Wave Chief Scientist Robert Thibadeau Co-Authors American Bar Association’s Data Breach and Encryption Handbook
Groundbreaking Book Launches at RSA Conference; Industry’s Top Technical and Legal Experts Explain Data Encryption Best Practices—and what Holds Up in Court
Lee, MA — February 7, 2011 — Wave Systems Corp. (NASDAQ:WAVX www.wave.com) announced today that Wave Chief Scientist Robert Thibadeau has contributed to the American Bar Association’s Data Breach and Encryption Handbook, which examines the ever-growing problem of data breaches, the legal complexities surrounding data breach notification laws, and the encryption solutions that can prevent sensitive data from being compromised in the first place. The book is a compilation of chapters by Dr. Thibadeau and other prominent legal and technology experts from the American Bar Association (ABA) Section of Science & Technology Law. As part of the book launch, the authors will discuss the book’s findings during an exclusive panel as part of the RSA 2011 Conference agenda. Copies of the book will be available for purchase and signing on the show floor.
The Data Breach and Encryption Handbook examines the recent proliferation of data breaches and the associated legal and technological complexities. The book includes a strong focus on encryption in the healthcare marketplace, which is at a crossroads. Medical professionals and others charged with protecting sensitive data are quickly realizing the need for encryption, given the alarming rate of data breaches and their profound financial and legal consequences. Not only do 46 states currently have data breach notification laws in place, Congress has also regulated the space by enacting HITECH and HIPAA. This hodge-podge of laws only confuses the issue: they successfully establish the need for encryption, but fail to specify what type of encryption or other security measures are adequate. Medical organizations may believe their security solution complies with law and regulations, only to find out after a security breach that this is not the case. The book seeks to help professionals in all fields – and particularly in the medical realm – disentangle the web of legalities and possible security solutions proactively, to prevent this outcome.
“The book will have accomplished one of its goals if it generates discussion and debate about the best approaches to preventing data breaches,” writes Editor Lucy Thomson, a former federal criminal prosecutor and Vice Chair of the ABA Section of Science & Technology Law. “This includes an assessment of whether the state data breach notification laws and HITECH address the real problem—maintaining the security of sensitive personal information—or simply focus on the aftermath of a broken system.”
In the interest of staying out of court and in the good graces of an organization’s customers, partners, members and employees, it is necessary to understand how best to protect sensitive information. Technology professionals and attorneys alike must communicate and collaborate on a data security strategy that both protects data and ensures legal protection. However, they first require a better grasp of the security and encryption options available to them, as not all solutions are created equal. Dr. Thibadeau, the pioneer of the self-encrypting hard drive, is uniquely positioned to shed light on the mysteries of various encryption solutions, and the possibilities and limitations associated with them. Dr. Thibadeau has been involved in the field since its inception, working to help develop industry encryption standards for the Trusted Computing Group, in addition to serving on the ABA’s technology working group on eDiscovery and Digital Evidence. He explains how encryption works, where it stands now, and where it may likely go in two key chapters titled: “Encryption Best Practices” and “The Self-Encrypting Drive.”
“Bulk data encryption may be very strong, but if the key methodology that provides access to using the encryption is weak, then strong data encryption does no good,” writes Dr. Thibadeau in the book, stressing that encryption is only as strong as the keys that keep it secret. By making the fundamentals of encryption easily understandable for decision-makers, Dr. Thibadeau shares best practices that enable and empower them to make educated choices to protect the data entrusted to their care.
Organizations responsible for the security of sensitive data would benefit from reading Dr. Thibadeau’s explanation of encryption keys and the methods used to store them—knowledge that can make or break the integrity of the solution. The self-encrypting drive (SED), as hardware-based security, eliminates the moment in which software-based encryption calls for the encryption keys, leaving them vulnerable. SEDs, in contrast, never allow keys to leave the safety of the drive. The threat of this potential weak point in software-only security solutions can be nullified by employing SEDs, which are now available from all major manufacturers. In his chapter on “The Self-Encrypting Drive,” Dr. Thibadeau postulates that SEDs will eventually attain “ubiquity, utility, and uniqueness,” a promise for data security that the healthcare industry should not be alone in taking advantage of.
To learn more about the correct implementation of hardware-based encryption, how this solution can provide a safe harbor from state and federal breach notification requirements, and the intricacies of these laws themselves, visit Wave Systems’ booth at RSA and attend the author panel discussion on February 16.
About the Authors:
The Data Breach and Encryption Handbook is a collaborative collection of chapters, written by 15 of the American Bar Association’s most respected authorities on law and technology as it relates to encryption and data security. Dr. Robert Thibadeau, Chief Scientist for Wave Systems, writes two chapters, drawing from his expertise as the pioneer and developer of the self-encrypting drive. Dr. Thibadeau is an active leader in industry groups ranging from the ABA’s eDiscovery and Digital Evidence Committee to his position chairing the Trusted Computing Group’s Storage Workgroup. He is also a founding director of the Carnegie Mellon Robotics Institute and has been on the faculty since 1979.
The book is edited by Lucy Thomson, J.D., M.S., CIPP/G. Ms. Thomson is Vice Chair of the ABA Section of Science & Technology Law, and works for global technology company CSC as a senior principal engineer of information security, and privacy advocate.
Additional experts from the ABA who contributed chapters include:
- Ruth Hill Bro, past chair of the ABA Section of Science & Technology Law (SciTech) and widely published author.
- Eric Hibbard, CTO Security & Privacy, Hitachi Data Systems
- Serge Jorgensen, CTO, Sylint Group
- Lorelie S. Masters, Partner at Jenner & Block LLP
- Arthur E. Peabody, Jr., Lead Medicare Counsel, BlueCross BlueShield Association
- Kimberly Kiefer Peretti, J.D., LL.M., CISSP, Forensic Technology Services at PricewaterhouseCoopers; former Senior Counsel, Computer Crime and Intellectual Property Section, U.S. Department of Justice Criminal Division
- Thomas J. Smedinghoff, Partner at Wildman Harrold; past SciTech chair
- Benjamin Tomhave, Senior Security Analyst, Gemini Security Solutions
- Stephen Wu, Partner at Cooke Kobrick & Wu LLP; current SciTech chair
- Renee Abbot, Thomas Hahler, Jennifer Kurtz, and Dennis Monroe.
The American Bar Association is the largest voluntary professional membership organization in the world, with nearly 400,000 members. As the national voice of the legal profession, the ABA works to improve the administration of justice, promotes programs that assist lawyers and judges in their work, accredits law schools, provides continuing legal education, and works to build public understanding around the world of the importance of the rule of law. The Section of Science & Technology Law is widely recognized as the premier authority on science and technology law.
About Wave Systems Corp.
Wave is a pioneer in hardware-based PC security that provides software to help solve critical enterprise PC security challenges such as data protection, strong authentication, network access control and the management of these enterprise functions. Wave is a founding member of the Trusted Computing Group (TCG), a consortium of more than 100 companies that forged open standards for hardware security. Wave’s EMBASSY® line of client- and server-side software leverages and manages the security functions of the TCG’s industry standard hardware security chip, the Trusted Platform Module (TPM) as well as hard drives that comply with TCG’s “Opal” self-encrypting drive (SED) standard. Self-encrypting drives are a growing segment of the data protection market, offering increased security and better performance than most existing software-based encryption solutions. TPMs are standard equipment on many enterprise-class PCs shipping today and have shipped on an estimated 300 million PCs worldwide. Using TPMs and/or SEDs and Wave software, enterprises can substantially and cost-effectively strengthen their current security solutions. Visit http://www.wave.com for more information.
For more information please contact:
Wave Systems Corp.