Encryption Would Not Have Protected Secret Federal Data, Says DHS

HughPickens.com writes: Sean Gallagher reports at Ars Technica that Dr. Andy Ozment, Assistant Secretary for Cybersecurity in the Department of Homeland Security, told members of the House Oversight and Government Reform Committee that in the case of the recent discovery of an intrusion that gave attackers access to sensitive data on millions of government employees and government contractors, encryption would "not have helped" because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering. Ozment added that because of the lack of multifactor authentication on these systems, the attackers would have been able to use those credentials at will to access systems from within and potentially even from outside the network. "If the adversary has the credentials of a user on the network, they can access data even if it's encrypted just as the users on the network have to access data," said Ozment. "That did occur in this case. Encryption in this instance would not have protected this data."

The fact that Social Security numbers of millions of current and former federal employees were not encrypted was one of few new details emerged about the data breach and House Oversight member Stephen Lynch (D-Mass.) was the one who pulled the SSN encryption answer from the teeth of the panel where others failed. "This is one of those hearings where I think that I will know less coming out of the hearing than I did when I walked in because of the obfuscation and the dancing around we are all doing here. As a matter of fact, I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers as you are in keeping information out of the hands of Congress and federal employees. It's ironic. You are doing a great job stonewalling us, but hackers, not so much."

Re: Apathy

[Anonymous Coward]

Or joy. Google has started blocking portions of SourceForge for Chome users for distributing mamware.

Re: Apathy

[overshoot]

I admit I'm getting old, but is "mamware" a new name for tittypics?

Re:

[bigfinger76]

No, those would be manpages.

Re:

[rstanley]

Is that anything like "Malware"?

If not, what is "Manware"?

Fired?

[sycodon]

I presume they know who's credentials were used.

Have they been fired? Because giving anyone your credentials is like crossing the streams [youtube.com]...it's never done.

Re:

[account_deleted]

Comment removed based on user account deletion

Re: Fired?

[Anonymous Coward]

You forgot: password scribbled on a 2 year old calendar hanging above the monitor.

Re: Fired?

[arglebargle_xiv]

1. Password written on a sticky note placed under the keyboard.

2. Password on a strip of paper taped over on the palm-rest of a laptop.

Perfectly good way to manage your passwords when you're in Burnt Scrotum, New Mexico and your opponent is in Pudong, China.

Re:

[Bartles]

This administration doesn't fire anyone. Haven't you noticed that yet?

Re:

[Charliemopps]

When I worked at AT&T about 15yrs ago, our department was required to have our passwords printed (For easier reading) and hung up in our cubes. People were regularly written up when they changed their passwords and forgot to hang up a new one. The ticketing system they were using didn't allow one employee to see another employees work load so if you were out sick, the only way they could check your stuff was log in as you.

The password I hung up was intentionally wrong. I never called in sick, ever... if

This

[Anonymous Coward]

These days so many people think that encryption is the answer to security. When I read the story the other day and everyone was up in arms over the lack of encryption, my first question was "what impact would encryption have had? Likely very little."

Encryption for data at rest usually protects against physical theft - like backup tapes or a whole computer. Remote exfiltraction is much easier on a running system where the data is intended to be accessed. In those cases, encryption does little to protect data

Re:

[Anonymous Coward]

True, encryption is not the only factor but it is a pretty big one. In this case encryption coupled with a system to limit mass database access without multiple authorizations would have prevented the theft. Encryption would have prevented the attackers from simply copying the entire database off of the physical drive and user limits through the DBMS would have prevented the attackers from copying the records one by one, at least as long as their access was eventually discovered. These BASIC safeguards s

Re:

[Anonymous Coward]

Two-factor authentication only means that in order to access the system you need two components, for example a Debit card and PIN, it doesn't necessarily limit access if you have those two components. Any database manager of such a large repository of private information would be an idiot not to implement some safeguards on top of Two-factor authentication. Red flagging access of more than 500 records in a 12 hour period, foreign IP addresses, access of high value employees (President, Directors, etc). T

Re:This

[bitingduck]

Two-factor authentication only means that in order to access the system you need two components, for example a Debit card and PIN, it doesn't necessarily limit access if you have those two components.

Other parts of the government already use more appropriate forms of two-factor authentication, generally smartcard badge+password, pin+rolling RSA key, or in some cases pin+password+rolling RSA key (not really more secure, and easier to forget pin+password). The badges and RSA keys have to be issued by the agency (and sometimes department) and synchronized-- I have a bag full of them from various agencies and aerospace companies and they're hard to keep track of. The badges are issued as a result of the whole background check process that was compromised and contain a hash of your fingerprints as well (some, though very few, computers have fingerprint readers). If they had implemented any of those, it's likely that the breach wouldn't have occurred. If, as you suggest, they had included access limits or almost any kind of access log checking, they could likely have detected and stopped a breach that was traceable to a forged/stolen credential as well.

Re:

[AgentSmith]

Encryption or not, if I had access to the internal network how long until I had the DB system account credentials? Then I can bypass all the data access rules, or even create database clones and start stripping the logs. The possibilities are numerous. Then feed the data out a bit at a time.

More than likely it's not that nefarious or complicated. Someone did a bit a social engineering and got lucky or planned to get a very close set of credentials. Then physically walked in and grabbed the data. You don't e

Re:

[Charliemopps]

Encryption or not, if I had access to the internal network how long until I had the DB system account credentials? Then I can bypass all the data access rules, or even create database clones and start stripping the logs. The possibilities are numerous. Then feed the data out a bit at a time.

More than likely it's not that nefarious or complicated. Someone did a bit a social engineering and got lucky or planned to get a very close set of credentials. Then physically walked in and grabbed the data. You don't even need the whole database. It's possibly a couple HR or project tables.

tl;dr Encryption wouldn't have stopped this when the crackers had internal access.

But what they are saying is "Encryption wouldn't have helped" which is a lie. It would have helped, it would have made this a lot more difficult. It would still have been possible, just a lot harder.

Re:

[Charliemopps]

Encryption or not, if I had access to the internal network how long until I had the DB system account credentials? Then I can bypass all the data access rules, or even create database clones and start stripping the logs. The possibilities are numerous. Then feed the data out a bit at a time.

More than likely it's not that nefarious or complicated. Someone did a bit a social engineering and got lucky or planned to get a very close set of credentials. Then physically walked in and grabbed the data. You don't even need the whole database. It's possibly a couple HR or project tables.

tl;dr Encryption wouldn't have stopped this when the crackers had internal access.

But what they are saying is "Encryption wouldn't have helped" which is a lie. It would have helped, it would have made this a lot more difficult. It would still have been possible, just a lot harder. Stop furthering the myth that hackers have magic powers. This stuff is preventable.

Re:

[Charliemopps]

Right, encryption would have prevented:
Select * from employee records;

Forcing the attacker to go through a service that decrypted the data first, would have forced them to have to send every row through that service before getting the data. THAT activity would be truly trivial to detect. "Hey, Fred just ran a lookup on every spy we have in Russia... Fred? Hey, Freds on vacation!"

Even more trivial would have be designing the service to only allow 1 request per user per second. This would have almost no affec

2 factor authentication would have.

[Anonymous Coward]

Dear Government. Stop being idiots and use REAL freaking security on your systems.

the lowest bidder is not how you get real security. here at work, even if I give away my password (77Grumpy-Cat88) not even the best hackers in the world can get into the server here because they do not have my second factor authentication.

Instead we get retarded IT security and policies at the government that lets anyone from outside reset a users password if they get that users information and SSN.

All it takes is faking that you are an HR person and suddenly you have all you need to convince the lowest paid drones at the help desk to reset a password and you have the keys to get inside.

Re:

[ERJ]

Two factor and split responsibility for admins: i.e. the nuclear launch methodology.

Encrypt the database and split the keystore password between multiple groups. i.e. group 1 has the first 10 characters, group 2 the next 10, group 3 the last 10. Then you need at least collaboration between the three groups to access the dataset in its entirety. Make the data accessible via a UI that is limited in scope for record retrieval and auditable. Then encryption would have been the answer to their issue.

Re:

[Anonymous Coward]

disclaimer, I work for a government agency..

that being said our classified data is fucking air-gapped. period. no USB connections, No removable HDs, No outside connections at all on that network. Could it be bypassed? yes, but you would need to BE in the building as such we have never had a hacking attempt. this info Should have been air-gapped as well, best security ever.

Re:

[mrlinux11]

Curious how do you use the data, if it is only on one system ?

Re:

[SwashbucklingCowboy]

Air gapped is good - very good. But not full proof.

Re:

[SwashbucklingCowboy]

Don't get cocky kid. In the RSA breach the hackers went after material used in SecurID (RSA's 2FA product). They're going after phones with the 2FA apps on them too.

Yeah 2FA is good security practice and its use will it make it significantly harder to breach a system using legitimate credentials, but the notion that it's full proof (or fool proof) is a myth.

Result of no consequences for decision makers

[schwit1]

An inspector general report last year [breitbart.com] had advised OPM to shut down many of its computer systems because they were running without sufficient security. The agency ignored that recommendation.

In the audit report published November 12, 2014, OIG found that 11 out of 47 computer systems operated by OPM did not have current security authorizations. Furthermore, the affected systems were “amongst the most critical and sensitive applications owned by the agency.” Two of the unauthorized systems are described in the report as “general support systems” which contained over 65 percent of all OPM computer applications. Two other unauthorized systems were owned by Federal Investigative Services, the organization which handles background investigations in connection with government security clearances. OIG warned bluntly, “any weaknesses in the information systems supporting this program office could potentially have national security implications.”

Because of the volume and sensitivity of the information involved, OIG recommended OPM “consider shutting down systems that do not have a current and valid Authorization.” But OPM declined, saying, “We agree that it is important to maintain up-to-date and valid ATOs for all systems but do not believe that this condition rises to the level of a Material Weakness.”

The head of OPM also claimed in recent House hearings that their failure to close these systems down was justified since the hackers were already in the system when the recommendation was made.

In other words, we didn’t do anything to make the system secure, and when hackers broke in it was further justification for not doing anything.

Yeah, let’s put our healthcare under their control also!

Re:

[geggam]

... and you think the private sector is much better... ha ha hahahaahaha

Re:

[Anonymous Coward]

There is no doubt in your mind because you don't even have enough information to form a doubt. It's called the Dunning-Krueger effect. You should educate yourself about civil service rules and how they compare to the complete lack of rules governing who gets hired or promoted in the private sector.

Head-Desk.

[fuzzyfuzzyfungus]

Well. The most charitable possible explanation I can give is that this DHS 'cybersecurity' guy realizes that congress as been getting non-stop "zOMG 'encryption' will cause all the pedophiles and every terrorist to 'go dark' and become impossible to catch; and only by mandating magical Clipper 2.0 backdoors can we possibly save America from this impenetrable code wall!" bullshit from the DHS, FBI, and various other spook flacks for weeks on end at this point(they've pretty much been flipping out about it since Apple first considered making it a default, if not earlier).

Because of that, the primitive herd mind now presumably believes that 'encryption' is a magic data-protection sauce that can be added to any IT system just by swiping at a touchscreen for a minute or two without too much drooling. This will...not...aid their comprehension of what went wrong, or the coherence(if any) of their demands that Something Be Done. So he has the unenviable task of trying to explain that no, actually, 'encryption' is pretty tricky to get right; and needs to be part of an overall system that isn't completely fucked if it's supposed to work, and so on.

Re:

[Anonymous Coward]

You nailed it...

One solution is to reduce the NSA workforce by a large percentage and send them to new jobs PROTECTING federal systems.

Re:

[bitingduck]

No, at least parts of the government require full disk encryption of all laptops, as well as fully encrypted, two-factor auth remote access. NASA implemented full disk encryption in a rush after a similar personnel data set was stolen from an unencrypted laptop in a car in DC.

Re:

[fuzzyfuzzyfungus]

I know that parts of the government do; while the OPM apparently runs on a system so dubiously competent that I'm surprised it experienced enough uptime for the attackers to infiltrate it and then exfiltrate the good stuff. I don't know if they are simply underfunded, enjoy sufficient incompetence to squander adequate funding, or both; but the OPM is clearly a 'just kill it with fire' IT situation at this point. I have no interest in trying to argue otherwise; because it just isn't so.

My attempt was just

Two-factor auth. Buy some cheap Yubikeys

[grub]

The Feds always look for the most expensive option. They'll end up with pricey battery powered hardware tokens when they could look at cheap Yubikeys.

Re:Two-factor auth. Buy some cheap Yubikeys

[nabsltd]

The Feds always look for the most expensive option. They'll end up with pricey battery powered hardware tokens when they could look at cheap Yubikeys.

Every employee of the US government already has two-factor authentication in the form of a smart card. The problem is that there are many programs that don't have the hooks for two-factor authentication built in.

For example, a web app that queries Active Directory almost always asks for username and password, when Windows Authentication can use either username/password or smart card/PIN. This is because smart card/PIN requires trusted code to run on the client computer, and we all know that isn't really possible.

Project administrators held PRC passports!

[C R Johnson]

Total and complete incompetence from the Obama administration where the only qualification that matters is political loyalty.

From the article:

"A consultant who did some work with a company contracted by OPM to manage personnel records for a number of agencies told Ars that he found the Unix systems administrator for the project "was in Argentina and his co-worker was physically located in the [People's Republic of China]. Both had direct access to every row of data in every database: they were root. Another team that worked with these databases had at its head two team members with PRC passports."

Re:

[Curunir_wolf]

It's because consulting firms are unable to find high skilled computer experts in the US, so they must expand the H1-B program to bring in more foreigners to compensate for the lack of competent Americans!

Re:

[budgenator]

It's because consulting firms are unable to find high skilled computer experts in the US, so they must expand the H1-B program to bring in more foreigners to compensate for the lack of competent Americans!

That should be

It's because consulting firms are unwilling to pay competitive wages for highly skilled computer experts in the US, so they must expand the H1-B program to bring in more foreigners to compensate for the lack of competent Americans willing to work for peon wages!

Re:

[bev_tech_rob]

Total and complete incompetence from the Obama administration where the only qualification that matters is political loyalty.

Shut up you freakin' troll! This shit has probably been going on like this for years before Obama (yes even during the Bushy era).

Re:Project administrators held PRC passports!

[Anonymous Coward]

Last I checked, the current administration is the Obama administration. So why shouldn't they take the heat for this? Saying that "Bush did it too!" is pointless; they're long gone and incapable of effecting policy decisions on stuff that happens today.

Re:Project administrators held PRC passports!

[oh_my_080980980]

Really? Because everything resets and starts with the new administration and nothing should have been done in the past? Today's policy decisions are affected by decisions made in the past.

Re:

[physicsphairy]

Technically speaking, the previous elected administration was also the Obama administration. And however outdated the security practices might have been under Bush, they are at least 7 years more outdated today under Obama, which is not an equal failing. Notably, the cyber aspect of national security has become much more pointed in the years that he has been in charge. You can give Obama a pass if you honestly don't think it should have been a priority, but most would consider national security should be

Re:

[Blue Stone]

I wonder if anyone will accuse them of putting American lives in danger and having "blood on their hands"?

Re:

[ThatsNotPudding]

Ah, how I long for the competence(1) and TOTAL HONESTY(2) of the Bush administration. /s

(1) "Bin Laden determined to strike inside the US"
(2) "Weapons of Mass Destruction"

Re:

[Required Snark]

You really think all this just started with Obama?

Then I have a question: do you hang your KKK robes in the closet where they won't get wrinkled but someone might easily see them, or do you fold them up in a drawer where they will get wrinkles, but it's likely that you would be found out?

Back end

[unixcorn]

Correct me if I am wrong but stealing thousands or millions of records through an accessible UI doesn't seem feasible to me. If the data itself had been encrypted, even if the thiefs had access to the storage directly, they would have been stealing encrypted files. Maybe encryption isn't the holy grail but I would sure feel better knowing my data wasn't readable after downloading. I mean make them work for it anyway.

Re:

[Anonymous Coward]

The real problem here is that SSN's and Birthdates shouldn't be treated as secret passwords that let you steal someone's identity. especially since it is near impossible to change them.

Re:

[budgenator]

Nope.

For analysis the entire data set has to be decrypted.

Well lets see:

Transparent Data Encryption

Oracle Advanced Security Transparent Data Encryption (TDE) stops would-be attackers from bypassing the database and reading sensitive information from storage by enforcing data-at-rest encryption in the database layer. Applications and users authenticated to the database continue to have access to application data transparently (no application code or configuration changes are required), while attacks from OS users attempting to read sensitive data from tablespace fi

Keychain abuse

[Millennium]

The article's author makes it sound like logging into the system would have automatically unlocked the encrypted files, or at least have allowed a logged-in user to get at the keys without authenticating further.

I suppose an encryption scheme could be implemented that way, and as just as the article suggests, that would have been useless. But an encryption doesn't need to be implemented that way, shouldn't be implemented that way, and is in fact harder to implement that way. It would provide protection against stolen hard drives, but that's not the main model of threat for things like this, and a proper policy would protect against that equally well while handling additional threats.

It's a simple policy: some things do not go in your freaking keychain. Important data like this, if it must be encrypted with a password, should require that password to be entered manually, every time. Yes, it is less convenient, but some things are too important to afford shortcuts.

Re:

[Coren22]

it isn't Controlled Unclassified Information (née Sensitive But Unclassified)

Yes it is. It is considered Confidential/Sensitive. It is also considered to contain PII, which means it has to be protected according to various government regulations.

Re:

[Anonymous Coward]

"All the data in the system becomes human-readable,"

Maybe if you're sitting at the server or remoting into it, but users should NEVER see or pull full tables of information for these kinds of systems. They request information from the server through a DBMS and it sends just the specific records that the user is looking for, maybe when searching lists of a few non-critical datapoints (name, address, employee number) may be made available to the user but not the entire database. The SERVER(s) and in rare ca

Re:

[Millennium]

Yes; of course it does.
When you log into a system, you expect to use the system. All the data in the system becomes human-readable, and of course non-encrypted.

That's what happens when you encrypt a full disk at once, yes. This is a useful tool for protecting from stolen drives, and it might even be what the author was thinking of when they mentioned "encryption". And just like the author said, it would have been inadequate to prevent this kind of attack.

But that's not the only way to implement encryption, and it's not the way that people are calling for here. Whether or not the disk is encrypted, individual files can be encrypted too. Thus, even when disk-level e

Re:

[Anonymous Coward]

If it's not it should be. The databases containing the background information on cleared government employees were taken; this info could be used to surveil or blackmail workers who have access to state secrets.

Sounds like it's about time

[overshoot]

... to outlaw social engineering.

Re:

[jader3rd]

... to outlaw social engineering.

But then only criminals will have social engineering. How is a law abiding citizen supposed to protect themselves?

Re:

[DroolTwist]

I will never understand why the 'evil bit' [ietf.org] wasn't set on their systems.

Re:

[zlives]

you do not usnderstand our modus operandi,

It is time to declare war on social engineering... it would be safe to say that these social terrorists have WMD's

Introducing the new super ultra PARTIOT Act for the children in 3..2..

If the credentials were stolen...

[Anonymous Coward]

It doesn't matter how many factors of authentication are used to obtain those credentials...

One past known attack was to obtain the users credential file. Works against AD just as well as against Kerberos (they are the same).

The one protection that kerberos had was that to use such credentials you had to be on the machine that they were given to. But since so many sites are now using NAT (which makes this useless), the stolen credentials can be used from anywhere for as long as the credentials have lifetime

A bigger issue

[ramriot]

So encryption would not have helped because the Attackers had a valid set of credentials with which to ex-filtrate ,millions of records.

The bigger issue here is why were alarms not ringing in the appropriate places while millions of records were being ex-filtrated? Why was there not effective monitoring of access use and network anomalies?

Funny thing is, if that sort of software was being used properly where another notable security cleared contractor was working (who's data was also leaked by this breach)

Re:

[budgenator]

I'm curious why these computers so willingly accept connections from IP addresses willy nilly; whatever happens to
deny all
accept (Trusted host IP)
at the firewall?

Re:

[ramriot]

Because the connection WAS probably from a trusted IP, it would have been that machine that was infected and was used to ex-filtrate data from the main system to it and onwards to the attackers cloaked to look like normal internet bound traffic.

Why is this data on the public Internet?

[Streetlight]

Maybe I'm wrong, but why is this kind of data on publicly accessible Internet? Is it not possible to put the encrypted data on totally secure servers requiring the best kind of login services that are not attached in any way to the public Internet but accessible through a separate wide area network? Folks who have access to this kind of data might need a separate terminal to access the data perhaps in a physically different location from their Internet connected computer. Users would need to be prevented fr

Laugh

[koan]

So they can't one arm of the government saying encryption would have helped and another saying it should be illegal.

The thing is, how bad do you suck at security if social engineering was behind this "attack"

To paraphrase an old saying...

[Marginal Coward]

From TFS:

"As a matter of fact, I wish that you were as strenuous and hardworking at keeping information out of the hands of hackers as you are in keeping information out of the hands of Congress and federal employees. It's ironic. You are doing a great job stonewalling us, but hackers, not so much."

Never blame on bureaucratic conspiracy that which can be adequately explained by Congressional incompetence.

Why would a regular user ever need full SSN????

[silas_moeckel]

Can anybody think of any reason any user would ever need full SSN data?

Re:

[turbidostato]

"Can anybody think of any reason any user would ever need full SSN data?"

Can anybody think of any valid reason why USA insists for an ID, as the SSN is, to be taken for a password?

There shouldn't have to be any more problem knowing your SSN than knowing you are silas_moeckel.

Good answer but...

[TheCarp]

Problem is, other people have similar sorts of systems and similar weaknesses. I used to work at a company that did IT for several hospitals (a relationship defining "its complicated" since they founded us) and well, simple auditing of usage after the fact is so..... 1990s.

By the time I left there was already some real time auditing and control in place, even to the extent of flagging attempts to access inappropriate records. In fact, if you were to access the medical record of your next door neighbor, or a relative, it would be flagged as suspicious access. The only records I knew of that you could look up frivolously were Santa Claus' and the Easter Bunny (Santa had much more hilarious prescriptions).

I am pretty sure you couldn't easily use that system to download large swaths of records before you got noticed. And that system had additional issues like, you basically need to let most people access most records because you don't want to deny access in an emergency so you HAVE to err on the side of letting the authorized user see everything and audit their usage.

Why would any other system have such a restraint? A nurse might need to emergency look up a patient she found in the hallway.... federal employee information... who has those needs on an emerhency basis? Seems they could have rate limits and cross checks against work loads.

Sounds like anyone could have walked away with tha

[hilather]

Since everyone had access to it... Seriously, this is why least access principles are so important. Encryption isn't a silver bullet, there is no silver bullet, it's a process, with many layers and technology. You need to do it all, or determined attackers will pick the weakest link.

So Much FAIL!

[ramriot]

There is so much wrong with this article its not even funny. I don't blame the writer, he's just trying to tie a nice neat bow on a badly wrapped pig.

I had to laugh though when he twice gives the example of proximity unlock on cars as IOT security. These are the same devices that only guarantee proximity security by using signal strength and thus are easily defeated by a $17 signal booster available on eBay, which has been in the news as the cause of many thefts of the contents of vehicles.

By seriously the

Re:

[ramriot]

OOps, posted on wrong thread please ignore.

Government doesn't get data security, generally

[whyde]

My family is visiting D.C. this summer, and in order to take a tour of a government facility (Capitol Hill, Congress, Dept. of Engraving, etc.) you need to apply through your congressional representative's office.

The "official and only" way to apply for a tour is to fill in and return, by email, unencrypted, a non-protected Excel spreadsheet with full names, SSNs, and other personally-identifiable information for your entire tour group (family) in one page of the spreadsheet.

Basically, if you want a tour, you must be willing first to roll over and put your goods out for anyone to sniff. No exceptions.

I was sick to my stomach over the idiocy of it all.

Multifactor waffle ..

[nickweller]

'encryption would "not have helped" because the attackers had gained valid user credentials to the systems that they attacked—likely through social engineering'

An encrypted database that could only be queried through a secure and fully audited channel. Any attempt to download the entire database would trip an alarm.

She's lying about her "it wouldn't have mattered".

[tlambert]

She's lying about her "it wouldn't have mattered".

Part of the "valid user credentials" is the system from which the login request is originating.

If only certain authorized machines, or machines within a certain building, or on a certain network, are permitted to log in using the credentials that were obtained, they would still not have been able to log in remotely.

Additional restrictions, such as time windows during which certain credentials may be used could also have further constrained the attackers.

She'

Bloody Legislators

[LessThanObvious]

I was watching the inquiries on CSPAN. My thoughts exactly were, "do we even know encryption would have solved the issue?". You have this legislator (didn't catch his name) up in front everyone lambasting OPM Director Katherine Archuleta and demanding to know why the data was not encrypted. As if the guy has a clue about what is involved and what problems it would solve directly. Exactly as mentioned in the article since the system has to be able to decrypt it's own data in order to function all you have t