Local Encryption ... Why Not?

scottalanmiller

@BRRABill said:

@scottalanmiller said:

(Apple pegs such cracking attempts at 5 1/2 years for a random 6-character password consisting of lowercase letters and numbers. PINs will obviously take much less time, sometimes as little as half an hour. Choose a good passphrase!)

That's assuming you don't have your device set up to wipe after 10 attempts.

The article was demonstrating (I think?) that you cannot do anything to the drive if you pull it from the iPad or iPhone. Isn't that was we were wondering about?

That was, I thought, the time to decrypt after you pulled it from the device. That's your "uncrackable" time.

BRRABill

@scottalanmiller said:

But I don't need to do that, right? Just back it up from inside the running OS unencrypted and the encryption isn't on at the time of the data being pulled. right?

The server is protected by a strong password. How are you going to get access to it?

scottalanmiller

@BRRABill said:

@scottalanmiller said:

But I don't need to do that, right? Just back it up from inside the running OS unencrypted and the encryption isn't on at the time of the data being pulled. right?

The server is protected by a strong password. How are you going to get access to it?

We are talking about end user devices, right? Or servers too?

If we are talking about a server and assuming that it cannot be accessed, what is the purpose of the encryption?

BRRABill

@scottalanmiller said:

That was, I thought, the time to decrypt after you pulled it from the device. That's your "uncrackable" time.

I read that as you could not do any encryption without the device itself.

From Apple:
"The UID allows data to be cryptographically tied to a particular device. For example,
the key hierarchy protecting the file system includes the UID, so if the memory chips
are physically moved from one device to another, the files are inaccessible. The UID is
not related to any other identifier on the device."

BRRABill

@scottalanmiller said:

We are talking about end user devices, right? Or servers too?

If we are talking about a server and assuming that it cannot be accessed, what is the purpose of the encryption?

Well, we could be talking about either.

End users devices I say should always be encrypted.

Devices we can lock down, I can see your argument a little bit more. In that it was behind three locked door with a security system.

But there are still ways around it. For example, our landlord has keys to every door in my office. THey might let a cledaning crew it, etc. etc., etc..

BRRABill

@BRRABill said:

Well, we could be talking about either.

Though like I think I said I agree 100% they are definitely different use cases here.

BRRABill

I read through that Apple security document. Man, is there a lot of stuff in there that they do. No wonder it costs so much!

Dashrender

@scottalanmiller said:

@BRRABill said:

@scottalanmiller said:

Judge: "If the system was secure, why was it encrypted?"
You: "Just in case our users started storing data locally."
Judge: "And you don't feel that encrypting the drive suggests that you support that action and enable it by making it seem like you intend for them to put PHI there?"
You: "Ummm... but I didn't tell them to put it there."

Judge: Were you aware that sensitive data was on the machine?
Me: Yes, that is why we installed a self-encrypting drive. As you know, sir, drives with this technology that are lost are not considered breaches.
Judge: Oh, that's right. Thank you and have a nice day!

That's fine except for one thing - since when is lost data not considered a breach when encrypted? That's news to me and I'm sure would be big news to most of the American public. Why is encryption considered an exception to security and privacy norms?

Pretty sure the OCR has stated that it is not considered a breach when encrypted drives are lost.

BRRABill

@Dashrender said:

Pretty sure the OCR has stated that it is not considered a breach when encrypted drives are lost.

That is what our HIPAA specialists have told us.

A golden ticket, as you (or someone) said.

For $39 (or probably MUCH less in bulk) it's a "why wouldn't we" type of decision.

But ML doesn't feel that way. Hence the purpose of this thread!

scottalanmiller

@BRRABill said:

I read through that Apple security document. Man, is there a lot of stuff in there that they do. No wonder it costs so much!

I have connections to the head of security at Apple too We've had drinks together but don't regularly hang out. A friend of a friend. Apple does some things great, some things okay and some things poorly. Device security is something that they rock on. Interfaces is where I find them to be poor.

scottalanmiller

@Dashrender said:

@scottalanmiller said:

@BRRABill said:

@scottalanmiller said:

Judge: "If the system was secure, why was it encrypted?"
You: "Just in case our users started storing data locally."
Judge: "And you don't feel that encrypting the drive suggests that you support that action and enable it by making it seem like you intend for them to put PHI there?"
You: "Ummm... but I didn't tell them to put it there."

Judge: Were you aware that sensitive data was on the machine?
Me: Yes, that is why we installed a self-encrypting drive. As you know, sir, drives with this technology that are lost are not considered breaches.
Judge: Oh, that's right. Thank you and have a nice day!

That's fine except for one thing - since when is lost data not considered a breach when encrypted? That's news to me and I'm sure would be big news to most of the American public. Why is encryption considered an exception to security and privacy norms?

Pretty sure the OCR has stated that it is not considered a breach when encrypted drives are lost.

If it data is exposed and compromised? How would they explain that one? "Well there has been a breach, but we don't consider it a breach so screw you people who had your data stolen."

BRRABill

@scottalanmiller said:

I have connections to the head of security at Apple too We've had drinks together but don't regularly hang out. A friend of a friend. Apple does some things great, some things okay and some things poorly. Device security is something that they rock on. Interfaces is where I find them to be poor.

I think you would have to admit though, that there are MANY safeguards built into the device to protect the local data.

scottalanmiller

@BRRABill said:

@Dashrender said:

Pretty sure the OCR has stated that it is not considered a breach when encrypted drives are lost.

That is what our HIPAA specialists have told us.

A golden ticket, as you (or someone) said.

For $39 (or probably MUCH less in bulk) it's a "why wouldn't we" type of decision.

But ML doesn't feel that way. Hence the purpose of this thread!

$39 for one type of golden ticket. Not putting data there is a free one as well.

Judge: "How much data was on there."
You: "None"
Judge: "So why are we here?"

Dashrender

@scottalanmiller said:

@BRRABill said:

I did a few quick Google searches, and it appears you cannot use the password to decrypt it if the drive is not in the device. It has to be in the device.

I wonder how that works. What aspect of the device makes it work that way. Complex encrypted salt on another chip?

TPM

scottalanmiller

@BRRABill said:

@scottalanmiller said:

I have connections to the head of security at Apple too We've had drinks together but don't regularly hang out. A friend of a friend. Apple does some things great, some things okay and some things poorly. Device security is something that they rock on. Interfaces is where I find them to be poor.

I think you would have to admit though, that there are MANY safeguards built into the device to protect the local data.

Oh yes! but none as effective as not putting the data at risk at all.

BRRABill

@scottalanmiller

I edited this.

Judge: "How much data was on there."
IT Person: "None"
Judge: "Are you sure? How can you prove that?"
IT Person: "Uhhhhhhh"

BRRABill

@scottalanmiller said:

If it data is exposed and compromised? How would they explain that one? "Well there has been a breach, but we don't consider it a breach so screw you people who had your data stolen."

The data is inaccessible.

Unless you portend to be able to crack 256-bit encryption.

Dashrender

@BRRABill said:

@scottalanmiller

I edited this.

Judge: "How much data was on there."
IT Person: "None"
Judge: "Are you sure? How can you prove that?"
IT Person: "Uhhhhhhh"

There are a few things to consider - you'd only be there if you self reported or there was a release of data that was linked back to your company about a breach larger than 500 individuals. So if you didn't already think there was data on there, why are you in front of the judge?

BRRABill

@Dashrender said:

There are a few things to consider - you'd only be there if you self reported or there was a release of data that was linked back to your company about a breach larger than 500 individuals. So if you didn't already think there was data on there, why are you in front of the judge?

Surely you aren't implying you wouldn't report a breach!

Of course you wouldn't need to with a SED.

scottalanmiller

@BRRABill said:

@scottalanmiller said:

If it data is exposed and compromised? How would they explain that one? "Well there has been a breach, but we don't consider it a breach so screw you people who had your data stolen."

The data is inaccessible.

Unless you portend to be able to crack 256-bit encryption.

That something is 256bit alone does not imply that it isn't easy to access. That's just one factor. There are cases where it is indeed easy to crack. And cases where it is very hard. But that alone doesn't suggest that a comprise isn't likely.