A Case for Encryption: Sheriff Joe Arpaio’s raid on jointly held data center

Keep reading or » JUMP DIRECTLY TO THE NEXT CHAPTER: 11 – Strange Bedfellows (Part II)

Recently, the sheriff’s department of Maricopa County, Arizona has been in the news for raiding a data center owned by the county and seizing computers used by the Superior Court and others for e-mail and communication. The apparent illegality of this armed raid, seizure, and coup against publicly owned property aside, there are a number of security concerns already raised by the courts that the sheriff’s office has access to privileged communication directly related to ongoing investigations of the sheriff and his administration.

Two of Phoenix’s major newspapers (Deputies raid county building to take control of computers via The Arizona Republic, Raid on County Computers by Sheriff’s Office via The Phoenix New Times) are running articles on this armed raid and outline notes on what happened. I will be basing my case for encryption on what we know about what happened during this raid and what sort of implications it has for security.

It is good to see that Maricopa County has seen fit to embrace the 21^st century and uses e-mail to correspond about cases, thus increasing the capacity of communication and interactivity within the court system. However, this does raise some concerns about having all of this information stored in one place, a place easily besieged and overtaken by other departments of the government who don’t have the authority to do so not to mention hostile foreign forces bent on theft of that information.

Any time a single operation has joint ownership between different agencies of the same organization, especially if a third party is contracted to do so, the information stored in that data center may pass under the purview of outside control. People using these systems for correspondence cannot be certain that their communication is fully secure from even opportunistic notice by employees at the data center or other departments.

As I mentioned in The Encrypted Citizen using encryption isn’t a very difficult process, and end-to-end solutions can be readily constructed that allow for key escrow in the case that privileged information needs to be available internal to the organization and not just individuals in that organization. The upshot still is that only people who have both the encryption keys and the servers can read or modify the information.

If members of the superior court and state attorneys appropriately use encryption on their privileged correspondence then the sheriff’s office seizing those computers, and thus the encrypted data, makes the security issue essentially moot. If the sheriff’s office did indeed have genuinely altruistic motives for their unauthorized seizure they wouldn’t mess with the data on the systems; if they had villainous intent, it would become impossible or extremely difficult for them to read or tamper with the privileged communications.

Locks in the physical world exist to keep honest people honest; but encryption can go a slight step further in this sort of case, it provides a second tier of security that protects sensitive information from prying eyes in the case of a physical security breach (as seen in this case.) Inexpensive encryption such as PGP or another solution could be easily deployed and would act to keep the sheriffs honest.

Well, more honest than they appear to want to act.

In fact, an examination of the reasoning given by the Maricopa County Sheriff’s Office displays either an extremely flimsy excuse or gross ignorance of how computer security works:

Chief Deputy David Hendershott said the state Department of Public Safety was concerned that civilians could have inappropriate access to criminal-history records in the system.

The Sheriff’s Office took control of the Integrated Criminal Justice Information System from county employees on Wednesday. The system links the county’s criminal-justice agencies to state and national databases that hold criminal records, court dates, probation and personal information, and other records.

“We felt intrusion (into the system) was imminent,” Hendershott said.

The misunderstanding here stems from the fact that once the physical security of a computer is breached passwords no longer provide adequate protection to data. The technicians and officials who have physical access to the machines and their hard drives do not require passwords in order to remove the hard drives, access them directly, and read/tamper-with data on those hard drives. In the case of people with direct physical access the passwords are a moot point.

Now, if the data on those drives happened to be encrypted, this creates a totally different story. The person with physical access still may be able to get the data but they cannot read it and they cannot tamper with it. And, with the proper types of safeguards in place, if they attempted to tamper with it, there would be evidence that tampering occurred.

If everyone involved in this joint-usage of Maricopa County equipment only chose to make use of encryption for security and tamper resistance there would be no reason for the sheriff’s office to even claim that they needed to change the passwords in the first place. Furthermore, it would make it less sinister that the sheriff’s gained unfettered direct physical access to these machines (and thus their privileged data) via an armed raid.