Surveillance, secrecy, and ebay

[David G. Koontz]

Sherri Davidoff wrote:
> Matt Blaze wrote:
>> Once sensitive or personal data is captured, it stays around forever,
>> and the longer it does, the more likely it is that it will end up
>> somewhere unexpected.
> 
> Great point, and a fundamental lesson-of-the-moment for the security
> industry. To take it one step further: The amount of sensitive
> information an organization stores is roughly proportional to the number
> of data leaks it initiates. We already know that information "wants" to
> be free, and if you keep information around, sooner or later, it's going
> to leak out. (There's probably some mathematical way to describe this
> relationship.)
> 
> Rather than expecting companies to keep data totally secure and then
> send apologetic letters when it gets lost, perhaps we should start
> taxing companies in proportion to the amount of sensitive information
> they store, and use that tax to assist victims of identity theft. This
> would have the double benefit of giving companies immediate incentive to
> reduce the amount of information they store, and would also provide
> appropriate public funding for incident recovery.
> 
> Sherri
> 
> 

Encryption with a resistance to cryptanalytic techniques requiring on the
order of the useful lifetime of the 'secrets' being protected to overcome is
a perfectly valid way to secure private data.  This resulted following the
Privacy Act of 1972, in the release of the Digital Encryption Standard
detailing the Digital Encryption Algorithm commonly known as DES in 1977 and
published as FIPS PUB 46.

Immediately the U.S. government started providing itself with waivers to the
use of encryption for at rest storage of data, that are only being overcome
today.  During the same era, the nation's security agencies exhibited a
strong desire to prevent the disbursement of security technology for private
and business use, as it foils the gathering of economic intelligence and
provides strong encryption to foreign military and security concerns. I'm of
the opinion that DES didn't provide much advantage to 'adversaries' of the
U.S. government, but it's spread was effectively limited to the banking
industry for a considerable length of time.

During it's life time the cost of breaking DES has reduced steadily, to the
point a recent low cost implementation could attack a DES system in between
5 and 32 hours using $1000 dollars worth of commercial FPGA hardware[1], or
a totally brute force attack yielding a key in 7.8 days at the cost of
$10,000[2].  Note that this has resulted in changes  to approved algorithms,
with resulting increase in resistance to brute force attacks by dramatically
increasing the key space.  We now worry about the near mythical quantum
computer's ability to break any current encryption scheme.

While Matt was relating the inadvertent disbursement of information relating
to a criminal investigation, you'd think that could be under the aegis of
the court system, perhaps by tinkering with the rules of evidence.  After
all encrypted storage is an effective means of preventing unauthorized
access, duplication and altering of evidence.  Bar associations would appear
a logical place to influence protecting client-data and client attorney
privilege.

We also see the Department of Defense requiring at rest encrypted storage of
data, the requirement becoming universal over time.  You'd have to wonder if
the requirement was extended to the rest of the U.S. government, just how
long it would take to protect data.  Couldn't be more than a decade.

State and local governments, you run into unfunded mandates.  It helps that
they already have a duty under various privacy laws to protect data, as do
private companies.  Perhaps the problem is not that we need more laws, but
that the laws we have aren't be adhered to?

Is the resistance to data protection today predicated on cost?  We see
secure disk products that when the costs are amortized across volume for a
couple of kilobytes of code, a slightly faster processor, or one with
security co-processor, the cost of developing software interface controls
and finally certification costs, should add a cost burden of a couple of
dollars but are being sold at a premium, all the market can bear.

What's not apparent is the cost of data loss, other than bad press.  We find
interesting cases, such as in aviation security where we find from Professor
Mueller that the cost in terms of lives saved with the Transportation
Security Agency is 15 times higher than their value by protection by other
means[3], indicating we have an enormous white elephant, there.  How do we
prevent the inadvertent replication of waste in another large area of
government mandated security?

Balancing the apparent lack of adherence to current privacy laws and the
potential cost of a bureaucracy dedicated to measuring quanta of privacy
data, regulating the balance of taxes owed, offsets by encryption, tracking
the acquisition of privacy data, it's proper and approved retirement or
destruction, perhaps as a predicate act someone ought to see what the costs
are to individuals burdened by lack of adherence to a duty of care, as well
as to society as a whole.  Personally, one could wonder if the risk of being
socially engineered into revealing information isn't higher, for example
through phishing, and yet we only get lip service to stopping email spam.
You could also note that it appears difficult to prevent ISPs through
apparent violation of wiretapping laws, gathering private information for
pecuniary profit in directing (or mis-directing) web advertising.  Perhaps
the problems are bigger than those cured by the likes of a tax?


[1]'Experience Using a Low-Cost FPGA Design to Crack DES Keys', Richard
Clayton and Mike Bond
http://www.cl.cam.ac.uk/~rnc1/descrack/DEScracker.pdf

[2] Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code
Breaker',  Sandeep Kumar, Christof Paar, Jan Pelzl, Gerd Pfeiffer, and
Manfred Schimmler
http://www.crypto.rub.de/imperia/md/content/texte/publications/conferences/ches2006_copa.pdf
http://www.hyperelliptic.org/tanja/SHARCS/talks06/copacobana.pdf

[3]'A risk and cost-benefit assessment of United States aviation security
measures,' Mark Stewart and John Mueller
http://polisci.osu.edu/faculty/jmueller/stewarr2.pdf

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com