Slash dot points to this story from the BBC and AP about military secrets being sold along with USB drives in Afghan bazaars. The flash drives are stolen from US military bases by Afghans working in them.

A few thoughts:

  • Maybe they should pay the Afghans a little more, and then fire a few for theft, to get folks to be concerned about keeping their jobs.
  • Why the hell are sensitive files being kept on flash drives? Aren’t they are on reasonably secure network servers?
  • This is exactly the same issue that US businesses face. Your entire customer contact list could walk out the door a dozen times a day and you’d never know until competitors are calling on them. This is the real data security problem, not social security numbers.

The seemingly insurmountable difficulty of protecting this kind of data suggests that we are ready for a re-thinking of how we store important data. Obviously the encryption/password model isn’t working. Or at least the current implementations aren’t.

DANGER! Marketer Trying to Design A Product

Perhaps some the additional metadata fields being added to advanced file systems could be used for a OS-based encryption engine. Save a new file and the dialog box asks, in addition to the usual stuff, if the file should be encrypted and who (owner, group) should be allowed to decrypt it.

Perhaps an admin level account could require that all files going out USB ports be encrypted. Or ??

This is a real problem. I’m not technical enough to design a solution, but it seems like the current processes are hopelessly broken. Any creative engineers out there with some ideas? This could be a very popular utility.