I work for you. You’re paranoid.

This image is an excerpt from Microsoft senior security strategist Steve Riley‘s “It’s 11:00 PM—Do You Know Where Your Data Is?” presentation at TechEd New Zealand. If you haven’t seen Steve present before, then this should give you a good idea of his style presentation.

iworkforyou.jpg

I work for you. You’re paranoid.
You want me to update a document, but you’re terrified I will “steal” the information in that document somehow.
You secured your data against someone copying the contents. You don’t want it printed, so you’ve taken away my printer.
You’ve disabled the CD-Writer and the Floppy Disk drive.
You block USB pen-drives from being installed.
I’ve just taken a photograph of my screen, with your secret document open on the desktop.
Your move.

Unfortunately Steve doesn’t have a solution to this problem, yet.

36 insightful thoughts

  1. Does it mean that no matter how much you secure your system – TPM, EFS, BitLocker, and all these security tools… you can still take a photograph of the document on someone’s screen? *-)

  2. @Zack: You’re thinking too much into it. This can mean several things. People will always try to get around security. There will always be flaws. Complex security systems can be compromised by primitive technology.

  3. > Unfortunately Steve doesn’t have a solution to this problem, yet.

    You mispelled “Fortunately”.

    Seriously: Does not the fact that no authoritarian government, company, or organization has yet found a way to selectively prevent any and all ability to exchange information contribute to why 1984 *wasn’t* like 1984 (Steve Jobs’ jab at IBM nonwithstanding)? Would you really like to live in a world where governments have the ability to close the analogue hole?

  4. If you say to a kid “don’t touch that”, you can be sure he’ll try to touch it. Is the same thing with security!

  5. I believe that some of the more “paranoid” (or companies that really need to keep data secret) prevent cameras being taken into buildings as well. Of course, searching every employee for a camera isn’t a viable option for most companies, and the rise of mobile phones with cameras has made the whole task more difficult anyway.

  6. @Long
    thanks for this funny news 🙂

    [off topic begins]
    is it possible that you make a news about the performance of windows server 2008 and the implications of its kernel to vista? id love to read about that. i really wonder if that can improve vista’s performance.
    ive tried windows server 2008 june build and i was amazed how responsive and quick it is. definately running better (in my personal opinion) than vista.
    any chance? 🙂
    [off topic ends]

  7. Wasn’t it Andy Grove of Intel who wrote a book titled, “Only theParanoid Survive.” Though I agree with the cat-and-mouse game that this screen-shot (literally) implies. But, that is no reason to stop working on security.

  8. Reminds me of when I was working in ASIC design, and we were evaluating a new processor to use in our chip.

    The company (that I shall call company X) technical sales rep turned up in our office with a Sun workstation with the USB ports blocked off, no serial port, no parallel port, DVD and floppy drive removed, etc and the case padlocked shut with a steel cable … at which point he proudly proclaimed “we’ve got to protect our intellectual property, let’s see you get information off that machine”, with a big smile on his face.

    One of my team then piped up – “that’s fine, we’ll just take a digital photo of the source code being displayed on the nice monitor you provided, then run it through optical character recognition”.

    The sales rep smile faded. Fast.

    Lesson of the day – never EVER throw do a gauntlet like that to an office full of engineers.

  9. Does anyone here realize that taking a snap of the screen with a camera overrides all security technologies? This includes TPM, BitLocker, EFS, IRS, “Vista Ultimate Security”, etc.

    Oops, I nearly forgot that human memory overrides these too 🙂

  10. I believe that some of the more “paranoid” (or companies that really need to keep data secret) prevent cameras being taken into buildings as well. Of course, searching every employee for a camera isn’t a viable option for most companies, and the rise of mobile phones with cameras has made the whole task more difficult anyway.

    Indeed – in fact here in Australia people who work in any government department that require any kind of security clearance (more than you’d think do) have to leave their camera phones at the front desk.

  11. The technologies metioned are digital protections in the digital world, they are for protecting documents from being copied and read by those that are not authorized.

    Taking a picture does not void these technologies, taking a picture requires you to be physically on location in front of someones open desktop that is displaying the supposedly protected document.

    If someone can gain access that way then you have a whole other problem and you really need to get some locks for your office, or just put a password on you screensaver and maybe even a security guard for your building.

    Although, if they can gain access that way they can jsut steal your harddrive or the whole computer instead.

  12. Foo. The issue is trust. And trust is a a social issue. Social issues cannot be solved through technology. And as such, interpersonal trust cannot be replaced by technology.

    Sure, you can can have your emplyoees make surveye each other and foster a climate of ultimate distrust, but at which price? And who watches the watchers?

    Quintessence: If I do not trust my employee enough to keep NDA information confidential, then I should not trust them with such tasks. Tough call, welcome to the reallife.

  13. The human memory issue is the kicker here. Even if you searched people for cameras, or even made sure they didn’t copy information down with a pen and paper, you’re still going to wind up with some guy with a photographic memory.

    But even that isn’t the real point. The kind of “secret data” that companies might get into this kind of paranoid tizzy over is usually CREATED by the very people they’re worried about stealing it. It’s not unusual for an NDA or some other terms of employment to require people to waive the rights to IP they create for someone else– but if they are doing the physical/mental work to produce the data, you certainly can’t force them to purge their own memories of their work.

    If they make something, they’re probably going to be familiar with it, and there’s nothing anybody can do about that, until memory-erasing rays come on the market. Most projects don’t have the kind of schedule that would require complex development within a single work day, so all a potentially dishonest employee would have to do to “steal” his own work would be to memorize the parameters of the task he was asked to perform, then do duplicate work on it at night and on weekends, on his own machine– where nobody from work can get at it (hopefully).

    But the point all the security alarmists miss is that even if somebody does make off with IP and use it for their own purposes…well, that’s what contracts and NDAs are for. The COURTS are there to protect and redress this stuff.

    Some guy designs a million-dollar patent that he actually signed away the rights to already cause he was making the damn thing for you? Well, fine. Sue him, get the million dollars (plus legal fees) and thank him for saving you the production costs you would have spent making the thing yourself.

    Looking at it that way, provided you have kick-ass lawyers, it’d be nothing short of a WINDFALL every time someone steals something.

  14. Quote: “Unfortunately Steve doesn’t have a solution to this problem, yet”….

    Com’on, we already have built-in camera’s on our laptop, therefore we can record every move within its perimeter. And ofcourse, we do this only on times when we are opening highly confidential data, wherein you want every activities to be recorded/logged…

    You will never know the importance of security unless somebody screwed up your valuable data.

  15. If you want to keep secrets, be prepared to go all the way. After the Pharaoh’s engineers finished the pyramids, he had them killed so grave robbers wouldn’t know where to find treasures. Today when the engineer completes the code for a fighter radar or key satellite system, he has a stroke or car wreck or is bludgeoned to death by a junkie wielding a can of spam. Security is easy if you are ruthless enough. If you think that governments and corporations don’t dabble in murder when the situation warrants, think again.

  16. You work for me, you’re irresponsible.

    I want you to update a document but I want to be sure that you dont messup and lose your laptop/usb key/floppy like you always usually do.

    I would prefer to know that, even when you somehow manage to mess up looking after sensitive information, that it will not find its way into the wrong hands of someone competent. If you printed it out you would probably lose it in the same way you misplace every report I ask for.

    I’ve disabled the CD-Writer, USB Pens and the Floppy Disk drive because it would be stupid to try and protect something from your own stupidity by letting you put it on your ipod or some other small, lose able, unencrypted device.

    You’ve just taken a photograph of your screen, with our secret document open on the desktop. And posted it on the net. Nice going!

    I’ve just taken a box and had all your personal effects left at reception with your Pink Slip.

    Move on.

  17. That’s just like my school’s computers (Mt. Roskill Grammar School, Auckland, New Zealand)

  18. Hell, with the technology available today, who needs a photo of the screen? Unless its emissions are controlled, they can be read and reproduced from the office car park…..

  19. Uh, you guys are looking into this from the normal end user perspective.

    Yeah, there’s reasons that the IT department locks down the companies computers. One of the biggest reasons is because the general end user is a total moron who uses the company machine for their own personal use. When this happens, they go to websites that infect their machines with crap like WinAntivirusPro, they install software that load software and don’t have the common sense to uncheck the “install Yahoo bar”, install “google bar”, install this and that.

    The reason that machines are locked down is because the general user lacks any and all common sense to actually protect their data. I could give two caca’s about users taking pictures of their screens, big deal. They cannot be trusted with their machines. Plain and simple.

  20. Justin you’re not seeing the point. It is the fact that no matter what you do to protect a confidential document from being copied or stored, a simple picture will bypass all of those security measures for copying.

  21. The point is here that ONCE you give access to a document or some information to someone then they can, if they wish, completely copy it.

    However, this voids no existing security measures, which prevent UNTRUSTED people getting access to the information in the first place. As soon as you share trusted info with an untrusted party you have a security breach, this is obvious.

  22. @Simon,

    1984 wasn’t like 1984 because the technology wasn’t ready yet.

    Sometime around 2005, when Intel started shipping systems with the TPM (trusted platform module) chip, is when 1984 happened. Apple helped out a bit by putting this tech in ALL of their Intel macs.

    1984: the message wasn’t “don’t copy that floppy”

    2005: the message seemed to change a bit: “copy anything you want – we’re watching everything you do online anyway”

    2008: the telecom firms that conspired with the government to surveil everytning, got retroactive immunity.

    Good luck to you, sir

  23. @Jazz guy:

    First, you realise this post is 2 years old?

    > Sometime around 2005, when Intel started shipping systems with the TPM (trusted platform module) chip, is when 1984 happened. … “copy anything you want – we’re watching everything you do online anyway”

    Do you have the slightest idea what a TPM module actually does? Apparently not. It’s a hardware random number generator, secure key generator, and secure key store. These are all useful, documented functions, and have nothing whatsoever to do with “watching everything you do online”. How could it possibly? It’s a chip on the motherboard. It doesn’t have some magical direct access to the internet, it just provides functions that an operating system can use. Nor does it work in some shady, obfuscated way with proprietary OSes only: Linux has supported TPM modules since 2.6.12 (you can go view the driver code for it yourself in the normal way).

    Yes, OSes can potentially watch and report everything you do online. But they don’t. Don’t believe me, buy a hardware packet sniffer and confirm for yourself. And they could do this before TPM modules.

    >2008: the telecom firms that conspired with the government to surveil everytning, got retroactive immunity.

    And yet your post was mainly complaining about a tool that would allow you more secure generation of encryption keys. Oh, the irony…

  24. Allow me to clarify – I did confound two concepts in my post (DRM, and the surveillance state). My main point is that DRM is another form of “1984” – style control – just one not anticipated by Orwell.

    I know perfectly well what the TPM does, and didn’t intend to imply any surveillance function of that module itself, it was more of an observation that:

    1) Keeping encryption keys in a tamper-proof module means the user has less control of their computer.

    2) TPM is an enabling technology for more nefarious schemes, if you can’t tell when the system is encrypting data, how will you even know what it sends when it does ‘phone home’?

    3) TPM was introduced in Apple/Intel CPU hardware in 2005, with the potential use as a more bulletproof mechanism for enforcing Apple’s monopoly. DRM on Apple hardware is already infamous, to the point that you can’t watch a video purchased on iTunes on an external monitor, unless it meets certain requirements.

    The intention was presumably to prevent Mac OS X from running on Apple-approved hardware. Yes, there are patches around this, but Apple has periodically been slow in publishing the Intel branches of Darwin source code for Intel to protect their “secure booting” scheme. They also prevent debuggers like dtrace from certain applications (notably iTunes).

    http://blogs.sun.com/ahl/entry/mac_os_x_and_the

    The society of 1984 is, for me, is about institutions controlling individual and collective behaviour through repressive means. Massive surveillance systems are part of this, but so are mandatory DRM schemes. Any system which is designed to prevent the user from being aware of what is running on their computer, is conceptually no different than a rootkit, IMHO.

    When an OS (such as Vista) uses encryption to obfuscate movement of digital data through the system, how does that help me do my work more efficiently? All it does is make the computer industry trade user control for controls imposed by the entertainment industry.

    It also makes the computer vendors beholden to the entertainment industry. If I want to watch a DVD, I’ll get a $40 DVD player. Don’t force me to replace my perfectly good operating system with a DRM-friendly one.

  25. Found this with StumbleUpon … I’ve got to say that there are some real losers in this comment thread that will probably be on their death beds wishing they’d spent more time at the office checking for stolen paper clips and complaining about their retarded employees’ excessive use of toilet paper.

  26. Allow me to introduce you to the future of security, (and date rape) if I may.
    I do not yet know the specifics but you can do your own research if you so choose after reading this. After my doctor told me this, it sent chills down my spine. Here’s the short version;

    My doctors wife went for a colonoscopy at the local hospital wherein she waited for quite a bit longer than was needed for her name to be called and the procedure to be commenced. She had had enough of waiting and went up to the desk to inquire about the delay, whereupon whe was told that the procedure had already been performed some twenty minutes earlier and that she had been sitting and waiting for no reason at all. This was not a case of clerical error or any other such logistical issue.

    No, the fact was that a new drug methology had been utilised that wipes out short-term memory, allegedly to reduce the stress on the patient.

    She had not been told that such a means would be used (can you say test-subject?) but she was not particularly concerned. When I was told this story I was incensed and told my doctor in no uncertain terms that ths was a violation. He didn’t seem overly concerned either. So much for the “rights” of “informed patients”.

    The future of security is not technical, it’s chemical. Welcome to the brave new world. Good night and good luck.

Comments are closed.