Science & Technology
Science and Technology
Science and Technology 
Tue, February 8, 2011
Mon, February 7, 2011
Wave Chief Scientist Robert Thibadeau Co-Authors American Bar Association's Data Breach and Encryption Handbook
LEE, MA--(Marketwire - February 7, 2011) - Wave Systems (
The Data Breach and Encryption Handbook examines the recent proliferation of data breaches and the associated legal and technological complexities. The book includes a strong focus on encryption in the healthcare marketplace, which is at a crossroads. Medical professionals and others charged with protecting sensitive data are quickly realizing the need for encryption, given the alarming rate of data breaches and their profound financial and legal consequences. Not only do 46 states currently have data breach notification laws in place, Congress has also regulated the space by enacting HITECH and HIPAA. This hodge-podge of laws only confuses the issue: they successfully establish the need for encryption, but fail to specify what type of encryption or other security measures are adequate. Medical organizations may believe their security solution complies with law and regulations, only to find out after a security breach that this is not the case. The book seeks to help professionals in all fields -- and particularly in the medical realm -- disentangle the web of legalities and possible security solutions proactively, to prevent this outcome.
"The book will have accomplished one of its goals if it generates discussion and debate about the best approaches to preventing data breaches," writes Editor Lucy Thomson, a former federal criminal prosecutor and Vice Chair of the ABA Section of Science & Technology Law. "This includes an assessment of whether the state data breach notification laws and HITECH address the real problem -- maintaining the security of sensitive personal information -- or simply focus on the aftermath of a broken system."
In the interest of staying out of court and in the good graces of an organization's customers, partners, members and employees, it is necessary to understand how best to protect sensitive information. Technology professionals and attorneys alike must communicate and collaborate on a data security strategy that both protects data and ensures legal protection. However, they first require a better grasp of the security and encryption options available to them, as not all solutions are created equal. Dr. Thibadeau, the pioneer of the self-encrypting hard drive, is uniquely positioned to shed light on the mysteries of various encryption solutions, and the possibilities and limitations associated with them. Dr. Thibadeau has been involved in the field since its inception, working to help develop industry encryption standards for the [ Trusted Computing Group ], in addition to serving on the ABA's technology working group on eDiscovery and Digital Evidence. He explains how encryption works, where it stands now, and where it may likely go in two key chapters titled: "Encryption Best Practices" and "The Self-Encrypting Drive."
"Bulk data encryption may be very strong, but if the key methodology that provides access to using the encryption is weak, then strong data encryption does no good," writes Dr. Thibadeau in the book, stressing that encryption is only as strong as the keys that keep it secret. By making the fundamentals of encryption easily understandable for decision-makers, Dr. Thibadeau shares best practices that enable and empower them to make educated choices to protect the data entrusted to their care.
Organizations responsible for the security of sensitive data would benefit from reading Dr. Thibadeau's explanation of encryption keys and the methods used to store them -- knowledge that can make or break the integrity of the solution. The self-encrypting drive (SED), as hardware-based security, eliminates the moment in which software-based encryption calls for the encryption keys, leaving them vulnerable. SEDs, in contrast, never allow keys to leave the safety of the drive. The threat of this potential weak point in software-only security solutions can be nullified by employing SEDs, which are now available from all major manufacturers. In his chapter on "The Self-Encrypting Drive," Dr. Thibadeau postulates that SEDs will eventually attain "ubiquity, utility, and uniqueness," a promise for data security that the healthcare industry should not be alone in taking advantage of.
To learn more about the correct implementation of hardware-based encryption, how this solution can provide a safe harbor from state and federal breach notification requirements, and the intricacies of these laws themselves, visit Wave Systems' booth at RSA and attend the author panel discussion on February 16.
About the Authors:
The Data Breach and Encryption Handbook is a collaborative collection of chapters, written by 15 of the American Bar Association's most respected authorities on law and technology as it relates to encryption and data security. Dr. Robert Thibadeau, Chief Scientist for Wave Systems, writes two chapters, drawing from his expertise as the pioneer and developer of the self-encrypting drive. Dr. Thibadeau is an active leader in industry groups ranging from the ABA's eDiscovery and Digital Evidence Committee to his position chairing the Trusted Computing Group's Storage Workgroup. He is also a founding director of the Carnegie Mellon Robotics Institute and has been on the faculty since 1979.
The book is edited by Lucy Thomson, J.D., M.S., CIPP/G. Ms. Thomson is Vice Chair of the ABA Section of Science & Technology Law, and works for global technology company CSC as a senior principal engineer of information security, and privacy advocate.
Additional experts from the ABA who contributed chapters include:
- Ruth Hill Bro, past chair of the ABA Section of Science & Technology Law (SciTech) and widely published author.
- Eric Hibbard, CTO Security & Privacy, Hitachi Data Systems
- Serge Jorgensen, CTO, Sylint Group
- Lorelie S. Masters, Partner at Jenner & Block LLP
- Arthur E. Peabody, Jr., Lead Medicare Counsel, BlueCross BlueShield Association
- Kimberly Kiefer Peretti, J.D., LL.M., CISSP, Forensic Technology Services at PricewaterhouseCoopers; former Senior Counsel, Computer Crime and Intellectual Property Section, U.S. Department of Justice Criminal Division
- Thomas J. Smedinghoff, Partner at Wildman Harrold; past SciTech chair
- Benjamin Tomhave, Senior Security Analyst, Gemini Security Solutions
- Stephen Wu, Partner at Cooke Kobrick & Wu LLP; current SciTech chair
- Renee Abbot, Thomas Hahler, Jennifer Kurtz, and Dennis Monroe.
The [ American Bar Association ] is the largest voluntary professional membership organization in the world, with nearly 400,000 members. As the national voice of the legal profession, the ABA works to improve the administration of justice, promotes programs that assist lawyers and judges in their work, accredits law schools, provides continuing legal education, and works to build public understanding around the world of the importance of the rule of law. The Section of Science & Technology Law is widely recognized as the premier authority on science and technology law.
About Wave Systems Corp.
Wave provides software to help solve critical enterprise PC security challenges such as strong authentication, data protection, network access control and the management of these enterprise functions. Wave is a pioneer in hardware-based PC security and a founding member of the Trusted Computing Group (TCG), a consortium of more than 100 companies that forged open standards for hardware security. Wave's EMBASSY® line of client- and server-side software leverages and manages the security functions of the TCG's industry standard hardware security chip, the Trusted Platform Module (TPM) and supports the TCG's "Opal" self-encrypting drive standard. Self-encrypting drives are a growing segment of the data protection market, offering increased security and better performance than many existing software-based encryption solutions. TPMs are included on an estimated 300 million PCs and are standard equipment on many enterprise-class PCs shipping today. Using TPMs and Wave software, enterprises can substantially and cost-effectively strengthen their current security solutions. For more information about Wave and its solutions, visit [ http://www.wave.com ].
Safe Harbor for Forward Looking Statements
Except for the statements of historical fact, the information presented herein constitutes forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. Such forward-looking statements involve known and unknown risks, uncertainties and other factors which may cause the actual results, performance or achievements of the company to be materially different from any future results, performance or achievements expressed or implied by such forward-looking statements. Such factors include general economic and business conditions, the ability to fund operations, the ability to forge partnerships required for deployment, changes in consumer and corporate buying habits, chip development and production, the rapid pace of change in the technology industry and other factors over which Wave Systems Corp. has little or no control. Wave Systems assumes no obligation to publicly update or revise any forward-looking statements.
All brands are the property of their respective owners.