"The state of data encryption has been frozen under the assumption that protecting data at rest or in motion is sufficient, neglecting the obvious risks posed when data is illegitimately accessed ...