Sunday, July 14, 2013

Securing Documents

Several months ago, a NSA contractor named Ed Snowden released confidential   information which he had obtained as part of his job. 

The result of his whistle blowing/traitorous activities was felt around the world. People were outraged that the NSA was monitoring the emails and phone records of ordinary Americans. 

So how can the NSA prevent future breaches like this?

I think that, for each confidential document, they should separate how they got the information from what the information actually contains. Then just encrypt the how and make it available to those with the proper security clearance.

For example, suppose you have a confidential document XYZ and that document contains confidential information (the sky is falling) the source of the information (chicken little said so). If you want document XYZ available throughout the organization then just encrypt the source of it. That way even if it does get leaked -- the details of it will be based on the credibility of the leaker and not on the NSA itself. Making it hard to copy files to a physical device also helps. 

Also works for newspaper journalists.