How Data Retention Makes Us Less Secure
from the security-is-contextual dept
We've already discussed how Congress appears to be moving forward with a nasty data retention bill disguised as an anti-child porn bill. There are all sorts of problems with the bill, including the likelihood that it will be massively abused by the government (which is why bill opponent Rep. Zoe Lofgren offered an amendment to rename the bill from the misleading Protecting Children from Internet Pornographers Act to the more accurate "Keep Every American's Digital Data for Submission to the Federal Government Without a Warrant Act of 2011"). Julian Sanchez, (who's suggested bill renaming is "Forcing Your Internet Provider to Spy On You Just In Case You're a Criminal Act of 2011") separately highlights another issue: how much less secure this will make data.While most people, who are worried about this law, are reasonably concerned about how the government will spy on your data, an equally problematic issue is that this will make all of our data less secure. If you're wondering how merely retaining data can make it less secure, Sanchez explains how context matters in security, and if you increase the value of the payload, even without changing the absolute security, you've decreased actual security, by making yourself a bigger target:
If I started storing big piles of gold bullion and precious gems in my home, my previously highly secure apartment would suddenly become laughably insecure, without my changing my security measures at all. If a company significantly increases the amount of sensitive or valuable information stored in its systems — because, for example, a government mandate requires them to keep more extensive logs — then the returns to a single successful intrusion (as measured by the amount of data that can be exfiltrated before the breach is detected and sealed) increase as well. The costs of data retention need to be measured not just in terms of terabytes, or man hours spend reconfiguring routers. The cost of detecting and repelling a higher volume of more sophisticated attacks has to be counted as well.This is a point that I fear many involved in this debate are totally ignoring.
One very simple security measure a company can practice, then, is to simply avoid retaining enough data to attract the interest of the most skilled professionals (or, alternatively, those willing to hire out botnets to aid their attacks). Because the adequacy of a security system is always a function of the payoff of breach to the attacker, then, privacy is an important component of security, as well as a value worth respecting for its own sake.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: data retention, privacy, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
9/11
If only our politicians learned Go (like the Japanese used to) they would have learned that lesson.
[ link to this | view in chronology ]
Re: 9/11
[ link to this | view in chronology ]
Rep. Zoe Lofgren...
/s
[ link to this | view in chronology ]
Re: Rep. Zoe Lofgren...
not /s
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Encrypt everything, use the old aes256, and make it unaccessible. Make the only way that you can read the data to be going on site, using a non-networked computer, etc. Archive it to non-active materials (tape, discs, whatever) and take it offline on a daily basis.
The biggest issue is data the is retained and kept online. You can retain data with minimal risks, but you have to take the right steps.
Honestly, most people's browser cache would be way more at risk.
[ link to this | view in chronology ]
Re:
Do you really think that your "write only memory" would be acceptable to those who want access to the data?
[ link to this | view in chronology ]
Re: Re:
The costs? Not really much higher, it only requires some attention to detail to get it done right.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Once a stockpile of data of one (or more) of the Members of Congress is leaked...
Oh they'll still require the law to keep collecting data on everyone else, but just make it a federal crime for ISPs to keep logs on Members of Congress.
[ link to this | view in chronology ]
This way, they don't have to keep logs?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
The proposed law could require ISP's to keep much more than that:
Opponents argued that despite Smith’s assurances that the collected information would be limited to IP addresses, the measure could potentially force Internet providers to gather names, addresses, credit-card numbers, and other private data.
- House Panel Approves Child-Porn Bill, Despite Data-Privacy Concerns
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Not so compelling
Every argument that can be dismissed as "well, we can do X to fix that" weakens the overall objection to the law.
[ link to this | view in chronology ]
Security by obscurity
[ link to this | view in chronology ]
Re: Security by obscurity
However, it could and eventually would most likely backfire in keeping law enforcement from finding something to hit you with, whether it be child porn (unlikely unless you're randomly crawling some really seedy places), copyright infringement, or even significant number of visits to extremist groups. Perhaps they'll even hit you with a CFAA charge a la a ToS violation.
If they want to hit you with something, anything they find will be used against you. In fact, claiming in court that you set up a system will probably not win you many friends on the jury that will be told "if the defendant didn't have anything to hide, why did he go so far to cover it up?"
No, the answer is to abort this bill before it becomes law. Letting it pass and then trying to obfuscate your data is not the answer.
[ link to this | view in chronology ]
Re: Security by obscurity
[ link to this | view in chronology ]
Re: Security by obscurity
[ link to this | view in chronology ]
I've made the same point repeatedly; here's the latest version
Everything you said is true. But it's worse than that: they're building
a target. Or, rather, many targets. Let me explain.
Personal information has value: to advertisers, to marketers, to spammers,
to phishers, to actual real live pedophiles, to disgruntled ex-boyfriends,
to insurance companies, to extortionists, to all kinds of people.
And let me pause to interject: it's no comfort at all to hear that
it's "not personally identifiable". As recent research has shown us,
pointedly, when enough disparate data sources are combined, that becomes
wishful thinking.
So there are people who have uses for this data...and are willing to pay
for it. Therefore there WILL be a market for it, just like there are
markets for everything else illicit on the 'net, e.g., custom spamming
software.
And since there will be a market for it, there will be buyers...and
sellers.
Some of the sellers will be crooked ISPs who are willing to sell their
own users out to anyone with cash-in-hand. (My bet: Comcast and
Verizon will fall all over themselves to do this.) But some of them
will be ISP employees, who will have access to it and will be more than
happy to exchange a USB stick or ten, stuffed with compressed log files,
for an envelope of tax-free income.
Then there will be a secondary market: crafty people who are willing
to buy data from a few dozen sources and combine, correlate, reduce,
filter, enhance it -- and then sell that composite product. (If I have
the logs that indicate what DNS queries you've run, then I can make
good guesses at what web sites you visit...or perhaps have logins on...
your email provider, your social network, your IM accounts, etc. I can
then search those, one at a time or via Google. The more I know about
you, the more I *can* know.) And of course these same crafty people
know all about credit cards -- so they'll be able to produce individual
dossiers that make it very easy to perform competent identity theft.
And since (putatively) we're talking about pedophiles here: think of
the possibilities for them.
This idiotic bill puts ISPs in the position of building targets:
big stationary highly attractive targets that everyone will *know*
they have.
And let me interject once again: there's no reason at all to be reassured
by ANYONE'S claim that they'll be kept "securely". LulzSec/AntiSec have
been pulling the shorts of one government security contractor after
another over their heads for months, and they're not even trying hard.
Determined adversaries will go right through whatever inept "security"
is put in place around this.
So here's what'll happen: the information will be collected. Some of
it will be collected incorrectly, people will get doors kicked down
because a network monitoring script mangled an IP address. Some of
it will be sold by ISPs, some by ISP employees. Insurance companies
will cancel policies, abused wives will be stalked by crazy ex-husbands,
pedophiles will select targets, etc. Big chunks of data will be bought
and sold at places like the Russian Business Network (which, by the way,
is not as gone as people wish it were). The end result will be a privacy
and security nightmare for everyone...and it will increase, not decrease,
the risks to the children that it supposedly protects.
Oh, and the politicians responsible will pat themselves on the back
and take credit for it. And when it all goes wrong...they will use
that time-honored phrase of spokesliars everywhere:
"...and nobody could have foreseen..."
[ link to this | view in chronology ]
What I have no control over is someone else storing data on me from compiled sources. Putting them into data storage sections for anyone to find is not my idea of security.
Hackers hack into banks and credit card data for a reason. Because it is usually there in large numbers. It's the big target complete with painted bullseye.
This is the typical government solution when government gets involved. The result is more expense for the owner of the net account to pay for the people and equipment this will take to comply and at the same time, more targets for opportunity awaiting those eager to get hands on data that shouldn't be there.
Apparently no one has learned anything about the cell phone hacking done by World News nor the Murdoc corporations.
[ link to this | view in chronology ]
Stop sandbagging.
"Fear" is not the right word. Replace with "know". Also, while you are at it, as far as congress-critters are concerned, change "many" to "all". There, fixed that for ya.
[ link to this | view in chronology ]
Retaining Data makes us vulnerable to hacking and theft
[ link to this | view in chronology ]
We already have this sh*t in Europe
I also heard from someone who worked at my ISP, that it was pretty easy to look into the logs. Apparently they are not treated as highly sensitive information.
[ link to this | view in chronology ]
The amount of data equals to the attractiveness of intruders
Putting everything hackers need into one place seems a bit too convenient for them.
[ link to this | view in chronology ]
Re: The amount of data equals to the attractiveness of intruders
Putting everything hackers need into one place seems a bit too convenient for them.
That is not how the cloud is supposed to work. That is just a centralised computer system right out of the 1960's. Unfortunately big corporations have hijacked and distorted the "cloud" idea and are trying to use it as an instrument of control.
[ link to this | view in chronology ]
Bonfire?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Data Valuation to cyber-Attackers
Is it IT's thankless task to train executives to avoid poorly examined actions and making statements that inflame hacker anger or expose the value of a cyber-attack?
[ link to this | view in chronology ]