Why Data Should Not Live Beyond Its Useful Life

A very wise man once said “we are at the knee of the curve for deployment of a different model of computation”.

Those words stuck with me not just because they were Dan Geer’s (or because everything he says is cool and elegant)* but because this 2014 statement was something he was telling all of us at @stake over a decade earlier — storage will be near free and therefore extremely costly.

At the time, when an IT admin complained that the real cost of storing our entire email spool would be crippling as we scaled. Our CTO, eloquently informed us all that it would indeed be expensive, but not for the reasons we thought.

Those of us in the information security industry who started long before there were many public large-scale threats remember that the idea of keeping and thus having to protect all information at all times seemed somewhat futuristic to many companies and consumers. Data storage was considered extremely expensive.

Fast-forward a little over 20 years and almost everyone retains communications and sensitive data by default, forever. The logic is: if storage costs 2 cents per GB why not store everything, in case someday it may become useful. Ironically, despite the almost zero cost of taking up the storage space, the real price of keeping the high-value communications secure has never been higher.

In 2010, when the Google Street View team inadvertently collected 600 gigabytes of data from unsecured WLANS from around the world as part of the photo compilation routine, it raised a lot of concerns. The company was required to destroy the stored data by European authorities. When watching hard drives ground down to dust and person-years lost to PR triage, it was pretty clear to me that convenience is no longer a good enough or a salient reason for gathering and storing everything.

In just the past few years, many companies, governments and individuals have too often learned it the hard way. Our country – for better or worse – has a new administration and is headed down a new path largely because of decisions made in the context of the convenience of storage.

It is my strong belief that now is the time to rethink how we, as a global community, protect our communications and most sensitive information. This is especially true for communications that, when breached, will damage businesses, reputations, and critical connected infrastructure. It is a fundamental privacy and information security issue that concerns us all.

At Wickr, we have been working on enriching our signature secure messaging with collaboration features to match the communications and security needs of our users – both individuals and businesses. Having started with the first end-to-end encrypted ephemeral messenger, Wickr is now adding a suite of secure collaboration tools – AWS Wickrfessional – to its portfolio to power and protect proprietary communications across enterprises.

The core innovation is an entirely client-based group management protocol that enables end-to-end message security, perfect forward secrecy, and ephemerality in large groups. The team has been working in close collaboration with AWS Wickrfessional’s beta partners from across industries to define the final contours of our enterprise products. For us, the key was to continue innovating while reinforcing our foundational privacy promises to Wickr users. The result — AWS Wickrfessional products go beyond end-to-end encryption to offer a full set of features that proved critical to our beta users – secure rooms, persistent ephemerality, provisioning, secure file transfer, key verification, and admin controls.

Imagine a team detecting the signs of a data breach within a global network, or a multinational company launching a new product in a competitive, and possibly hostile, new market. As a security professional, I know these teams need a safe, uncompromised channel of communications they can trust to act, collaborate, and share real-time information. We built the AWS Wickrfessional suite of products to empower our customers to deal with proprietary and urgent issues with confidence and responsibility, to ensure they know exactly who touches the information, where it resides, and how long it lives.

Our enterprise partners now have intuitive tools that allow them to spin up a secure room with a set expiration date or a whole new private network in seconds, and send end-to-end encrypted files to improve both the productivity and information security, when it’s most needed. For teams operating in time-sensitive and confidential environments, strong end-to-end encryption should be a mandatory requirement in any collaboration product. We are intent on enforcing higher privacy standards such as perfect forward secrecy and ephemerality as standard in Wickr communications. Wickr users know: the data you do not retain is the data that cannot be compromised.

With these new enterprise products, our commitment is to continue improving Wickr’s ability to make security accessible to anyone — businesses and private individuals. With a strong positive feedback to our enterprise products, we are inspired to push the industry forward in understanding that while a wider adoption of end-to-end encryption is an enormous progress, unorthodox threats require unorthodox approaches. That is why we believe that persistent ephemerality for all communications is a key ingredient of responsible information security.

* To further substantiate Dan’s coolness, he followed the knee bend statement with this: “We’ve had two decades where, in round numbers, laboratories gave us twice the computing for constant dollars every 18 months, twice the disk drive storage capacity for constant dollars every 12 months, and twice the network speed for constant dollars every 9 months. That is two orders of magnitude in computes per decade, three for storage, and four for transmission. In constant dollar terms, we have massively enlarged the stored data available per compute cycle, yet that data is more mobile in the aggregate than when there was less of it.” For more see: https://securityledger.com/2014/05/dan-geer-keynote-security-of-things-forum/