All classified docs are kept in a secure room for storage with external RF blocking; the folder has an RFID (or similar) tag
When an item is requested, the contents are moved to a new folder with a temporary barcode or similar
When the item is returned, the temporary barcode is destroyed and the document is placed back in the secure room
Step 2 could use a temporary RFID tag as well, which gets replaced at each checkout. That way all an attacker would know is that an RFID tag is being used, they wouldn’t necessarily know it’s a classified document.
Obviously the approach would need to be refined (I don’t deal with classified documents), but the general approach should work, especially if RFID is used for a bunch of less sensitive documents as well so RFID tags become commonplace.
What’s nuts to me is that it took so long for authorities to track those documents down, and they didn’t even get them all. They should have all been tracked down between the time Trump lost reelection and the time he left office, and perhaps confined to the White House.
I deal with consumer data analytics, and the scheme that you are positing does expose the frequency and density of specific actors and their access to classified information. This is really valuable, you can tell when someone gets a promotion and maybe has access to more info then they are used to or some other exploitable paradigm.
If it’s just a printed barcode sure, it could be tracked like this without exposing information. Trouble is that classified documents are living documents, and the information only becomes classified when it’s collected by some operative or officer, who may or may not register the documents with this central tracking authority.
The next issue is the capability of the central tracking authority to review, access, curate all of the reports that it has received, and their confidence that their internal staff do not breach the access rules on these documents hello Snowden.
Sure, but it’s not very helpful if most of those documents aren’t very interesting. I’m suggesting we tag every official document, whether interesting or not. An attacker would need to know which tags are interesting to get any value from it.
I’m thinking something like this:
Step 2 could use a temporary RFID tag as well, which gets replaced at each checkout. That way all an attacker would know is that an RFID tag is being used, they wouldn’t necessarily know it’s a classified document.
Obviously the approach would need to be refined (I don’t deal with classified documents), but the general approach should work, especially if RFID is used for a bunch of less sensitive documents as well so RFID tags become commonplace.
What’s nuts to me is that it took so long for authorities to track those documents down, and they didn’t even get them all. They should have all been tracked down between the time Trump lost reelection and the time he left office, and perhaps confined to the White House.
I deal with consumer data analytics, and the scheme that you are positing does expose the frequency and density of specific actors and their access to classified information. This is really valuable, you can tell when someone gets a promotion and maybe has access to more info then they are used to or some other exploitable paradigm.
If it’s just a printed barcode sure, it could be tracked like this without exposing information. Trouble is that classified documents are living documents, and the information only becomes classified when it’s collected by some operative or officer, who may or may not register the documents with this central tracking authority.
The next issue is the capability of the central tracking authority to review, access, curate all of the reports that it has received, and their confidence that their internal staff do not breach the access rules on these documents hello Snowden.
Basically collecting information on the movement of documents is a security risk in itself.
Papers in a flaming trash can are secured. Not much else.
Sure, but it’s not very helpful if most of those documents aren’t very interesting. I’m suggesting we tag every official document, whether interesting or not. An attacker would need to know which tags are interesting to get any value from it.
I’m thinking there wouldn’t be enough secure rooms to house all the documents, without making it difficult to access them. I