Microsoft To Provide New Encryption Algorithm For the Healthcare Sector

An anonymous reader writes: The healthcare sector gets a hand from Microsoft, who will release a new encryption algorithm which will allow developers to handle genomic data in encrypted format, without the need of decryption, and by doing so, minimizing security risks. The new algorithm is dubbed SEAL (Simple Encrypted Arithmetic Library) and is based on homomorphic encryption, which allows mathematical operations to be run on encrypted data, yielding the same results as if it would run on the cleartext version. Microsoft will create a new tool and offer it as a free download. They've also published the theoretical research. For now, the algorithm can handle only genomic data.

Don't Use This!

It is based on homophobic encryption!

Re:Don't Use This!

[slazzy]

Okay, that was funny. Where are my mod points when I need them?

Re:Don't Use This!

[U2xhc2hkb3QgU3Vja3M]

You read it wrong. What it does mean, however, is that it's going to turn your data gay.

Not that there's anything wrong with that. /Seinfeld

Re:Don't Use This!

I think you meant homeopathic encryption.

Re:Don't Use This!

[alva_edison]

I think you meant homeopathic encryption.

Is that where you keep replacing a random half of the data with zeroes until you get the desired concentration? You need to remember to spike the data with a jolt of energy to make sure that the zeroes remember what the data was. Then you can use the data safely.

Re:Don't Use This!

your modpoints are homomorphically encrypted by Micro soft

Re:Don't Use This!

[davester666]

Ah, ROT26. That's what Microsoft uses everywhere.

Re:Don't Use This!

SEAL is a typo.

It's missing a "T" between the "S" and the "E".

Which is an accurate assessment concerning most things Micro$oft...

Re: Don't Use This!

"Free".?
It is locjed to closed sorce Windiws which you can get only by paying MS.

Re:Don't Use This!

[beastofburdon]

It's spelled Micro$oft!

Doesn't anyone here know how to spell?

Initial Thought

[Archangel+Michael]

My initial thought was that if Math can be performed that produces the same results Encrypted vs Unencrypted, is that it isn't very well encrypted. My understanding is that the better encryption techniques approaches what looks like static (randomness).

Mind you, I am not an encryption expert by a very very long shot.

Re:Initial Thought

[CaptainJeff]

Your initial thoughts are wrong.

This is a type of encryption algorithm known as homomorphic encryption, which allows one to do operate on encrypted data without decrypting it.

This has no bearing on the strength of the encryption against an adversary.

Re:Initial Thought

[tlhIngan]

My initial thought was that if Math can be performed that produces the same results Encrypted vs Unencrypted, is that it isn't very well encrypted. My understanding is that the better encryption techniques approaches what looks like static (randomness).

It's strong. Very strong.

Problem is, there's a tradeoff in time/speed and operations you can do. There are general algorithms that let you do a wide variety of operations, but they are very slow - on the order of a million times slower than unencrypted.

Faster algorithms usually restrict the operations you can do. on the data, and performance is almost equal that of unencrypted.

Note that you don't simply say "I want to add these two numbers" , encrypt them, then just do a simple add - no, the operation after encryption may be a multiplication, or other operation.

And this is actually very useful - because it lets you store critical data in the cloud, and perform manipulations of that data in the cloud, without the cloud provider having to have the encryption key. If the data is stolen, the hacker gets encrypted garbage.

So the current operation is database - you put up an encrypted data in the cloud, and the cloud provider runs an encrypted database service. You can perform limited queries, and the cloud provider will return you the encrypted rows as encrypted blobs to you. You use the key (kept onsite for security), and marvel that you just did a transaction in the cloud, the cloud provider executed the operation, and you got back the rows that you wanted, and at no time other than on your PC was it ever in plaintext.

You could be more fancy - say you want to add up a column - you tell the database server to add it up (encrypted), and the final result is sent back, as encrypted data. You use your key and get your answer.

That's the primary use case for this sort of encryption. Do it right and even in house database can be completely encrypted. So stuff like health information and banking records will never be in plain text until you need it so breaches won't be as harmful.

Re:Initial Thought

How do you figure?

If I add two values, and I know the domain of both values... then I... ooooohhhhh, ya never mind, I still have no idea what the two values were, even if I know what they add up too.

I'd still wonder whether this type of encryption which specifically allows for mathematical operations would be weaker than encryption algorythms that don't, but I clearly don't have the correct brain cell arrangements to do that analysis at this time. More learning required.

Very cool though.

Re:Initial Thought

>If I add two values, and I know the domain of both values... then I... ooooohhhhh, ya never mind, I still have no idea what the two values were, even if I know what they add up too.

You do when you also know their difference.

Or how about applying the identity function to them?

Re:Initial Thought

[Archangel+Michael]

Homomorphic encryption is a form of encryption that allows computations to be carried out on ciphertext, thus generating an encrypted result which, when decrypted, matches the result of operations performed on the plaintext.

So the results are "encrypted". Interesting idea.

Re:Initial Thought

[ADRA]

I guess the point being, if you can operate on encrypted data in the completely same way as if you had the original, what is privacy is advanced through the encryption? It sounds like a second level redirect to encode the sequences to begin with. We know why its being promoted. Having 'no personally identifiable information' sent to and from groups would allow for privacy laws to be bypassed in the name of science. I don't specifically have an axe to grind in that matter, but can you really say the data isn't personal if in fact you can derive the exact same results from the samples?

Here's one possible application of said system (corrections welcome, I just thought it out while writing).

Joe the criminal is born sometime after mandatory child DNA screening (already in place in the US). His DNA was sequenced and encrypted for scientific study by ABC pharma-labs. ABC then stores a copy of the data for 'any use' because the encryptedDNA isn't 'private'. ABC pharma-labs also contracts their services to police departments who want to know if any of their criminal DNA samples 'ping' a known person.

Joe commits a crime and leaves DNA all over the place. The police give the sample to ABC pharma-labs. They run the sample and discover that the NNSGRC patient ref. #123456 was the perpetrator of the crime by running a battery of comparison tests (more likely running test results against a batch of prior run sequence hashes). This is probably super time consuming and expensive for now, but it'll only get cheaper. Finding the sample that is the closest match to the crime DNA, the police subpoena NNSGRC with a warrant to tie the ref. number with Joe-the-criminal's name. NNSGRC or whomever is in control of their secrecy -may- dispute the subpoena and in all likelyhood this will be settled with a supreme court ruling that will either say this scenario is either 100% legal, or pseudo-encrypted DNA is still private and as such there's literally no point to encrypt the information at all.

Assuming the court says its legal, you now have a national criminal database without passing a single new law. The end.

Re:Initial Thought

[ADRA]

PS: Here's an interesting article on the topic a few years old:
http://www.newsweek.com/2014/0...

Re:Initial Thought

How do you figure?

If I add two values, and I know the domain of both values...

You've got to realize that the operation that you're doing on the encrypted values is not the same as the corresponding operation on the unencrypted values.

For example, if E is the encryption function, then E(a + b) is not performed by calculating E(a) + E(b). Instead, there's a special "EAdd" binary function you need to call to perform addition on the encrypted values -- in other words: E(a + b) = EAdd(E(a), E(b)). The "EAdd" function may be significantly more complicated than simple addition is.

Re:Initial Thought

[cfalcon]

You fundamentally don't understand homomorphic encryption.

The results you get are encrypted results. You can't fish with them.

In your example, ABC runs the tests, and gets encrypted results. These are useful only to the person who has the key to understand Joe's DNA in the first place.

What this allows is the people who process data to not always have to be the same people who have the data. So if you build a server that does really hard math on DNA results, you can be given the encrypted data, perform your math on the encrypted data, and hand back the encrypted result. You never understand the data.

Re:Initial Thought

[slew]

Your initial thoughts are wrong.
This is a type of encryption algorithm known as homomorphic encryption, which allows one to do operate on encrypted data without decrypting it.
This has no bearing on the strength of the encryption against an adversary.

Practical homomorphic encryption (like this MSFT product) is based on simplified encryption (to make it more practical, duh). AFAIKT in this case the MSFT product is based on a derivative YASHE (yet another somewhat homomorphic encryption) scheme. This is a bit more like steganography than pure encryption as it "hides" the encryption in a ring and requires lattice theory to generate a unique decryption (meaning you can only perform a few addition/multiplication operations before you have to re-decrypt, re-encrypt). Although theoretically, you can make this encryption "strong" by selecting different parameters (and introducing more overhead and lower error bounds), at some point there is a fundamental limit related to the entropy of the data set itself (which for medical-like data is pretty low entropy).

And then there is the (in)famous sum-product puzzle, which although is kind of an interesting puzzle in that in illustrates how seemingly impossible obfuscation can be removed by the most innocuous oracle queries.

What will break this type of encryption is not brute force, but say on medical data examining distributional anomalies to make a dictionary of sorts. Also since this appears to be some sort of "ECB-like" encryption (most data is encrypted the same way so you can operate on it), we all know how weak that can be in some situations...

This is why in most medical research, data must be de-identified, not merely encrypted. Not that fixes things by a long shot, but it's better than simply encrypting and hoping...

Re:Initial Thought

[cfalcon]

I don't think you need the quotes there.

Also, if Microsoft is really on the ball here, they have the ability to be first to market in a niche that could really use this. This is innovative and arguably somewhat charitable

Re: Initial Thought

BlackBerry already has a foot in the door in the Health market with various acquisitions and some of their encryption patents are up in the near future. So that is involuntary charity :p

Re:Initial Thought

[pipedwho]

But, if it's millions of times slower, then you'd need a cloud provider with a million CPUs to do the same work you could do on your desktop with 1 CPU.

Re:Initial Thought

Or, more importantly, you can take your encrypted data and smash out the results on AWS infrastructure that you've rented and retrieve the results without ever having compromised the privacy of the individual to whom the data belongs.

Re:Initial Thought

long EAdd(long enc_A, long enc_B)
{
      long dec_A = Decrypt(enc_A);
      long dec_B = Decrypt(enc_B);
      return Encrypt(dec_A + dec_B);
}
It technically decrypts the data, but that's invisible to the user, so it's okay.

Re:Initial Thought

[NotInHere]

But its the cloud!

Re:Initial Thought

[TheRaven64]

And that's why no one is deploying general homomorphic encryption. There are a few approaches that run almost as fast as doing the unencrypted work, but only support a very limited set of operations and have space requirements that scale linearly (or worse) with the number of operations that you want to support. If it's targeted at a specific application then it's conceivable that they've managed to create something that's fast, but only useful for a very specific use case.

Re: Initial Thought

[IBME]

This is defacto why encryption goes hand in hand with privacy. Isn't math beautiful.

Re:Initial Thought

I guess the point being, if you can operate on encrypted data in the completely same way as if you had the original, what is privacy is advanced through the encryption?

Being able to operate on the data doesn't mean you can see the value. You can do E(a) + E(b) = E(c) - you only get to see the encrypted data at any point and if implemented correctly it means the server doesn't have to know what is being processed or the result (theoretically it is a way to maintain security by separating the server from the raw data.) Is this likely happening in practice? Of course not - it's Microsoft so it is a closed-source black box nobody can see inside of riddled with backdoors mandated by the government written by outsourced Indian contractors without the aptitude to see beyond the function they are writing at the moment. In terms of security it ranks A+ for theoretical and F- for practical.

Re: Initial Thought

Actually no. Decrypting the data requires the key. The point of homomorphic encryption is that an untrusted process can perform EAdd() without the key, then return the result, which is still encrypted.

SEAL...

Super Easy Access Leak.

Re:SEAL...

[cfalcon]

I sorta doubt that but maybe. Either way, it's not for you to mount your drive with. AES Twofish Serpent in LUKS or Veracrypt should be used for that.

Re:SEAL...

I don't think this move is about Windows 10. Windows 10 sucks. A way to move data to processing without having to necessarily store data and processor together is a huge help to some industries.

encrytped

[xxxJonBoyxxx]

>> encrytped

Someone, please buy the Dice interns a spellchecker for Christmas this year.

Re:encrytped

[BarbaraHudson]

>> encrytped

Someone, please buy the Dice interns a spellchecker for Christmas this year.

They also need a grammar checker:

to be ran on encrytped data

Re:encrytped

How about giving them a right good kick up the arse? It may or may not solve the problem, but I for one would find it quite therapeutic.

Re:encrytped

[cfalcon]

"to be ran on encrypted data" seems like solid grammar to me. Imperfect tense, right?

Re:encrytped

[BarbaraHudson]

"to be ran on encrypted data" seems like solid grammar to me. Imperfect tense, right?

"which allows mathematical operations to be ran on encrytped data" is not proper grammar. "ran" is past tense only. "to be" is future. It should be "to be run on encrypted data."

Re:encrytped

[cfalcon]

Ran in the indicative is past tense.
Ran in the subjunctive is imperfect tense.

Since this referring to a possible future execution of the program being discussed, "ran" seems to fit perfectly as subjunctive imperfect.

Re:encrytped

[BarbaraHudson]

Ever seen it used that way? Seriously?

Re:encrytped

Both of those usages are active voice ("it ran", "if it ran".) In the passive voice, the participle is always "run".

Re: encrytped

It's perfectly acceptable usage in the west of Scotland.

Re: encrytped

[daveime]

It's perfectly acceptable to fry a bloody Mars Bar in the west of Scotland.

Re:Priorities, people!

[U2xhc2hkb3QgU3Vja3M]

And what are we, as non-military individuals living elsewhere than France, supposed to do about it?

I'm curious,

[olsmeister]

What types of mathematical operations are done on genomic data? I know nothing about it, but it doesn't seem like that's the kind of data you'd be performing mathematical operations on.

Re:I'm curious,

Given two sets of genomes A and B, one from a population that has disease X and one from a population that does not:

Is there any substring of the genome that occurs frequently in set A and rarely/never in B? If yes, that is a possible genetic cause for the disease.

Is there any substring of the genome that occurs frequently in set B and rarely/never in A? If yes, that is a possible genetic cause for resistance to the disease.

If you find multiple such substrings that are possible causes or resistances, now you might want to do cross-comparisons: If someone has gene P and Q, what are the odds that they are in A versus B? What if they have Q and don't have R or S? You can get arbitrarily complicated here -- there are a huge number of genes that are thought to affect your odds of getting cancer, for example...

Re:I'm curious,

[AHuxley]

Think back to the PRISM https://en.wikipedia.org/wiki/... idea of advanced, gov friendly US cryptography.
The system will keep out random hospital workers, secretaries, dr's, nurses, visitors, 3rd party developers and will pass any state, federal, out side 3rd party tests that the data is totally secure after and during networking.
So the "genomic data" will be safe until the government copies it in a readable form for law enforcement needs. Law enforcement always has a warrant so access is always allowed as a design consideration.
What was once a gov only trap door or back door is now been rolled out in public for profit.

Re:I'm curious,

Given that this ONLY works with genomic data, this is pretty much the only command they have?

Looking for encrypted strings sounds much easier than adding unknown numbers together. Simply encrypt and look for it, or compare sets then unencrypt the matches, etc.

Not like you multiply or something. Substring was the only thing I could think of too with the same Question as parent.

They did say it was a SIMPLE library!

Re:I'm curious,

[rtb61]

Of course you can create all the illusion of security you want but when you have an operating system with a built in keylogger (M$ Windows 10) then all the security is wasted unless you encrypt it prior to entry into those operating system or any functioning, goal or target typed in by the user at their terminal unless they themselves personally are encrypted. So M$, let's punch holes all over our OS to sell advertising and people's private data and then 'er' 'um' security yes, M$ are all about security. Yeah fucking right M$ is all about security just not the end users.

Re:I'm curious,

If these operations were allowed, you could easily check whether the encrypted data A belongs to person X, without even having to break the weak encryption they're using.

Re:Priorities, people!

[xxxJonBoyxxx]

>> worst terrorist attack in French history

French history is LONG. Check out the Rhineland Massacres, the Albigensian Crusade, and maybe the Carolingian Succession for starters.

Re:Priorities, people!

[FlyHelicopters]

Wave your arms in the air, scream and shout and run in circles?

Re:Priorities, people!

Because /. is not a French system. It is international and as an international system with the motto of "News for Nerds" the attack a few days ago is A) not high on the list and B) old news.

Now, if France was under attack from self replicating nanites turning the country into gray goo then it would get more than a days worth of news as it would be both tech related and threatening more than just the people of one country ;P

A difference without a distinction?

If you can analyze encrypted data and get the same result as with unencrypted data, then I fail utterly to understand the difference.

Me: No, you may not rummage about in my unencrypted genome to see if my children will have six fingers.
Them: Through the magic of homomorphic encryption, we can do so without decrypting it. Neener neener.
Me: WTF?!

Re:A difference without a distinction?

[wonkey_monkey]

then I fail utterly to understand

Yes, yes you do.

Re:Priorities, people!

[prefec2]

What shall we do? Stop talking? Hello? The best thing is to go on with your life and tell the haters that you don't care. And by the way it is very interesting to do what MS claims to have done. If you want to do cloud computing you must be able to do similar things to data and code.

Re:Priorities, people!

Ah, the priorities troll. It's like deja vu all over again. God bless, old friend.

Re:Priorities, people!

[ColdWetDog]

When in trouble,
Or in doubt,
Run in circles,
Scream and shout.

-- Heinlein

Caution!

[eclectro]

You know what this could lead to?! A mandatory Windows(TM) license for every human on earth!

Relevant stuff to ponder individually.

The healthcare sector gets a hand from Microsoft

Here is the health care sector that "Microsoft is helping to encrypt the data for". Emphasis on Microsoft is helping because that is the onus of this ad.

http://www.breitbart.com/big-government/2015/11/05/another-obamacare-co-op-shuts-amassing-50-percent-failure-rate/

Here was the story in 2014.

http://research.microsoft.com/apps/pubs/default.aspx?id=219979

Private Computation on Encrypted Genomic Data

Kristin Lauter, Adriana Lopez-Alt, and Michael Naehrig
June 2014
Abstract

A number of databases around the world currently host a wealth of genomic data that is invaluable to researchers conducting a variety of genomic studies. However, patients who volunteer their genomic data run the risk of privacy invasion. In this work, we give a cryptographic solution to this problem: to maintain patient privacy, we propose encrypting all genomic data in the database. To allow meaningful computation on the encrypted data, we propose using a homomorphic encryption scheme.

Specifically, we take basic genomic algorithms which are commonly used in genetic association studies and show how they can be made to work on encrypted genotype and phenotype data. In particular, we consider the Pearson Goodness-of-Fit test, the D' and r^2-measures of linkage disequilibrium, the Estimation Maximization (EM) algorithm for haplotyping, and the Cochran-Armitage Test for Trend. We also provide performance numbers for running these algorithms on encrypted data.
Details
Publication type TechReport
Number MSR-TR-2014-93

Consider this too.
https://en.wikipedia.org/wiki/Svalbard_Global_Seed_Vault

Primary funding for the Trust comes from such organisations as the Bill & Melinda Gates Foundation and from various governments worldwide.

[Now consider why does Microsoft spy on the planet with Windows]

Re:Priorities, people!

[U2xhc2hkb3QgU3Vja3M]

Couldn't we lie down or put a paper bag over our head or something?

Is the operation Authentic?

[mx+b]

Continuing the fine tradition of not RTFA around here, I didn't read the research paper but I did skim wikipedia's entry.

Nowhere do I see any mention of authenticity. This is as important as confidentiality and integrity. I'm not saying there isn't a solution (I'm not a cryptographer) but I wonder if anyone has any insight or links to a solution if it exists.

Here's the scenario. Homomorphic encryption lets us keep the data constantly encrypted, maintaining confidentiality. Ok, that's cool for data breaches, we stay much better protected from loss of confidentiality.

But what if a malicious actor purposely performs an operation on the data? Changing genomic data in this case might mess up diagnoses/research, etc. Future applications could be stuff like medical billing -- if its easy to tack on another bill, even if you don't know previous bills because its encrypted? Is there any mechanism that checks that the operation we perform on the encrypted data was authorized, i.e., that I am a manager allowed to do the operation and I specifically consent to performing the operation? Typical integrity checks wouldn't catch this; integrity is correctness of the data, which means it will only verify the computation was performed correctly and then move on. Authenticity is a different issue.

I would suspect Microsoft Research thought of this. My question is: is there a countermeasure that can be described as part of the algorithm? Or is the countermeasure "be careful with any software that uses this algorithm, make sure it checks authenticity before applying operations!". If the solution is for developers to be careful, I'm not convinced the algorithm made anything better. Many developers do not know cryptography and may assume safety, or may not have the time and resources due to a manager driving a hard deadline; in these cases, "we use MS's algorithm!" can get advertised without any increase in safety (and possibly even a decrease, as some might look to this as a crutch and reason why they can cut corners...).

Re:Is the operation Authentic?

Good question, but remember that the attacker has no way of decrypting the data. If part of the submitted problem data has a known solution, altering it will return an incorrect result. Example: If one of the operations to be performed is calculating a CRC over all inputs, the attacker with very high likelihood will break the CRC calculation when the input data is altered. But the attacker wouldn't even know *if* any of the output bits of the calculation forms a CRC, let alone which ones.

Re:Is the operation Authentic?

This is tied to the problem of data provenance.

When you think about there is no conclusive method to establish the origin of data.

Given the way software and system operate today, you cannot prove that data was produced by a specific user (or process) on a specific machine at a particular time.

All statements about origin of data are assertions.

Encryption relies on the *assumption* that the source data is authentic and is no proof against fraud.

ran

Present tense of run is run.

Re:Priorities, people!

[bloodhawk]

The worst terrorist attack in French history happened a few days ago. Over a hundred are dead in Paris, and the war against ISIS is escalating.Why the fuck are you wasting time reading and posting completely irrelevant shit on Slashdot when supposedly you have better priorities? For the rest of us the world goes on.

Not my data

Let's see, add 0 to this column (of one row), multiply by 1 and return me the result.

Safe from prying eyes of insurance companies that want to know if you are likely to have problem X? Bullshit.

Who has vetted this?

Are we supposed to take MS's word that this algorithm has no significant weaknesses? We all know the worth of MS's word (or Word).

Re: Who has vetted this?

It's open. You can check yourself you giant penis.

Re:Who has vetted this?

At least the library will backup the plain text data to MS' services, naturally for experience improving purposes only.

"SEAL" is already a used name

[Myria]

"SEAL" is the name of a patented cipher from 1994.

Let me introduce you to my new encryption algorithm, Alien Encoding System (AES). Because that won't conflict at all with existing ciphers...

Re:"SEAL" is already a used name

[pipedwho]

I think they need to come up with a better IDEA.

Re:"SEAL" is already a used name

[BenFranske]

Yep, I was going to say the same thing. Cisco has supported SEAL as a VPN crypto algorithm for quite a while. Not only has it been around for a long time but it's actually in commercial software (e.g. Cisco IOS) and has been refined several times (version 3 came out in 1997). Clearly Microsoft didn't do their due diligence on the name...

Distributed work

[fragMasterFlash]

Encrypting data using a homomorphic encryption scheme allows for meaningful computation on the encrypted data producing the results of the computation in encrypted form, without the need for decrypting it or requiring access to the decryption key.

How long until someone comes up with a blockchain scheme that pays out for computational work done on encrypted data sets?

Re:Distributed work

[daveime]

> How long until someone comes up with a blockchain scheme that pays out for computational work done on encrypted data sets?

How long until you stop trying to crowbar your buttcoins into every last use-case you can think of in an effort to prop up your failed investment long enough for you to break even after 2 years?

Breitbart

I saw that your first link was to Breitbart and knew I could safely skip the rest of your comment as it would probably contain huge misunderstandings, paranoia about a AGW climate change conspiracy by SJWs and endorse Trump for president.

Re:Breitbart

Oh sorry you think there is a website where nothing on it at all is correct.

Here dickhead. Are you committed to being a fucking total tool for the rest of your life?

https://encrypted.google.com/#q=obamacare+co+ops+closing

Learn to fucking cross reference.

http://www.nytimes.com/2015/10/26/business/health-care-co-op-closings-narrow-consumers-choices.html?_r=0
http://dailycaller.com/2015/10/15/one-third-of-obamacare-co-ops-are-now-officially-dead/
http://www.fool.com/investing/general/2015/11/15/more-than-half-of-obamacares-co-ops-have-failed-he.aspx
http://www.thefiscaltimes.com/2015/10/28/Nearly-Half-Obamacare-Co-Ops-Are-Closing
http://freebeacon.com/issues/more-than-half-of-obamacare-co-ops-are-closing/
http://dailysignal.com/2015/11/09/after-receiving-71-5-million-in-taxpayer-funded-loans-12th-co-op-closes/
http://www.nationalreview.com/article/425953/obamacare-health-insurance-co-ops-failing
http://www.forbes.com/sites/theapothecary/2015/10/29/why-obamacare-co-ops-are-failing-at-a-rate-of-nearly-50/
http://www.governing.com/topics/health-human-services/gov-obamacare-co-ops-closing.html

dumb fuck.

"NSA Approved"

[LinuxLuver]

Surely it has to be taken as a given that anything from Microsoft is fatally compromised with respect to privacy.

For the healthcare industry eh?

[Zaowulf]

So that means it will start being adopted in about 20 to 30 years, at least 6 months after the government deadline to do so.

NTLM anyone?

Practical homomorphic encryption (like this MSFT product)

Yea we all know how well MSFT does encryption. NTLM anyone? Anyone that pen tests knows how well that all works.

Crazy Idea ???

[lucien86]

Normally I'm always a scientific progressive but something about this idea horrifies me. Doing analysis on data while it still remains encrypted? better hope that nothing goes wrong, better hope that there isn't some hidden unknown variable that develops. Kind of like a magic trick and magic tricks have a habit of going wrong..