And while it almost goes without saying, being amidst the more than 3500 teachers and parents from across California for the state’s annual confab gave me a new appreciation for those on the front lines fighting for the best interests of our children. I can assure you: these people work hard for their kids’ best interests.

Among more than 60 workshops and training sessions, child safety was a leading theme—not surprising considering the sunshine state PTA is number one in the U.S. for advocacy work against bullying. That’s taken on new urgency with the proliferation of social media sites—and the potential lasting impact an ill-advised post or Tweet could have.

“I always tell my kids, ‘Words are like toothpaste,’” one mom told me when she stopped by our booth. “Once they’re out of the ‘tube’ you can’t put them back.”

We heard similar sentiments all week for those who stopped by for a firsthand demo of scrambls, which drew strong interest as a practical tool for making it safer for kids to use social media—simplifying privacy and control for kids and families as they communicate online. Teachers and parents were particularly excited about using scrambls as a way to begin  the conversation with students and families about who they are really talking to when posting to social media. Thinking about who can read what you post to any social network, and creating groups with scrambls to restrict the audience, was embraced as a strong step in both the initial education of digital reputations, as well as the practical tool to prevent today’s social media postings from negatively impacting students’ lives later in life when applying for college or jobs.

One highlight of the week was being honored by the Child Safety Network (CSN), which chose scrambls as the recipient of this year’s National Child Safety Award. The Child Safety Network recognized scrambls for the immediate impact the service brings to families seeking lasting control and stronger privacy for content they share online—making social networking safer with every tweet, blog post or status update. Read more about the selection by clicking to read the CSN press release announcing scrambls as its 2012 winner.

I was humbled to accept the award during Saturday’s closing session, though I have to admit following the likes of such dynamic speakers as actress Debbie Allen proved no easy task. A video of the award presentation begins with an introduction by CEO Ward Leber of the Child Safety Network, who said:

“What our families post online when they’re kids and teenagers can affect them for the rest of their lives. It can cost your kids job opportunities in the future, and can even impact admission to college.” CSN recognized scrambls as a solution to the issue, Leber said, explaining “With scrambls you can share messages on any web page, with a specific defined group. So that friends and colleagues read clear text as they normally would, and all others without permission see only encoded text.”

Protecting children online is important, just as safeguarding their reputation is. Parents and educators play an important part. And this week reinforced that scrambls can help, too. Scrambls plans to support its application for education and minors with a series of free training materials to help kids and parents transition to safer use of social media.

When children start learning how to use social media, let them explore safely by posting content that is only shared with a small group of immediate family, like “Mom and Me.” As their understanding of social media grows, parents and teachers can expand their sharing to include trusted contacts, like their relatives, other children in their class, and school faculty.

http://kliv.gotdns.com/kliv/MP3_Audio/05_08_12_CEO_Show.mp3

As recently as two decades ago, personal mementos had a predictable lifecycle. Your sixteen-year-old daughter’s scrapbook that she made last summer when she thought she was in love stayed in her sock drawer, and moved to the basement when she went away to school. The embarrassingly personal Christmas card from Aunt Becky was taken out with the trash on January 2^nd—you knew it was, because you threw it out yourself.

This was life in the age of print.

Today, we are still creating documentation of our lives and interactions—but much of this record is on social media sites instead of in the living room. Sharing habits created in pre-social media times are hanging on, but predictably, we get upset when we realize one of the effects of this new model: To the sites on which we document our lives, we are no longer “people,” but “users.” “Personal mementos” are first and foremost “data.” When you put your data on a site and sign the IP agreement, you have granted that site a sub-license for usage of that data—the privacy settings you put in place are subject to change, and you can never be completely assured that what you posted and thought you took down a year later is truly gone.

One answer to this question of content control is the EU’s proposed “right to be forgotten” legislation. The penalty for not complying with a user’s request to delete information could result in fines of up to two percent of global income for the site in question, and ultimately cost them dearly in lost users. But the user can also be punished: Imagine your daughter was sixteen now instead of twenty years ago, and she created her scrapbook documenting the “love of her life” via her social media accounts. We all know where that one ends: in a year, they’ve gone their separate ways and she can’t wait to delete it. She may even exercise her right to delete her whole account, permanently.

Of course, in another forty years, she might regret not being able to show her kids that scrapbook. Having to choose between “delete” and no longer having control of your content creates a false dichotomy. What we need is today’s equivalent of Mom’s basement—you don’t want to burn the scrapbook, but you also don’t want to send it to the local newspaper.

The option to be forgotten is important. If users want assurance that everything they did on a site is gone, they should have that assurance. This is the ultimate protection—the atomic bomb of personal privacy. But it’s time to augment this right with a more nuanced tool. By giving control over content back to the user, “delete” or “give away my content” are not the only two choices. It’s time to bring back Mom’s basement.

Scrambls has been developed to provide the user with a new set of tools to control the availability of any content posted on the Web, from simple comments on a blog to an entire social media thread. Scrambls encrypts each post with a different key and allows the user to set a policy on who can read that post and when that post can be read. The creator can start by posting data that is protected but has a policy allowing anyone to read it. This policy can then be changed so only the creator can read it, or only close family, and then changed again to allow a new group to read it.  Data (or a personal memento) can then go through various stages as its owner matures—from creation, sharing with friends, retraction, sharing with family, and archiving, with the knowledge that further changes are in the user’s hands.

For more information, go to www.scrambls.com.

Today, most social media users generally share only the safest and most generic content with their followers, while reserving personal or sensitive information for more private mediums like instant messaging, texting or email. After continued privacy violations and missteps by social media providers, users are wary of who really sees the comments they post, and the more tech-savvy users don’t want personal and private information to be aggregated and inappropriately redistributed.

This translates to lost opportunity for social media providers, in both the near- and long-term. In the near-term, concerns about privacy will lead users to occasionally tap other communications platforms, representing fewer hits on a social media site, lowering its aggregate traffic and reducing the site’s advertising value. Over the long-term, the issue of privacy will inhibit social media’s potential to become a more embedded and primary means of communication. Privacy and security are also barriers to heavier adoption of social media for business and commercial use, which, if addressed, could open an entirely new model for secure enterprise collaboration.

The lost opportunity hasn’t received the notice it deserves because use of social media sites has only continued to grow. Ironically, as use of these sites has grown, so has interest in top-down regulation of user privacy. This is already becoming evident in current efforts by the European Union to address privacy and operating rules for social media.

We’ve addressed the problems with top-down regulation of user privacy on social media elsewhere. Add to those arguments the issue that every user has their own view of what is private. What it amounts to is that, whether the catalyst is government or users, privacy concerns will almost certainly place limitations on the continued growth in value of social media sites.

What is needed is a bottom-up solution that allows users to take control of their own privacy independently of the social media companies. Wave Systems set out to address this need with its scrambls service, which helps individual users selectively protect the privacy of their social media posts at will, with a single solution that works across all the primary social media platforms. Scrambls doesn’t signify a new approach. We have all used VPNs and SSL over public networks to assure that the content we transmit remains private. We do not choose to do this for all communications, but it does offer protection where we need it—providing a clear sense of security for email and the more sensitive services we use.

Allowing individuals to scrambl content they think of as personal also reduces the chance that social media companies might leak aggregated data following some future modification to privacy policy. This not only protects users, it protects the social media providers themselves by dramatically reducing the potential liability and negative publicity that results from inadvertently sharing Personally Identifiable Information.

It is natural to want basic control over the data that represents me. Wave Systems has spent 20 years developing tools expressly designed to protect data for the enterprise. So, we are excited to bring that expertise to the realm of social media and individual users, who today resort to imposing their own creative “codes” to convey private data over social media: “Met our mutual friend for dinner last night;” or “Done with the meeting – I’ll call to tell you how it went;” or “LOL call me J I’ll text you the number.”

So what’s the value to social sites of all that additional shared data, if it’s not entirely written in clear text? It’s widely known that social media providers use the information provided by account holders to conduct data mining for targeted advertising. Firstly, however, scrambling only affects the text of a post, leaving user and location data available. Secondly, is the information that users are willing to share via scrambls, but not willing to share without, content that sites want to target a user for? If a user is scrambling information, it’s because it’s private—a health diagnosis to be seen by close family, for instance. Chances are, that user does not want to have ads related to their diagnosis confronting them every time they sign in.

Scrambls seeks to help streamline the sharing process without needing to navigate away from a user’s communication platform of choice. The more comfortable we can all be with our sharing, the more we will share, and that can only increase the global value of this new model of communication.

With the launch of scrambls today, using social media doesn’t have to mean giving up control.

Once you start using scrambls, what you’re really doing is choosing your own Privacy Policy that works wherever you go online. Nobody—not the social media platform, not scrambls itself—can read your content. You choose which of your contacts can read your content in clear text. Use scrambls to protect your online reputation, your content, your child’s safety, your company’s data; use it to control when, for how long, and with whom your data is shared on social media sites. It’s another tool in the kit, one that we hope will help make online sharing smarter.

If you would like to join the scrambls community, sign up is free and now open to the public. Helpful resources include:

1)      How-to video detailing installation and basic function of scrambls

2)      Video demonstrating using scrambls in a Tweet

3)      Video demonstrating using scrambls while posting on Facebook

To join the conversation and connect with other users, check out the scrambls Facebook page at www.facebook.com/scrambls and follow us on Twitter at www.twitter.com/scramblsUSA. We hope you enjoy experimenting with the service and discovering the opportunities it creates as you share online.

In this third installment from Steven Sprague’s interview with analyst Richard Stiennon, the conversation turns to the Windows 8 launch: what it indicates about Microsoft’s involvement in the security industry, what it means for enterprises using Windows, and how to ease the transition to the new platform.

Related Blogs:

A Look at Ten Years of Trustworthy Computing

The Future of Information Security Will Be on Display This Week at RSA

Downloading Patient Data to an Unencrypted iPad?

Microsoft’s Scott Charney declares Trustworthy Computing at “Inflection Point” in RSA Keynote

Related Security Matters Blogs:

Downloading Patient Data to an Unencrypted iPad?

Mobile World Congress Opens Window to Trusted Security on Any Device

Mobile Device Security—Handling the Expanding Roles

The Future of Information Security Will Be on Display This Week at RSA

When it was unveiled last April, the National Strategy for Trusted Identities in Cyberspace –or NSTIC for short—envisioned a single identity ecosystem that allowed people to choose among multiple identity providers—both private and public—that would issue trusted credentials that prove identity. This new identity model would finally do away with the unmanageable number of passwords people must remember to access their online accounts.

Twelve months later, NSTIC has taken the next step to bringing that vision to reality.

NSTIC announced that, after culling through some 187 proposals for developing a new identity ecosystem, it had winnowed the field to a little more than two dozen promising entries. One of those came from an organization that Wave has been a proud and active member of—the Transglobal Secure Collaboration Program (TSCP). TSCP counts as its members the “who’s who” of the Aerospace and Defense industry, the likes of Boeing and General Dynamics to name a few. The group has been working on securing all aspects of information-sharing—from identity management, secure email, information sharing, to document sharing with identity federation.

TSCP’s proposal builds on the work of a number of industry standards groups (including the Open Identity Exchange, the Center for Democracy and Technology, and the Trusted Computing Group) to produce a reusable non-PKI standard suitable for release to the public domain. The model will show how millions of strong credentials that have been issued by federal and state governments, and those in the private sector, can be put to greater use to access sensitive applications at relying parties. Relying parties can securely leverage these assets for use within existing applications for commercial viability.

We’re happy to see TSCP’s bid make it to the next round, and celebrate the central role open industry standards can play in addressing this universal problem. See yesterday’s formal announcement from the TSCP here.

Watch Security Matters for future segments on mobile, cloud, and more in the weeks to come.

Related Security Matters Blogs:

The Era of Known Computing is Underway

Unlocking TPM Potential for Detecting Pre-boot Malware Attacks

Paradigm Reboot: Advance of the APT

60 Minutes Story on Stuxnet Could Improve Awareness of APTs

Most notably, however, the Centre’s launch signals that cyber-defence has become a matter of national policy in the EU.

EU member states are currently finalising a directive on attacks against computer networks, which is set to criminalise the sale, production and use of ‘botnets’, networks of infected computers that can be remotely controlled to launch large-scale coordinated cyberattacks.

Digital Agenda Commissioner Neelie Kroes recently told a meeting of cybersecurity experts that the Commission would also present a European internet security strategy this autumn, focusing on co-operation between member states and the private sector.

Commissioner Kroes wants to strengthen ‘cyber oversight’ across the EU. A key point in her announcement, and one that will give C-level executives pause for thought, is the intention to oblige every enterprise to notify security breaches to government. This obligation currently applies to telecoms companies and the EU will extend this to include companies in the energy, water, finance and transport sectors.

At the same time, the EU budget would provide funding for security technologies. That support would be welcomed by businesses across the EU, who should not be too surprised by the new cyber-defence moves, given the rising tide of cybercrime and malware sweeping across both the Continent and the UK. We see thousands of new forms of malicious software code being launched against companies and other organisations every month.

The fact that Microsoft recently identified more than 13 million suspected infections of the Zeus malware worldwide illustrates the global extent of the cybercrime problem and underscores how seriously we should take this universal threat. According to Commissioner Kroes, the volume of cyberattacks, with more than 150,000 viruses in circulation and 148,000 computers compromised per day, places an impossible burden on law authorities.

Meanwhile, the UK government has just announced plans to bring in legislation that will allow it to monitor calls, emails, texts and website visits of everyone in the country. Internet firms will be required to give intelligence agency GCHQ access to communications on demand, in real time.

The UK Home Office says the move is essential in the fight against cybercrime and terrorism, but civil liberties groups have criticised it. Whatever the outcome, every manager of personal and corporate data will need to step up their reporting and security policies in the light of these concerted moves to provide effective defence against network attacks.

The co-ordinated leadership of the Cybercrime Centre will provide a step towards making information security in the UK and across the EU a matter of pro-active policy and enforcement. But it cannot achieve this goal alone.

While the Centre takes on the leadership role of monitoring, measuring and managing threats propagating across the public internet, corporate and administrative CIOs can lend their support by actively managing security in real time on Europe’s private networks. Fortunately, the technological foundation for such support is already well-established or easily available in business class computers – in the form of embedded security tools such as Trusted Platform Modules (TPMs) and self-encrypting drives (SEDs).

The third and most important element is enterprise management software. Only centralized management can translate embedded security into proactive, enforceable policy by enabling organizations to remotely monitor and manage all TPMs and SEDs across the scattered enterprise. Central management further allows central IT staff to use TPMs to detect the presence of pre-boot malware as endpoint computers switch on, and thereby pre-emptively prevent network access of infected machines. In all, a good centralized management platform restores real-time universal administration, policy-based security controls and proof of compliance on the network’s furthest endpoints.

Even before plans for the Centre were finalized, governments in the UK and elsewhere had begun advocating for the adoption of such policy-driven endpoint and network security by public and private network operators. Combining this with the coordinated tracking and enforcement efforts of the European Cybercrime Centre, organized cybercrime’s rising tide may yet be turned.