To battle hackers, IBM wants to encrypt the world
There are only two types of companies, it is commonly said: those that have been hacked, and those that just don’t know it yet.
IBM, the computing giant, wants to get rid of both. The company said Monday that it has achieved a breakthrough in security technology that will allow every business from banks to retailers to travel-booking companies to encrypt their customer data on a massive scale — turning most if not all of their digital information into gibberish that is illegible to thieves with its new mainframe.
“The last generation of mainframes did encryption very well and very fast, but not in bulk,” said Ross Mauri, general manager of IBM’s mainframe business. Mauri estimates that only 4 percent of data stolen since 2013 was ever encrypted.
As the number of data breaches affecting U.S. entities steadily grows — resulting in the leakage every year of millions of people’s personal information — IBM argues that universal encryption could be the answer to what has become an epidemic of hacking.
The key, according to IBM officials, is an update to the computer chips driving the powerful mainframe servers that house corporate or institutional information and process millions of transactions a day worldwide, from ATM withdrawals to credit card payments to flight reservations.
Cryptography, the science of turning legible information into coded gobbledygook, is already commonly used among certain email providers and storage services. But because of the enormous computational power needed to quickly encrypt and decrypt information as it passes from one entity to another, many businesses use encryption only selectively if at all. A December report by the security firm Sophos found that while 3 out of 4 organizations routinely encrypt customer data or billing information, far more do not encrypt their intellectual property or HR records. Sixty percent of organizations also leave work files created by employees unencrypted, the study found.
But the same technology could frustrate law enforcement, which in recent years has waged a furious battle with Silicon Valley over encryption technology and how extensively it should be used.
In a high-profile dispute last year with Apple, the Justice Department argued that the company should help officials break into an encrypted iPhone used by one of the San Bernardino shooters. Apple refused, saying that developing tools to break encryption would undermine its customers’ security, particularly if the tools were to fall into the wrong hands. Apple’s concern is not theoretical: This year’s WannaCry ransomware attack, which held thousands of PCs hostage, has been linked to a Windows vulnerability that was secretly discovered and exploited by the National Security Agency long before it leaked into the wild.