How Data Retention Makes Us Less Secure

from the security-is-contextual dept

We've already discussed how Congress appears to be moving forward with a nasty data retention bill disguised as an anti-child porn bill. There are all sorts of problems with the bill, including the likelihood that it will be massively abused by the government (which is why bill opponent Rep. Zoe Lofgren offered an amendment to rename the bill from the misleading Protecting Children from Internet Pornographers Act to the more accurate "Keep Every American's Digital Data for Submission to the Federal Government Without a Warrant Act of 2011"). Julian Sanchez, (who's suggested bill renaming is "Forcing Your Internet Provider to Spy On You Just In Case You're a Criminal Act of 2011") separately highlights another issue: how much less secure this will make data.

While most people, who are worried about this law, are reasonably concerned about how the government will spy on your data, an equally problematic issue is that this will make all of our data less secure. If you're wondering how merely retaining data can make it less secure, Sanchez explains how context matters in security, and if you increase the value of the payload, even without changing the absolute security, you've decreased actual security, by making yourself a bigger target:
If I started storing big piles of gold bullion and precious gems in my home, my previously highly secure apartment would suddenly become laughably insecure, without my changing my security measures at all. If a company significantly increases the amount of sensitive or valuable information stored in its systems — because, for example, a government mandate requires them to keep more extensive logs — then the returns to a single successful intrusion (as measured by the amount of data that can be exfiltrated before the breach is detected and sealed) increase as well. The costs of data retention need to be measured not just in terms of terabytes, or man hours spend reconfiguring routers. The cost of detecting and repelling a higher volume of more sophisticated attacks has to be counted as well.

One very simple security measure a company can practice, then, is to simply avoid retaining enough data to attract the interest of the most skilled professionals (or, alternatively, those willing to hire out botnets to aid their attacks). Because the adequacy of a security system is always a function of the payoff of breach to the attacker, then, privacy is an important component of security, as well as a value worth respecting for its own sake.
This is a point that I fear many involved in this debate are totally ignoring.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    icon
    Richard (profile), Aug 3rd, 2011 @ 12:58pm

    9/11

    To me the most obvious and immediate lesson of 9/11 was "Don't create big targets"

    If only our politicians learned Go (like the Japanese used to) they would have learned that lesson.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      el_segfaulto (profile), Aug 3rd, 2011 @ 1:33pm

      Re: 9/11

      In all fairness, I think Chutes and Ladders (espousing Socialism) and Candyland (there's a Republican joke in there somewhere) may be a little much for our leaders in the U.S.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2011 @ 1:01pm

    Rep. Zoe Lofgren...

    obviously doesn't know who play well with the rest of Congress and should be removed.
    /s

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Josh in CharlotteNC (profile), Aug 3rd, 2011 @ 1:28pm

      Re: Rep. Zoe Lofgren...

      90% of our Senators and Representatives don't know how to play well with our rights, nor the truth, and should be removed.

      not /s

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    jupiterkansas (profile), Aug 3rd, 2011 @ 1:13pm

    and they will keep continuing to ignore it until it's too late, the security is breached, and massive amounts of data are pilfered. And their response will be - no not shame, but arrogance - and more laws to punish the evil doers who now pose a more serious threat to everyone thanks to the government's actions. No matter what happens, the government wins, and the people lose.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2011 @ 1:13pm

    How much data is actually retained already? Wouldn't you need to know that for comparison?

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      el_segfaulto (profile), Aug 3rd, 2011 @ 1:38pm

      Re:

      You hit a tangential nail on the head. The world's servers process 10ZB of data every year. Now, not all of that is web traffic but even if it does account for an appreciable percentage of that I can easily see a time when we as a society begin drowning in our own useless knowledge. By useless knowledge I mean the fact that I visited a certain site at a certain time with a certain browser, not the knowledge of the fact that Hippopotomonstrosesquippedaliophobia is the fear of long words.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2011 @ 1:23pm

    One of the ways to avoid issues is to create data retention systems that are not online systems. That is to say that the systems are unidirectional (you can write, but cannot read), and make the systems themselves not part of the actual accessible network.

    Encrypt everything, use the old aes256, and make it unaccessible. Make the only way that you can read the data to be going on site, using a non-networked computer, etc. Archive it to non-active materials (tape, discs, whatever) and take it offline on a daily basis.

    The biggest issue is data the is retained and kept online. You can retain data with minimal risks, but you have to take the right steps.

    Honestly, most people's browser cache would be way more at risk.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Richard (profile), Aug 3rd, 2011 @ 1:43pm

      Re:

      What you are proposing is indeed quite secure - but at the price of a greatly increased the cost of access for "legitimate" users. That is always the trade-off with security and your idea does nothing to get around it.

      Do you really think that your "write only memory" would be acceptable to those who want access to the data?

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Aug 4th, 2011 @ 9:35am

        Re: Re:

        Those who want to access the data would do it through non-networked systems (on site) or by physically transporting the archived data to a viewing site. This isn't data that would be looked at every day, would it?

        The costs? Not really much higher, it only requires some attention to detail to get it done right.

         

        reply to this | link to this | view in chronology ]

    •  
      icon
      Nathan F (profile), Aug 3rd, 2011 @ 3:43pm

      Re:

      Also run into the problem of storage space. Tapes disks whatever all take up physical space that you have to keep secure and organized.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    DogBreath, Aug 3rd, 2011 @ 1:23pm

    Once a stockpile of data of one (or more) of the Members of Congress is leaked...

    watch how fast they'll do an about face and change the law.

    Oh they'll still require the law to keep collecting data on everyone else, but just make it a federal crime for ISPs to keep logs on Members of Congress.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jay (profile), Aug 3rd, 2011 @ 1:37pm

    Why has no ISP thought to do one thing better and begin encrypting data?

    This way, they don't have to keep logs?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2011 @ 1:39pm

    Newsflash... Your ISP already retains IP to user data, and some for several months; that's all this proposed legislation requires. Comcast saves that data for at least 6mo.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2011 @ 1:39pm

    "Disguised?" Well that's charitable.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Jon Renaut (profile), Aug 3rd, 2011 @ 1:43pm

    Not so compelling

    I don't find this argument as compelling as others - the data could always be stored offline (not that the law requires this, but still). I think it's dangerous to start piling on more and more arguments after someone like Rep Lofgren has already presented real problems stemming from the law.

    Every argument that can be dismissed as "well, we can do X to fix that" weakens the overall objection to the law.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    vastrightwing, Aug 3rd, 2011 @ 1:51pm

    Security by obscurity

    The answer here is to have a job running on your IP address which dilutes all your real data with junk data, thus making data mining useless. That is, while you surf the internet, you have a data job running in the background which randomly crawls Google and makes random search engine requests. Then fetch the random page. This will effectively fill up the ISP logs and make finding your true web page visits effectively impossible to determine. Of course this is a complete waste of resources, but this is what it's coming to in order to have any sort of privacy.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Chosen Reject (profile), Aug 3rd, 2011 @ 3:06pm

      Re: Security by obscurity

      You're plan would work absolute wonders in keeping a marketer from knowing anything about you for certain (though that's not necessarily the case).

      However, it could and eventually would most likely backfire in keeping law enforcement from finding something to hit you with, whether it be child porn (unlikely unless you're randomly crawling some really seedy places), copyright infringement, or even significant number of visits to extremist groups. Perhaps they'll even hit you with a CFAA charge a la a ToS violation.

      If they want to hit you with something, anything they find will be used against you. In fact, claiming in court that you set up a system will probably not win you many friends on the jury that will be told "if the defendant didn't have anything to hide, why did he go so far to cover it up?"

      No, the answer is to abort this bill before it becomes law. Letting it pass and then trying to obfuscate your data is not the answer.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 18th, 2011 @ 12:45am

      Re: Security by obscurity

      Make this happen

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Aug 18th, 2011 @ 12:46am

      Re: Security by obscurity

      Make this happen

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Rich Kulawiec, Aug 3rd, 2011 @ 2:29pm

    I've made the same point repeatedly; here's the latest version

    (This was in response to Violet Blue's column on the topic.)

    Everything you said is true. But it's worse than that: they're building
    a target. Or, rather, many targets. Let me explain.

    Personal information has value: to advertisers, to marketers, to spammers,
    to phishers, to actual real live pedophiles, to disgruntled ex-boyfriends,
    to insurance companies, to extortionists, to all kinds of people.

    And let me pause to interject: it's no comfort at all to hear that
    it's "not personally identifiable". As recent research has shown us,
    pointedly, when enough disparate data sources are combined, that becomes
    wishful thinking.

    So there are people who have uses for this data...and are willing to pay
    for it. Therefore there WILL be a market for it, just like there are
    markets for everything else illicit on the 'net, e.g., custom spamming
    software.

    And since there will be a market for it, there will be buyers...and
    sellers.

    Some of the sellers will be crooked ISPs who are willing to sell their
    own users out to anyone with cash-in-hand. (My bet: Comcast and
    Verizon will fall all over themselves to do this.) But some of them
    will be ISP employees, who will have access to it and will be more than
    happy to exchange a USB stick or ten, stuffed with compressed log files,
    for an envelope of tax-free income.

    Then there will be a secondary market: crafty people who are willing
    to buy data from a few dozen sources and combine, correlate, reduce,
    filter, enhance it -- and then sell that composite product. (If I have
    the logs that indicate what DNS queries you've run, then I can make
    good guesses at what web sites you visit...or perhaps have logins on...
    your email provider, your social network, your IM accounts, etc. I can
    then search those, one at a time or via Google. The more I know about
    you, the more I *can* know.) And of course these same crafty people
    know all about credit cards -- so they'll be able to produce individual
    dossiers that make it very easy to perform competent identity theft.

    And since (putatively) we're talking about pedophiles here: think of
    the possibilities for them.

    This idiotic bill puts ISPs in the position of building targets:
    big stationary highly attractive targets that everyone will *know*
    they have.


    And let me interject once again: there's no reason at all to be reassured
    by ANYONE'S claim that they'll be kept "securely". LulzSec/AntiSec have
    been pulling the shorts of one government security contractor after
    another over their heads for months, and they're not even trying hard.
    Determined adversaries will go right through whatever inept "security"
    is put in place around this.

    So here's what'll happen: the information will be collected. Some of
    it will be collected incorrectly, people will get doors kicked down
    because a network monitoring script mangled an IP address. Some of
    it will be sold by ISPs, some by ISP employees. Insurance companies
    will cancel policies, abused wives will be stalked by crazy ex-husbands,
    pedophiles will select targets, etc. Big chunks of data will be bought
    and sold at places like the Russian Business Network (which, by the way,
    is not as gone as people wish it were). The end result will be a privacy
    and security nightmare for everyone...and it will increase, not decrease,
    the risks to the children that it supposedly protects.

    Oh, and the politicians responsible will pat themselves on the back
    and take credit for it. And when it all goes wrong...they will use
    that time-honored phrase of spokesliars everywhere:

    "...and nobody could have foreseen..."

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 3rd, 2011 @ 2:47pm

    For a long time I have been successful in not worrying about identity theft nor funds theft. This has been possible by lack of providing info either on the net or on the computer. That data can not be lifted from your computer without it being there. It is a sure fire method to prevent that data from getting out. Simply if it is not there to be found, it can't be gotten.

    What I have no control over is someone else storing data on me from compiled sources. Putting them into data storage sections for anyone to find is not my idea of security.

    Hackers hack into banks and credit card data for a reason. Because it is usually there in large numbers. It's the big target complete with painted bullseye.

    This is the typical government solution when government gets involved. The result is more expense for the owner of the net account to pay for the people and equipment this will take to comply and at the same time, more targets for opportunity awaiting those eager to get hands on data that shouldn't be there.

    Apparently no one has learned anything about the cell phone hacking done by World News nor the Murdoc corporations.

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Almost Anonymous (profile), Aug 3rd, 2011 @ 3:08pm

    Stop sandbagging.

    """This is a point that I fear many involved in this debate are totally ignoring."""

    "Fear" is not the right word. Replace with "know". Also, while you are at it, as far as congress-critters are concerned, change "many" to "all". There, fixed that for ya.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    r.roborovsky, Aug 3rd, 2011 @ 3:33pm

    Retaining Data makes us vulnerable to hacking and theft

    I'm in favor of data volatility, ISP's would erase data after a short period and keep us safer from identity theft and hacking. Data retention would only make each of us vulnerable to unauthorized viewing. Why not make the punishment for pedophilia more unsavory instead? Eunuchization of pedophiles and sex offenders would be appropriate IMHO, just a little surgery and the problem is addressed permanently?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    FuzzyDuck, Aug 3rd, 2011 @ 3:59pm

    We already have this sh*t in Europe

    Meanwhile we have had data retention in Europe for many years already. Officially introduced to "fight terrorism and child porn". I still have to see a report on how many acts of terror this system has prevented, or how many pedophiles it caught. I am willing to bet the answer is something close to zero in both cases.

    I also heard from someone who worked at my ISP, that it was pretty easy to look into the logs. Apparently they are not treated as highly sensitive information.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Aug 4th, 2011 @ 12:03am

    The amount of data equals to the attractiveness of intruders

    This is the same argument that I made when discussing the security considerations in cloud computing.

    Putting everything hackers need into one place seems a bit too convenient for them.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Richard (profile), Aug 4th, 2011 @ 2:27am

      Re: The amount of data equals to the attractiveness of intruders

      This is the same argument that I made when discussing the security considerations in cloud computing.

      Putting everything hackers need into one place seems a bit too convenient for them.


      That is not how the cloud is supposed to work. That is just a centralised computer system right out of the 1960's. Unfortunately big corporations have hijacked and distorted the "cloud" idea and are trying to use it as an instrument of control.

       

      reply to this | link to this | view in chronology ]

  •  
    icon
    Any Mouse (profile), Aug 4th, 2011 @ 5:31am

    Bonfire?

    Keep the info on paper tape and punch cards, and refuse to offer assistance sifting through the data when the government comes calling. Then, every three months or so after expiry has been reached, have a big ol' bonfire for the community. Hot dogs, hamburgers, balloons for the kids, maybe an origami contest...

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    gorehound (profile), Aug 4th, 2011 @ 8:40am

    Doing this to us is bullshit.As much as I do not want to see it if it goes thru I hope a group hacks their damn spying database and releases it on TPB.the would be a big fuck you to the 1984 government who has no right to do this spying bs on us citizens.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Allan R. Wallace, Aug 8th, 2011 @ 12:57pm

    Data Valuation to cyber-Attackers

    If there is something of value on your system it has likely already been penetrated. How was that value discovered?

    Is it IT's thankless task to train executives to avoid poorly examined actions and making statements that inflame hacker anger or expose the value of a cyber-attack?

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This