Re: Surveillance, secrecy, and ebay, monor correction.
David G. Koontz wrote: Sherri Davidoff wrote: You know how memory is, little things get squishy with the passage of years. As soon as I saw the post up on cryptography I asked myself was that 1972 or 1974? Privacy Act of 1972 That should be 1974. http://www.law.cornell.edu/uscode/html/uscode05/usc_sec_05_0552---a000-notes.html Public law 93-579 The Privacy Act of 1974 http://www.law.cornell.edu/uscode/html/uscode05/usc_sec_05_0552---a000-.html 5 USC 552a Records maintained on individuals. (10) establish appropriate administrative, technical, and physical safeguards to insure the security and confidentiality of records and to protect against any anticipated threats or hazards to their security or integrity which could result in substantial harm, embarrassment, inconvenience, or unfairness to any individual on whom information is maintained; The quoted section (10) being the basis for finding harm on disclosure. I remember seeing the Federal Register notice for the Digital Encryption Standard, in 1977, mind you. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Surveillance, secrecy, and ebay
Matt Blaze wrote: Once sensitive or personal data is captured, it stays around forever, and the longer it does, the more likely it is that it will end up somewhere unexpected. Great point, and a fundamental lesson-of-the-moment for the security industry. To take it one step further: The amount of sensitive information an organization stores is roughly proportional to the number of data leaks it initiates. We already know that information wants to be free, and if you keep information around, sooner or later, it's going to leak out. (There's probably some mathematical way to describe this relationship.) Rather than expecting companies to keep data totally secure and then send apologetic letters when it gets lost, perhaps we should start taxing companies in proportion to the amount of sensitive information they store, and use that tax to assist victims of identity theft. This would have the double benefit of giving companies immediate incentive to reduce the amount of information they store, and would also provide appropriate public funding for incident recovery. Sherri -- http://philosecurity.org - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Surveillance, secrecy, and ebay
Sherri Davidoff wrote: Matt Blaze wrote: Once sensitive or personal data is captured, it stays around forever, and the longer it does, the more likely it is that it will end up somewhere unexpected. Great point, and a fundamental lesson-of-the-moment for the security industry. To take it one step further: The amount of sensitive information an organization stores is roughly proportional to the number of data leaks it initiates. We already know that information wants to be free, and if you keep information around, sooner or later, it's going to leak out. (There's probably some mathematical way to describe this relationship.) Rather than expecting companies to keep data totally secure and then send apologetic letters when it gets lost, perhaps we should start taxing companies in proportion to the amount of sensitive information they store, and use that tax to assist victims of identity theft. This would have the double benefit of giving companies immediate incentive to reduce the amount of information they store, and would also provide appropriate public funding for incident recovery. Sherri Encryption with a resistance to cryptanalytic techniques requiring on the order of the useful lifetime of the 'secrets' being protected to overcome is a perfectly valid way to secure private data. This resulted following the Privacy Act of 1972, in the release of the Digital Encryption Standard detailing the Digital Encryption Algorithm commonly known as DES in 1977 and published as FIPS PUB 46. Immediately the U.S. government started providing itself with waivers to the use of encryption for at rest storage of data, that are only being overcome today. During the same era, the nation's security agencies exhibited a strong desire to prevent the disbursement of security technology for private and business use, as it foils the gathering of economic intelligence and provides strong encryption to foreign military and security concerns. I'm of the opinion that DES didn't provide much advantage to 'adversaries' of the U.S. government, but it's spread was effectively limited to the banking industry for a considerable length of time. During it's life time the cost of breaking DES has reduced steadily, to the point a recent low cost implementation could attack a DES system in between 5 and 32 hours using $1000 dollars worth of commercial FPGA hardware[1], or a totally brute force attack yielding a key in 7.8 days at the cost of $10,000[2]. Note that this has resulted in changes to approved algorithms, with resulting increase in resistance to brute force attacks by dramatically increasing the key space. We now worry about the near mythical quantum computer's ability to break any current encryption scheme. While Matt was relating the inadvertent disbursement of information relating to a criminal investigation, you'd think that could be under the aegis of the court system, perhaps by tinkering with the rules of evidence. After all encrypted storage is an effective means of preventing unauthorized access, duplication and altering of evidence. Bar associations would appear a logical place to influence protecting client-data and client attorney privilege. We also see the Department of Defense requiring at rest encrypted storage of data, the requirement becoming universal over time. You'd have to wonder if the requirement was extended to the rest of the U.S. government, just how long it would take to protect data. Couldn't be more than a decade. State and local governments, you run into unfunded mandates. It helps that they already have a duty under various privacy laws to protect data, as do private companies. Perhaps the problem is not that we need more laws, but that the laws we have aren't be adhered to? Is the resistance to data protection today predicated on cost? We see secure disk products that when the costs are amortized across volume for a couple of kilobytes of code, a slightly faster processor, or one with security co-processor, the cost of developing software interface controls and finally certification costs, should add a cost burden of a couple of dollars but are being sold at a premium, all the market can bear. What's not apparent is the cost of data loss, other than bad press. We find interesting cases, such as in aviation security where we find from Professor Mueller that the cost in terms of lives saved with the Transportation Security Agency is 15 times higher than their value by protection by other means[3], indicating we have an enormous white elephant, there. How do we prevent the inadvertent replication of waste in another large area of government mandated security? Balancing the apparent lack of adherence to current privacy laws and the potential cost of a bureaucracy dedicated to measuring quanta of privacy data, regulating the balance of taxes owed, offsets by encryption, tracking the acquisition of privacy data, it's proper and approved retirement or
Surveillance, secrecy, and ebay
One of the less-discussed risks of widespread surveillance is not just the abuse or misuse of intercepted content and meta- data by the government, but its accidental disclosure. As more and more private data gets collected, and as it sits around for longer and longer, it becomes inevitable that some of it will end up in surprising places. No malice is required; it's practically impossible to avoid. And this is not merely a hypothetical concern. Case in point: I recently indulged myself with a used Nagra SNST tape recorder, a beautifully-engineered miniature reel-to-reel device that was especially popular with law enforcement and intelligence agencies from the 70's to the 90's. (Hey, I'm a old-school geek -- I like gadgets.) The recorder came with with a tape reel, which I had assumed was blank or erased. But a couple of days ago, I decided to double check just to be sure. To my surprise, the the tape wasn't blank at all. It contained a recording of a wired confidential informant being sent out to buy drugs on behalf of a state police agency in 1996. The recording was pretty innocuous and boring, to be honest (the deal never happened, and most of the tape is the sound of a car being driven to the buy location). But there was a disturbing element: the tape contained the full names of both the suspect and the supposedly confidential informant! I've got an MP3 of the tape on my blog. The names of the hapless informant and suspect have been muted out in the name of good sense: http://www.crypto.com/blog/watching_the_watchers_via_ebay/ Unfortunately, this is hardly an isolated incident; this sort of inadvertent disclosure of sensitive information -- stuff that could cause people real harm -- happens all the time. And law enforcement agencies can be among the most carless offenders. A couple of years ago, when my grad students and I were studying telephone wiretaps and were buying up surplus law enforcement wiretapping gear, we were disturbed to discover that almost none of the equipment we bought had been sanitized before being sold off. Pen registers bought from several different agencies (on ebay and other places) generally were delivered in the state in which they were last used, configured complete with suspect's telephone numbers and call detail records None of this should be terribly surprising. It's becoming harder and harder to destroy data, even when it's as carefully controlled as confidential legal evidence. Aside from copies and backups made in the normal course of business, there's the problem of obsolete media in obsolete equipment; there may be no telling what information is on that old PC being sent to the dump, where it might end up, or who might eventually read it. More secure storage practices -- particularly transparent encryption -- can help here, but they won't make the problem go away entirely. Once sensitive or personal data is captured, it stays around forever, and the longer it does, the more likely it is that it will end up somewhere unexpected. This is yet another reason why everyone should be concerned about large-scale surveillance of the kind recently authorized by Congress; it's simply unrealistic to expect that the personal information collected will remain confidential for very long. -matt - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]