In the second of our two articles today on data security in the Snowden Era, Michael Susong* talks about metadata in the light of the latest revelations about the activities of the US government agency PRISM…
Edward Snowden recently revealed to the public details about a mass electronic data mining program being carried out by the National Security Agency and known by the name PRISM. If you haven’t had a chance to follow it, you can catch up on the history of the story here. In a nutshell, the NSA has been collecting metadata, the digital details surrounding email messages, phone conversations, video chats, social networks, and more from the servers of mainstream phone and internet providers.
Snowden gained access to the government files pertaining to the program in the regular course of his duties as a contracted system administrator. The files had been stored in a file-sharing location on the NSA’s intranet site. The idea was to keep the files in this location so that NSA analysts and officials could all access and collaborate together. After the attacks of September 11, 2001, intelligence agencies realized that this form of information-sharing was necessary to “connect the dots” before an attack. Each agency needed to know what the other already knew. Snowden’s job was to go to the NSA intranet site and move especially sensitive documents to a more secure location. The debate can and will continue to rage on as to whether Snowden planned to leak information all along or whether he felt an overwhelming sense of civic duty to the American public after realizing the full scope of the PRISM program.
With the background out of the way, it is not the intent of this piece to debate the Snowden: Hero or Villain issue. It is, rather, to explore what we can learn about the risks to our own organizations posed by similar types of metadata and what our IT infrastructures can learn from the steps the NSA is now taking to control the flow of data and documentation more closely.
One of the simplest ways to think of metadata is to imagine a letter. For those that still send them, a letter is sent with the content sealed inside an envelope. No one other than the sender and the recipient should know what is contained within. However, the information on the envelope, the To and From addresses and postal code on the stamp, can be freely seen. This information is critical to ensure the letter’s proper delivery.
The information on the envelope is similar to the metadata that is being collected by the PRISM program. The time, date, location, sender and recipient of emails and phone calls. Most people toss the envelope in the trash after opening the letter. But what if the envelope didn’t go into the trash? What if, instead, every envelope you ever sent or received was catalogued and stored? The information on a single envelope might not reveal much, but the compiled information from thousands of envelopes would paint vivid patterns of your communications. Now, apply this same thought process to the “envelope” information of phone calls, emails, and internet activity. Osama Bin Laden was eventually found by analysts tracking the patterns of movement by his couriers. The analysts didn’t need to know the content of the messages to successfully carry out their mission.
How can we apply this to the day to day operations of our own organizations? Quite a bit of digital information is sent through email every single day at every organization. These emails and attachments, even those sent from mobile devices, all contain metadata. Some types of information that could be found under the surface of a document might be, but not limited to:
• Last 10 authors
• Firm name
• File locations
• Tracked Changes
• Hidden text
• Deleted document comments
• Routing slip information
• Document versions
• Revision time
• Fast saves
• Linked Objects
It is possible that a single document could contain confidential or potentially embarrassing information in this hidden data. While this risk is very real, organizations must also be aware of the risks posed if the metadata is collected from documents in bulk and used to identify patterns. For these reasons, it is imperative that every single email and attachment, even those sent from mobile devices, be scrubbed of metadata. This is where traditional desktop-based metadata solutions fall short. A server-based solution is needed to scrub metadata from emails and attachments that are sent by users on mobile devices.
In an attempt to prevent this type of leak in the future, the NSA has begun “tagging” sensitive documents and data with identifiers that will limit access to those individuals who have a need to see the documents.
“You can’t make good policy if you can’t keep more than one idea in your head at the same time,” warns Joel Brenner, a former NSA inspector general. “One of those important ideas is that we have to do a really good job of sharing information and disseminating it to people who really need to know it and doing it fast. The other really important idea is that a lot of this information, if it gets into the hands of people who ought not have it, hurts us badly. So that information has to be protected. You can’t separate those ideas.”
In much the same way, organizations can use digital rights management software to gain greater control over the content they create and disperse. This software can provide full document custody control by “tagging” or putting a “security wrapper” on documents. Access to documents can be restricted by individual or group, by expiration date and whether the user is working online or offline. Further restrictions can be applied to allow or disallow copying, editing, printing, etc. These types of controls can be useful in myriad situations within an organization.
What happens if an employee leaves their smartphone or laptop at a restaurant or in a taxi? An average of 6000 computing devices are left in New York City cabs every month. A solid digital rights management solution will be able to revoke access to all of the device’s content. The same idea can be applied to a situation in which an employee with access to sensitive or confidential information has been terminated and the administrator needs to revoke access to these files. The bottom line, the more control an organization has over its content, the better prepared they will be to deal with foreseen and unforeseen circumstances.
* Mike Susong, Marketing Manager, Litéra Corp www.litera.com