Futuristic data security through pen and paper

by Michael Smith (Veshengro)

pen-paperFrom intelligence agencies to hospitals, paper records are the killer app for stopping hackers, and pen and paper, or the typewriter, are king in this department.

In late 2014 or in 2015, I would have to check, the Federal Security Service of the Russian Federation (FSB) decided, in the light of the Snowden revelations, to return to the typewriter for sensitive memos and other material and to a manually administered distribution list for such information.

Hackers are everywhere with the government in the lead in that department and they would like to know everything that we do and also like to get their hands on other data that we may have anywhere. So, how do we secure our sensitive data? The old-fashioned way by using pen and paper, or typewriter and paper.

Computerized data and computers are inherently insecure, regardless of what we may be taught, led to believe, or think. And that goes beyond simple data theft.

Hollywood Presbyterian Medical Center in Los Angeles was hit by an infection of so-called “ransomware”, which locked up all its data in encrypted form until a ransom (hence the name) was paid to the software deployers to decrypt the data again. While the hospital does not say when they paid the ransom, fact is they did, and it is irrelevant whether they paid 9,000 in bitcoin/$3.6 million as initially reported or only 40 bitcoin, around $17,000 as claimed later, and this payment set a bad precedent.

Maybe Hollywood Presbyterian could have done a better job of protecting its data, but data on computers can never be perfectly safe. Thus, let me propose a more secure technology that would serve as a near-perfect barrier to hackers, ransomware and other exploits: Put important records back on paper. It also is not dependent on a power outlet or batteries and a notebook can be run over by a main battle tank and the data is recoverable.

The truth is, paper records are inherently more secure that anything electronic and digital. To steal 10 million electronic user records from a government agency, or whatever, all you might need is a cracked password and a thumb drive. To steal that many records on paper, however, you would need a fleet of trucks and an uninterrupted month.

And ransomware would not work on paper records either. What would they do, put a padlock on the filing cabinets and demand ransom for the key? Not something that would very likely succeed. You simply would take a bolt-cutter and remove the lock.

And often, putting things on computers is a rather stupid idea anyway be this with regards to medical record or other data.

Electronic medical records, touted as saving money and streamlining care, are a major cause of physician burnout. In fact it appears to have gotten so bad that some hospitals actually advertise the lack of electronic medical record systems as a selling point in recruiting doctors.

Nor have electronic systems paid off as promised. As Robert Wachter wrote in The New York Times, “Even in preventing medical mistakes – a central rationale for computerization – technology has let us down. A recent study of more than 1 million medication errors reported to a national database between 2003 and 2010 found that 6% were related to the computerized prescribing system.” Those problems, and considerable expense, could have been prevented by sticking with pen and paper.

Handwritten records also have great anti-fraud characteristics: Notes capture information in terms of handwriting, ink color, etc., that make it harder to make wholesale changes without it showing. Electronic records, on the other hand, tend to look the same.

If I were running an intelligence or security agency of any kind I would have all my important stuff done in handwriting or on mechanical typewriters (the old kind that type over the same fabric ribbon multiple times) and distributed in sealed envelopes, with a distribution list typed on the same kind of mechanical typewriters.

While it was possible, and not just is spy thrillers, to gain access to such paper records of an agency and to steal them or copy them, by writing down the details, by photocopying the pages or by photographing them, often on microfilm, it is a lot more difficult and requires the use of actual people as agents or an insider bringing the material out.

The same goes for setting up a voting system, where it is much better and safer to use paper ballots instead of electronic voting machines. And as far as running a hospital is concerned, or a doctor's practice, serious consideration should be given again to doing everything on paper.

There is a place for computer records, of course. But for things that really matter and that need to be genuinely secure, maybe we should try a much more advanced technology, namely paper and ink. It is definitely hacker proof and has lasted for a very long time with no ill effects. In fact come time our computer records will no longer be readable while those on paper will be.

© 2016