Visit us on stand 906 at BlackHat Europe 5 – 6 Dec Read More
Heroes of healthcare need heroic tools, not insecure compromises Read More
Pushfor Featured in Financial Times – How to Spend It Read More

Retreating to hyper-retro technology is no answer to security

By November 20, 2018Uncategorized
technology secret confidential sensitive data security secure

There’s a story out there that Vladimir Putin has begun using a pen to write confidential notes. You read other reports of people reverting to typewriters to secure their privacy.

People are doing that because on a PC or a Mac, there’s the possibility of a keylogger recording what you type and sharing that information.

The problem now is that these old ways of doing things privately and securely were very effective, but new technology can work directly against what used to work so well.

Say Putin writes down some top secret instruction. But I could then use my phone to photograph it and have that picture disseminated to billions of people within seconds. Also, casually written information can’t be encrypted unless you have a code – which the other guy also needs to have – or an Enigma-type machine standing by.

So it’s actually even more insecure. It’s like saying a bow and arrow is an effective weapon because it’s silent. Well yes, it is, and it would have a certain element of surprise on the battlefield. But it’s ineffective against an enemy with night sight goggles, drones and a gun that can shoot the guy almost while the arrow is in mid-air.

Security breaches can’t be prevented by reverting to old technology. Even shredding paper doesn’t work. There was a guy in the Canada whose son shredded thousands of dollars worth of high denomination bills. It turned out there’s a department in the US Treasury that will rebuild damaged, even shredded, money and honour its value again.

Burning paper may work, but it has to be given to someone – and then become at risk of interception – before it has any use as a means of communication.

Also filing cabinets can be raided and again, once a photo of an analogue document crosses into the digital domain it has a premium value.

Your photo of that hand-written note from Vladimir Putin would treble the impression that he was attempting to be surreptitious, that he had something really secretive to hide. And of course, a handwriting expert could confirm that it’s in his hand.

If a digital communication with the top-secret instruction was hacked, he could always claim it was someone else, or generated by a machine.

It’s still the case that if you really want to keep something secret, it’s best not to tell anyone.

But if you need to get information out there, don’t think that by going back a century, you can outwit your adversaries.