Security of Important Files
June 20, 2009 11:36 AM   Subscribe

There isn't a technical solution, only legal solutions in the form of contracts, NDA, etc. IANAL
posted by furtive at 11:39 AM on June 20

Also, as programmer, let me say that the best way to prevent me from doing my work is by having a boss who's an inhibitor instead of an enabler. Do everything you can to make their job easier, not harder.
posted by furtive at 11:40 AM on June 20 [2 favorites]

And why on earth are the programmers referencing code on your computer?
posted by furtive at 11:41 AM on June 20

The only thing that comes to mind for me would be if you had the files and the development environment running as a guest OS within virtualization software like VMWare or Virtual PC and had the guest OS locked down to prevent network access and shared folders and things. But it would be complicated and by no means foolproof.
posted by XMLicious at 11:55 AM on June 20

If you had a computer system that worked the way you want, sure, it would not be terribly inhibiting. The problem is, there is not any PC operating system that works that way.

So if you want to get any practical amount of protection, that cannot be easily worked around by an average third-grader, you are going to have to lock things down much more severely -- and in that case it definitely will be inhibiting to getting work done.
posted by xil at 12:14 PM on June 20 [1 favorite]

Virtualization isn't a proper solution in that people can copy/paste from from a virtual server. Even in an extreme example where screenshots/copy paste are disabled (how can a developer get any work done if copy/paste is disabled) they could still transcribe content to their hearts content to an editor (or good old fashion paper). You could disable drives, USB, etc. but you'd also need to disable the internet on their machines, but what about them using a different computer to access the content, or taking a picture of the screen with their phone, how much resources do you have to manage and more importantly what kind of work environment are you creating at this point?

Encryption doesn't help besides moving a file securely from point A to point B, but it doesn't protect you once the person can read the contents of the file.

I implore you to follow industry norms and instead focus more on making sure your dev team is following best practices in software development. You biggest concern as a manager shouldn't be people stealing your code (you have legal recourse) but that you might lose all your code accidentally.

The first tool of any development team should be source control (aka version control, revision control, source code management, etc.). This allows people to check out and check in code, compare, merge and if necessary rollback versions of code. Popular source control tools include CVS, Subversion, GIT, Perforce, etc. If you don't have some form of source control in place then stop reading this comment and either take immediate action by getting a manager with proper experience.

The second step is making sure that your source control content is backed up properly. If that server's drive dies you just lost your business.

After that's in place, take a look at The Joel Test, you'll have step one in place, and you can gradually work your way through the other 11 steps.

Personally, just by the fact that we are having this conversation I am deeply concerned that you do not have the knowledge or experience necessary to manage a development team (assuming you are responsible for your programmers). That's not the end of the world, maybe you have a solid team of programmers that take care of these things for you, but right now you should be focused on making sure that:

1) you don't lose any source code to accident, be it man made or natural
2) that your developers have the tools and freedoms necessary to do their job
posted by furtive at 12:18 PM on June 20 [5 favorites]

furtive gave you the answer, but they weren't in my opinion forceful enough.

There is no possible reasonable technical solution to this, given that you're unable to block network / external devices. If they want, they can copy the files over to a jump drive. Or boot the computer using a livecd and going at it from there. Decrypting the files when running just means that they'll have to make sure it's open when they attack it.

More importantly, considering they can read the files, they can just copy it to another file with no encryption.

Give up looking for a technical solution. Go legal - it's a pretty standard concept that you want, and you'll have a contract anyways, right?
posted by Lemurrhea at 12:19 PM on June 20

Sure, create an atmosphere of distrust towards your employees now, and then worry about why nobody wants to work for you later.
posted by furtive at 12:42 PM on June 20

Seconding the notions that security is pretty much impossible when people have physical access to the hardware, and that employees don't generally appreciate these kinds of measures.
posted by box at 12:47 PM on June 20

Virtualization isn't a proper solution in that people can copy/paste from from a virtual server. Even in an extreme example where screenshots/copy paste are disabled (how can a developer get any work done if copy/paste is disabled)...

In my experience with VMWare, the "VMWare Tools" thing has to be installed in the guest OS for copy/paste to work at all so it's pretty simple to disable, not extreme at all. Without the Tools installed you can copy and paste between applications within the guest OS, and copy and paste between applications in the host OS, but you can't copy and paste from the host OS to the guest OS nor vice-versa.

inquisitive, if you were to actually do something that prevented a developer from making a copy of a file he's working on, even to the same directory, it really would be pretty handicapping IMO. I would probably recommend a 2nd computer that's disabled from network access even rather than virtualization, or some form of surveillance, which would be the most fool-proof.

But really, unless you're operating in some sort of extremely unusual situation, like this is a criminal enterprise or is taking place in a country where an NDA would be un-enforceable, the advice other people are giving to go with more conventional approaches is probably best.
posted by XMLicious at 1:08 PM on June 20

inquisitive: I strongly believe in intellectual property, and I've worked for companies from the smallest in size to the largest, both as an employee and an outside consultant, that believed in intellectual property. But the problem with intellectual property is that physical means can't limit its propagation. If the RIAA can't stop the copying of illegal music and the MPAA can't stop movies being downloaded what makes you think you can stop the propagation of plain old text?

As such the best way to protect intellectual property is through legal means.

Have your employees sign an NDA, have a contract that says they will not write the exact same software for themselves or somewhere else for x years after they leave, have copyright statements in the headers of your code. Have it all vetted by a lawyer. File patents as needed, do what's needed to deal with intellectual property.
posted by furtive at 1:13 PM on June 20

There's only one way to get the kind of security you are asking for.

Learn to do all the programming yourself.
posted by rokusan at 1:17 PM on June 20 [3 favorites]

I'm with all those who think you're behaving in a slightly deluded way about this. Ultimately any programmer worth employing will gain sufficient understanding of your code that they'll be able to go home, boot up their own PC, and create a functionally identical system to yours in their own time.

The only way round this would be brainwashing.

You could of course add something to the contracts of your programmers that allows you to strip-search them every time the enter and leave the building. And of course, you would need to ban mobile phones and digital cameras because taking some photographs of the source code and putting the images through some OCR software is pretty trivial. At the very least you'll need to cut off all Internet access. For added security, make sure you don't have any printers or blank paper and writing implements.

Ultimately your programmers care about 100 times less about stealing your code than you think they do. Nobody, not Google, not Microsoft, not EA, not anybody in the mainstream software development world, does what you seem to want to do. If you're dealing with something that could cause widespread death and destruction if leaked, then maybe you do need to be this paranoid. But then, you probably shouldn't be talking about any of this on AskMe.
posted by le morte de bea arthur at 1:55 PM on June 20 [3 favorites]

Really, your two best options to ensure that your source code stays inside the building (really, this is what you are trying to do, at the end of the day, yes?), are strict code management and versioning systems, tracking who checked out what piece of code to work on and when, and monitoring the channels through which that code can spread. These are already existing systems you can get and configure to use inside your business, many businesses intentionally block all non work email (including proxies and access to gmail for example) for example, because the work email systems archive and track all messages leaving the building, and depending on the business this is a legal requirement.

If you can track if code has left the building, and who had access to that code, you can then deal with that employee properly, and other employees will know this is a not a laughing matter, etc.

However, there is a cost / benefit ratio involved, and also the general problem of how much is your code security worth for you? Is crippling your developers performance by 20%, so your 100 man hour project will take another 20 hours to complete, to prevent what could be considered a code leak that costs you 10 hours of work. So you've prevent the code leak, but at twice the cost of the leak itself.

And more importantly, if you do not have the skills and ability to implement such a system yourself, you are going to have to contract with another party or individual to configure such a system for you, so again, at the end of the day, your safest and best way to ensure your data is through legal means, enforceable contracts, and practical assessment of what it is you are trying to accomplish.
posted by mrzarquon at 1:57 PM on June 20 [1 favorite]

What you are trying to say is that trust your people and leave all information readily available for them to be copied !!

Why then do you lock your home doors ?

This is a faulty analogy. The source code to your project is the valuable thing you're trying to protect, right? But the programmers are working on your source code. They need appropriate access to it in order to do the job that you hired them to do.

I do normally lock my home doors---it's true. But if I were to hire someone to paint my walls or install carpeting or clean the kitchen, I wouldn't keep the doors locked when they knocked on the door.

I also wouldn't impose unreasonable restrictions to their access---"sure, you can paint the living room, but only if you do it blindfolded." That kind of tactic would annoy the worker and cost me money (in lost productivity).

Here's the point: computers are machines for making copies. That's what computers are good at. If there's data on the screen, chances are that it's easy to make a digital copy of that data. It's possible to take measures to counteract this fact, true, but you should ask yourself this: at what cost? Will it actually be cheaper in the end to take these countermeasures, thereby hampering the productivity of your programmers?

There's an additional cost that you might not have considered: think about the limitations your no-copy policy will impose on your ability to hire talented programmers. I think most programmers in this thread would agree that they would think twice about working for a company that intentionally crippled their workstations in the name of copy protection.

Now, maybe your intellectual property is valuable enough for you to think that these costs are justified. But there's still this to consider: unless you're the only one who will have full access to the source code, you have to trust someone. That's why you hired programmers in the first place: because you can't make all the changes to the source code yourself.

In fact, you already trust a lot of people: you trust your hardware, operating system, and network vendors to not install backdoors in their products that allow for unauthorized access to your data; you trust your staff not to physically steal hardware from the premises of the business. You're confident in extending this trust because there are legal and social consequences to breaking this trust: employees that steal hardware can be charged for a crime, and companies that sell insecure products won't stay in business.

These same consequences apply to programmers, and they deserve your trust just as much as your vendors or other employees in your organization.
posted by aparrish at 1:58 PM on June 20

Ask yourself what other companies do in your situation. Do they go to crippling and counterproductive lengths to protect their property? No.

What they do is a.) hire trustworthy people and keep them happy, and b.) have a legal firm draw up employee contracts that protects your property in the event it is stolen.

You're putting the horse before the cart by assuming theft is inevitable. You'd also create an oppressive environment of distrust that will impact productivity.
posted by wfrgms at 2:05 PM on June 20 [1 favorite]

You're quite clearly looking for a technical solution to a social problem. There's no way to prevent your code from leaking out while still allowing your programmers to effectively do their jobs.

Why then do you lock your home doors ?

Because I haven't hired everyone in the world to work on my home. There is a difference between preventing a stranger from stealing something from you (Door locks/ Secure passwords) and preventing someone you know from stealing something from you (a friend visiting/ employee).

To do what you want, you would have to do the following:
Disable internet access.
Disable all removable storage.
Disable printing (or keep the printer in your office and check every document printed).
Forbid employees from having devices with cameras.
Forbid employees from taking home any notes.
Hope they can't memorize sections of code.

Or, just hire another person for every programmer that simply watches everything the programmer does.

Or, you can do as suggested (and dismissed by yourself) above, and follow the very common method of getting a lawyer to draw up an NDA and having your employees sign it. If you're in a situation where an NDA would not be enforceable, and you don't trust the people working for you, you need new people.
posted by borkencode at 2:06 PM on June 20 [2 favorites]

Encryption is a way to let Alice to encode a message which is readable by Bob and unreadable by Eve. Despite numerous well-motivated but failed attempts, this is still theoretically impossible when Bob and Eve are the same person.

Adding the constraint that Bob also can't be blocked from internet access or external media doesn't make it any less impossible to prevent illicit copying of your files, but now it's impossible even to make illicit copying of your files inconvenient. If you can't trust your own employees, at the very least you'll want to keep any temptations on an isolated intranet with computers whose removable media, USB ports, etc. have been disabled.
posted by roystgnr at 2:11 PM on June 20

On Windows the way you deal with this is by auditing file operations and notifying yourself when something sensitive is copied. Trying to prevent critical file operations in certain circumstances is not practical given your stated constraints.

But, and don't take this personally because it's more common than you think, but you have to consider that your code just might not be worth stealing.
posted by rhizome at 2:27 PM on June 20 [1 favorite]

Perhaps I'm missing something here, but basically you want to give your programmers read access (and write, presumably) access to the source code without letting them use that access to make copies. This is kind of a ridiculous request. Either they can read it or they can't; if they can, they can make copies. You can perhaps make it more difficult for them to make copies by disabling access to external storage/network/printing services, but really that's not making things significantly harder.

Moreover, your programmers probably know more about your software's inner workings than you do (I'm assuming here that you're non-technical from the tone of some of your comments, but that may be a flawed assumption); they can probably reproduce the non-trivial bits without literally copying source code, and can probably also fairly easily defeat any obstacles you erect to make copying the code more difficult. Contractual agreements are going to be a more effective way of protecting your source code.
posted by axiom at 3:16 PM on June 20

What you are trying to say is that trust your people and leave all information readily available for them to be copied !!

Why then do you lock your home doors ?

If you don't trust your staff -- your team -- why are they working for you? I don't leave my doors unlocked. However, everyone who lives in my house has a key.
posted by Robert Angelo at 6:44 PM on June 20 [3 favorites]

"Blocking internet access or external devices using Firewall or OS features is not a practical option.
Is there a solution ?"


No, there isn't.
posted by TravellingDen at 8:45 PM on June 20

At best your programmers will roll your eyes at you; at worst they'll go work for someone who understands programming. In the middle ground you'll annoy them and throw up roadblocks to them doing work for you. You really want to make it impossible for them to print out a troublesome bit of code so they can debug it?

Please understand, programmers write code. It's not a secret formula to us. I could easily write programs that duplicate the function of my employers' products, even without having a copy of the code. Think about it: we wrote it from scratch in the first place, we could write it again.

But believe me, your programmers have no interest in stealing your code. If they even ended up in the same industry, your code wouldn't meet the needs of their new employers, and they'd rather just write new programs anyway.
posted by zompist at 10:08 PM on June 20 [1 favorite]

rokusan has the essence of this issue:

There's only one way to get the kind of security you are asking for.

Learn to do all the programming yourself.

However, this is not to say you have to do all of the work yourself. You can do all of the work that involves access to the machines that have the code on them. You'll have to type and compile the code, but that doesn't mean you have to think up the code that should be written.

You can convert your programmers' jobs from programmer to "development adviser." When you run into a problem, you can call or video chat with one of your advisers and orally describe the issue, and he can verbally tell you how he would write the code, perhaps even emailing you code snippets. Then, you can try to compile and integrate the code he describes. If you run into an issue with compiling, linking, or integrating, you can then call one of your advisers again, and he'll explain to you what he thinks is wrong and shepherd you through it, but without making direct contact with your source code, which is the key.

It might take you more time personally, but a side benefit of this approach is that, eventually, you'll learn how to write the kind of code you need. Then, you can drop your advisers, save money, and reduce the risk of an outsider stealing your uniquely valuable codebase even more.
posted by ignignokt at 10:57 PM on June 20

I develop software in a company that deals with large volumes of genuinely-sensitive data; if we had a bunch of it walk out the front door it would be on he national news the moment word got out. If there were a system that allowed people to work effectively with information while somehow preventing them from doing anything that offered them the slightest opportunity to steal it, I assure you we'd be using it. We aren't, because there isn't.

Seriously, if you distrust these people this much, why on earth did you hire them in the first place?
posted by Lazlo at 11:55 PM on June 20 [1 favorite]

Say it with me three times: "MikeWas is not my lawyer." "MikeWas is not my lawyer." "MikeWas is not my lawyer."

That said, there are two, possibly three, different legal methods, tried and true, that can work for you.

First, copyright. This code will be created for you, by employees, making it property of you from a copyright standpoint. Register that copyright. Any code which is directly copied by your employees, or re-created as a derivative work, would likely be an infringement for which you could seek remedies including any profits they make from your property.

Second, contractual protections such as NDA's and non-competes (if they are enforceable in your state). This will help you to protect the CONCEPTS that you're coding, where copyright might not.

Third, if your software is taking some new or novel approach, you may be able to patent it. This is probably the most expensive and complicated approach, but if you're inventing a new wheel, it's worth considering.

Or, as a previous poster said, you can just write the damn thing yourself.
posted by mikewas at 7:20 AM on June 21

Bookmark The Daily WTF, because I guarantee you if you don't change your mind about some fundamental management principles quick, you will show up as a front page article on that site, by the first programmer who's smart enough to quit your company.
posted by Gortuk at 7:32 AM on June 21 [2 favorites]

At DoD (I'm told by a classmate who works there) that the secret machines have the usb ports filled in with putty and intranet only physically connected.

If you wanted to, you could give everyone two machines connected by a keyboard-monitor-switch. Machine A can access the files, has no internet access or USB connectors. Machine B is normal. They can work on the files on MA and look things up on MB. This would be expensive and a PITA to set up.
posted by a robot made out of meat at 9:01 AM on June 21

Blocking internet access or external devices using Firewall or OS features is not a practical option.

Honestly, the problem is that this is the solution, in the cases where companies feel the need to do it. Like high-security things. Use disconnected computers with locked down OS that don't let you plug anything in. Simple, and easy.

You just want the security without the inconvenience.
posted by smackfu at 9:50 AM on June 21

Well in the case of personal productivity software, Microsoft does make DRM plugins for its Office products that allow centralized folks to control what people do with their files. This however requires Applications that honor and respect the DRM. You would need tools like Visual Studio (and all the other tools in your toolbox) to support this scheme otherwise it falls apart. I don't think that Microsoft's Visual Studio supports this and you don't mention what tools or OS you use so I am with everyone else: This is folly.
posted by mmascolino at 10:14 AM on June 21

« Older Recently converted from Quicke...   |   Is this a twist on a money ord... Newer »