The Immutable kBlog: thoughts on data integrity

Does the end justify the means? Der Spiegel reports a history in which Deutche Bahn, the German-state owned rail service, is seeing how a new scandal grows, with the risk of implicating its top managers.

The German rail company is being accused of spying on almost all of its 227.000 employees for almost a decade. Part of a campaign to root out internal corruption -a very positive cause indeed-, the spying operation consisted on comparing “master data” (i.e. personal details) of over 170.000 employees, with information of around 80.000 external suppliers. This would show irregularities that might imply internal corruption. These investigations and comparisons have been going on at least three times (on 2002, 2003 and 2005).

It is now under investigation whether privacy laws have been broken or not. But even if Deutche Bahn’s actions were legal, privacy is an exteremely sensible matter in Germany because of its Nazi and Communist past. Surprisingly enough, this is not the first of such spying cases, with Deutche Telekom in 2008 and Lidl grocery stores in 2007.

Under investigation as well is how aware of these proceeding were its top managers (including Deutche Bahn’s CEO, Hartmut Mehdorn).

Once again, we are witnessing privacy and employee surveyance issues arise. Any organization is in its own right to safeguard its name, intellectual property, and even its trade and business secrets. But doing so correctly and stepping on their employees privacy are two different matters. Proper sistems should be put in place in order to audit each and every action done within an organization, even by the most privileged users. This kind of systems (like the Kinamik Secure Audit Vault), would act as deterrent for any misuse that may occur, and accountability and full responsibility would be in place. It would protect both the organization and its employees: the organization would be protected since employees would think twice before doing any unappropriate or ilegal action knowing that each and every action is being recorded and archived. And employees would be protected since these audited actions would include also the actions allegedly done by Deutche Bahn; any empoyee representative (e.g. union leader) could then run integrity reports and analysis on the audit trails for checking improper actions, and be sure that these reports can be unquestionably trusted.

It is common nowadays that banks offer different value-added services to their customers. Doing banking operations by phone or through the Internet is an everyday practice that obviously requires some kind of authentication; this matter is commonly addressed by -at the minimum- using some kind of password.

So if you go through life certain that your bank passwords are safe, and nobody can access that delicate piece of information… think again. As Bruce Schneider reports in his blog, this funny story has a bit of a worrying level underneath.

Summarizing the story up, Steve Jetley -a Lloyd’s TSB bank customer- decided to set his bank password as “Lloyd’s is pants”, just to find later that his password had been changed to “no it’s not” by a bank employee without Mr. Jetley knowing about this. The story gets worse when -after realizing the change- he tried to change it back to his original password or another similar such as “Barclays is better” on the grounds that it was “too long” (Barclays is a competitor of Lloyd’s). Even the password “censorship” wasn’t allowed.

Mr. Jetley received a full apology from the bank and the employee (I don’t know if the one that changed the password in the first place or the one that refused to accept the new ones given) was dismissed.

I think that leaving aside the possible comical side of this story, what worrying about this case is that banks are keeping their passwords in flat, non-encrypted forms in their databases. Why would an employee be able to see any client’s password? Or even further, why would an employee need to see any client’s password? So here for me there are two important issues:

1) confidentiality: makes me wonder how many of these important passwords that I have (banking, payment platforms, etc.) are still unencrypted, and

2) accountability: why would an employee see a client’s password?

I guess that the reason is that people (i.e. IT Managers, System Administrators, or even employees) access data for a plain and simple reason: because they can. If proper audit trails systems would be put in place, if there would be any kind of system that could serve as a “surveillance camera” that can prove irrefutably all the access and modification to data, there would be an automatic deterrence for this kind of behavior. People would not be sniffing around information they shouldn’t be looking at if they knew that all their actions were being audited, that these audit trails could not be tampered with and consequently they can -and probably would- be held accountable for their actions.