s obviously security. That’s a huge aspect of it. Any other quick,  “How would you answer that question in three words if you could, maybe not 3 words in 30 words,” if you could? 

Data Dave
Encryption is used tremendously in data privacy, but it is the technology of protection that can be used in conjunction with policy to protect privacy. 

Alexis
That was the perfect wrap up. That’s what I wanted to hear.  

Thank you so much for answering that question. Thank you, Preston, for offering that question. I think that was a good one for us to chat about. For those of you out there listening, if you have a question for Data Dave, as always, you can e-mail us at talktech@d3clarity.com or submit question right on the D3Clarity website. We’d love to answer listener questions on the podcast. Otherwise, Dave, thank you so much for meeting with me today. I appreciate it. 

Data Dave
You’re very welcome, Alexis. Thank you very much. And again to everybody. Please submit some questions. 

Ask Data Dave!

Listener questions are the best.
Ask Data Dave any question you have about all things data, all things cloud, or all things technology.
We'll be happy to answer your question on the podcast.

We will never sell, share or misuse your personal information.

Let's Talk.

An expert, not a sales person, will contact you quickly.
Usually in less than 20 minutes during business hours.

We will never sell, share or misuse your personal information.

Schedule a free meeting with an Expert.