About personal data security

[this is a repost of my answer to someone who wondered about security of personal data on Ulteo forums]

Let me explain my way of thinking about this issue.

At first, let’s assume that data integrity and confidentiality are the two needed requirements:

  • we want to be able to retrieve data, as long as we need it, whatever happens on the earth (bombs, earthquakes…)
  • we want to ensure that no one but authorized people can read the data, use it or modify it

Now there are different cases. Let’s take these two cases to simplify:

  1. your personal data : most of time they are stored on your computer. As a result, they are totally unsafe for several reasons: someone can break into your computer and steal your data, or you can be stolen your harddrive (laptop), or your house can go into fire etc. A slightly different case is your online data. For instance, Gmail, Yahoo! mail etc. They won’t guarantee anything but “doing the best” to secure the data. It means that it’s likely that they have advanced security systems (but who knows), that they have redundant servers around the planet etc. So, it’s more likely that your data get more secured if they are stored online in this case. Anyway, they are not really confidential: Gmail reads your emails to generate ads for instance. Additionally, it happens that they close accounts, for any reason. I know people who got their Yahoo! mail account closed because the Terms of Services weren’t respected (without any further detail). Later, they were unable to get in touch with someone at Yahoo! to get it back and lost all emails. Maybe in some cases that’s a bug. Worse: laws permit that your data can get accessed by government agencies anytime for any “good reason” (as far as I know that’s the case for Google in the USA and Blackberry in the UK). So there is still a risk to have your data vanish in the air, even if they are stored online on a big service.
  2. data within a corporation (ie “sensitive data”). Here, everything depends on the corporate’s policy about data security. Most of the time, I think there is a good level of integrity for the data, assumed that there are mechanisms to get the data replicated to other geographical places for instance. Confidentiality is certainly worse because security cannot be perfect, and also because many people within corporates use Gmail, Blackberry and other services intensively, apparently even for sensitive transactions/discussions. This is a real (known) issue for strategic corporations that need a high level of confidentiality.

Now, what I think, is that the key answer to data integrity and confidentiality is:

  • redundancy to address the integrity problem
  • heavy encryption to address confidentiality

For instance, with tools such as GPG and Thunderbird Enigmail (which are provided and installed by default on Ulteo), you can encrypt your sensitive emails very easily. The only constraint is that you first need to import your receiver public key first, but that needs to be done only once. Then, all you need to do is to select “encrypt message” when writing your email. With a 2048 or 4096 bits encryption key, this even removes the need to have any security or encryption “on the line” (TLS, SSL…).

In this case you can even add a personal gmail account in CC: as a safe backup! You won’t be able to read the email content within Gmail, but if you happen to need it, you can retrieve the email and decrypt it locally. And Gmail won’t be able to read the content of these archives in any way.

In the same spirit, Ulteo also integrates the Kopete “Silc” plugin that provides a totally secured IRC chat.

Now, there is the question of data that are stored at Ulteo. Right now, I can’t tell you more that “we’re doing our best to secure your data”. This means security measures on servers, and replication. But I agree that it’s not an ultimate solution.

We plan to provide an encryption feature that would permit us (and you) to store *only* encrypted data, that could be used/decrypted only by the owner of the data, using his credentials.

In this case, you would have a local secured directory where you could put all your sensitive data, and this would be the same on Ulteo online services. So in the bad case where you would be stolen your harddrive, or in the case Ulteo servers would be cracked, nobody but you couldn’t read your secured data.


Leave a Reply

Your email address will not be published. Required fields are marked *