Information security is paramount in the life sciences and health care industry because it is subject to affirmative regulatory requirements regarding the physical and technical safeguards used to secure electronic information. It is therefore troubling that the Internet protocols that are universally used to transmit encrypted information employ an authentication process (to verify the endpoints of a communication) that is deeply flawed. The authentication process requires the parties to the communication to trust literally hundreds of unknown third parties referred to as "certificate authorities." The closer one looks at the identity of these third parties and the processes used to carry out the authentication process, the worse it gets. It is time for GCs to get involved because Encryption is Not Enough...