Category: Encryption

  • The Chinese Wall that Isn't

    I used to work at a Swiss bank. At investment banks they have a virtual Chinese wall that exists between folks who do deals and the trade floor for obvious reasons.

    At my bank, and this is back in 2000/2001, the people who did the deals and those who traded shared elevators, lunch rooms, pubs and so on. So you can imagine the level of cross pollination.

    The US government, just another organization, has been given the green light to dig through your data if you’re storing that data in the cloud with Google using, for example, Google Drive, Google Docs or GMail. We’re trusting that they’ll keep their perusals limited to national security concerns and not tax enforcement, criminal investigation, foreign intelligence gathering or background checks and won’t leak data to credit rating agencies or anyone else. The old virtual Chinese wall.

    The latest development with Google sets a precedent for other companies and their obligation to hand over data to government employees. That includes Dropbox, Intuit and their web based Quickbooks app, Facebook and so on. The trove of data the government now has access to makes the NSA’s traditional intelligence gathering look positively pedestrian. Oh for the good old days of Echelon.

    As Google’s executive chairman once said, “If you don’t have anything to hide, you have nothing to fear.”.

    This was where I was going to end this post. But lets take this idea a little further. Lets assume underpaid government employees are rifling through our data and habeas corpus is still as optional as extraordinary rendition. If you’re like me and are, at least in your own eyes, basically a good guy or girl, what’s the best thing you can do to prevent being falsely accused of something?

    In a future world where people who have the power to accuse and convict are reading your docs, you can encrypt, encapsulate, misdirect, protest and so on. Or another approach is to provide an overwhelming amount of data on who you are, what you’re up to, what your views are, who you associate with, what you buy and so on. Remove all ambiguity on whether you’re a good or bad person. Essentially open source your life to avoid accusation.

    I’m not sure what the right approach is, but as counterintuitive as it seems, I tend to favor the latter.

  • The Rise of the Data Smuggler

    I always thought the idea of physically smuggling data was absurd. Even physically transporting data seemed silly to me because if you have broadband you can simply upload or download it. For really big data I have a gigabit connection at a data center where I rent space, so sometimes I’ll do a massive download and just show up at the facility with a 1.5 terrabyte drive and hit the local Starbucks while it takes a few minutes to copy over what I’ve downloaded.

    I have either given or thrown away countless USB thumb drives I’ve been given as gifts from Google AdWords and other companies. What’s the point?

    Two things changed my mind about why physically transporting data is interesting. A conversation with Sebastian Thrun (creator of Google Street View) that I had a few years back where he told me that Fedexing data is, and probably always will be, the highest bandwidth way of moving data around. That’s why Google uses Fedex to send hard drives from their Street View vans back to headquarters.

    The second thing that changed my mind was a new law in the UK that makes it illegal to not hand over encryption keys if the police want to decrypt your data. The penalty is two to five years in prison for simply refusing to hand over the keys. The logical outcome is that a lot of energy will now be spent on hiding the existence of encrypted data.

    I think two fields will emerge. The first is the art of hiding encrypted data when transferring it across a wire. If time is not a factor then this may be the way to go. Simply altering the sequence or transmission times of TCP packets can encode data, although it will be very low bandwidth.

    The second area where I think you’ll see more activity is the physical hiding of data. The reason I think more energy will be spent in this area is because it allows for very high bandwidth. If you can hide a 2 terrabyte drive and take a 6 hour journey to get it fro A to B, your bandwidth is 776 Megabits per second. Try and get that on your cable modem or ADSL link.

    Data storage devices that self destruct aren’t interesting when it comes to solving this problem. A self destructing drive lets police know that you have data that you never allowed them to decrypt, so presumably you’ll get your 2 to 5 years. The data needs to be invisible.

    Storing data on or inside your body may be one solution. According to Scientific American:

    The human brain consists of about one billion neurons. Each neuron forms about 1,000 connections to other neurons, amounting to more than a trillion connections. If each neuron could only help store a single memory, running out of space would be a problem. You might have only a few gigabytes of storage space, similar to the space in an iPod or a USB flash drive. Yet neurons combine so that each one helps with many memories at a time, exponentially increasing the brain’s memory storage capacity to something closer to around 2.5 petabytes (or a million gigabytes). For comparison, if your brain worked like a digital video recorder in a television, 2.5 petabytes would be enough to hold three million hours of TV shows. You would have to leave the TV running continuously for more than 300 years to use up all that storage.

    I’m not sure I would want to upload data directly to my brain, lest I overwrite the breathing function. But biological data storage is clearly worth looking at if your intent is to hide data.

    So maybe Johnny Mnemonic wasn’t so absurd after all: