Long-Term Archiving Problems

In terms of data security, long-term archiving is a specific problem. Not a problem because a majority of correspondence and documents has a short life? That may be true, but the remaining minority which deserves or downright requires long-term archiving contains far more serious information.

In the business environment, for instance, long-term archiving is necessary because, in some cases, the legislation or business interest requires it. A few examples, among others, include basic accounting documents with a compulsory archiving period of minimum 5 years or business contracts where it literally pays off to archive contracts until the end of the warranty period.

Medical record archiving would be a very specific chapter, but we would need a whole new series…

At first glance, archiving looks simple: all you have to do is encrypt the document using the same method you trust during an e-mail transfer, and then keep it in a secure storage. Wrong! The devil is in the detail called “long-term”. Remember (or browse) the previous chapters  where we explained the term “half-break” and discussed how the security level declines with time. Because the decline is not linear, it falls dramatically with “long-term” time.

As a result, there is a real threat that an attacker who manages to access your archived document may cause a major damage to any individuals mentioned in the document by learning or publishing its contents, even if he cannot read it right away, but perhaps years later. Additionally, such an attacker usually accesses more than one document and therefore can use statistical methods comparing several texts encrypted with the same method and key to accelerate the breach.

There is a number of related problems as well: in time, even small, regular contributions grow into a huge data volume, and running your own data storage with a corresponding capacity becomes expensive. It would be therefore advantageous to use a professional cloud storage. But whoa again! The storage operator (or his employees and all hackers who in the course of time have accessed the cloud) have your document potentially in their hands and can, if they are motivated to do so, spend years on its decryption.

In addition to these problems, we must not forget that long-term archives require much more effort when it comes to the key management proper design. What good is a correctly archived document if we are unable to submit it at request to, for example, the financial inspection because we have somehow lost the key needed for its decryption. Or if the list of individuals authorized to decrypt the document includes more employees for backup, all of whom however have in the meantime left the company.

Everything points again to the fact that our ideal system would be such a cryptographic system which would not rely solely on a probability-defined security level, but also ideally support a sophisticated and dynamic, continuously modifiable key management. In the next chapter, we will illustrate how people searched for such a system (and found it) in times of great crisis, the WWII.

When it comes to long-term archiving, no link is more appropriate than the fate of Mary Stuart, Queen of Scots, discussed in the early chapters of our series: so far we have not bothered with historical data, we can however learn from them. Mary was interned in 1568 when she fled to England after the lost Battle of Langside (a part of Glasgow today). She was executed nineteen years later, in 1587. Historians agree that her incriminating letters were intercepted a long time before her execution and her life depended only on their decryption. Thomas Phelippes, the royal intelligence gatherer (today we would say, cryptologist) managed to do just that in 1587.