Shostack + Friends Blog Archive


The Human Element

In one of the soon-to-be countless articles about the VA Incident, Network World’s Ellen Messmer writes:

The sad irony in all this is that there are many at the VA who have worked hard to design and install network-based security. But in the “multiple layers of security” everyone is so fond of discussing, the human being apparently remains one of the hardest to fix.

Yes, while “there’s no technical solution to a social problem”, in this case the problem seems to have been that unencrypted sensitive data were literally left lying around. Even if one accepts the premise that these data need to be stored on laptops (which is far from clear in this case), any number of commercial products could easily have helped here.
A further point. Much is being made of this being a “simple burglary”. Let’s imagine that it was not. With crypto, an insider being paid for information would need to commit two offenses: leaving the info lying around (which might be worth it, depending on how much he’s being paid and by how gullible investigators are), and deliberately disabling the protection provided by crypto (by leaving the machine running, or by leaving the crypto key in plain sight on a Post-It). I’m no lawyer, but it seems that the second scenario makes it easier to separate malice from stupidity. Sounds like something that might be worth doing.

2 comments on "The Human Element"

  • Iang says:

    If someone is being paid to leave the info lying around, why wouldn’t the deal include handing over the password? You need to create two acts which aren’t combinable with stupidity. Even if you insert an RFID under the skin as the password, there’s nothing stopping the crooks sitting next to the guy in a restaraunt and scarfing up the data while drinking coffee. Classically this is solved by separation of roles so we might employ consultants in pairs.
    The real underlying flaw here is the data. It is valuable. It will be stolen. The solution is simple – make the data un-valuable. That means re-wiring the grey matter in large sections of (western credit) society to kick the identity habit, but it’s their choice – identity & theft, or re-wiring.

  • Chris Walsh says:

    My goal for the moment is less ambitious.
    Yes – in order for this to work, the two acts need to be sufficiently uncombinable. I think they can be. I agree that for data that are valuable a way will be found. I am looking to reduce the amount of theft, and the number of ways it can occur. To me, this is an improvement.

Comments are closed.