My two cents,
If you are that paranoid that you aren't even willing to trust there being an unencrypted version of the data in the destinations computer, I would forgo computers all together and meet them with the data, show them and explain it, and then destroy it. If it's that sensitive and super secret that you can't even trust a temporary medium like memory or pagefiles, then I'd imagine that the security is so high that it would justify the trip to their office, even if it requires a plane ticket.
That is, if I'm understanding the discussion correctly.
Or write your own using available technology
http//
jaclaz
The original post was how to get data from A to B securely. ie, if it gets lost in the post, it does not matter.
From the further replies, it appears that he wants to keep control of the data even when it has been safely received. Is this type of request actually possible without maybe linking back to a system to authorise any opening of the file?
The original post was how to get data from A to B securely. ie, if it gets lost in the post, it does not matter.
And for that, any strong encryption will do. As a matter of practice, I assume that the mail, package delivery services, etc., are not 100% secure and protect the data, accordingly.
From the further replies, it appears that he wants to keep control of the data even when it has been safely received. Is this type of request actually possible without maybe linking back to a system to authorise any opening of the file?
Not practical, anyway, which is why I question the need to go through all the hoops. As I said, the responsibility for protecting the data lies with the data owner. Most of the clients with whom I have worked want to keep it secure but simple. There is a limit to the practicality of keeping a client safe from their own misadventure.
As an aside, we were involved in a very sensitive trade secrets case ($20 billion in alleged damages) in which ALL of the trial documents were designated as Restricted Confidential, but both sides kept the trial documentation (which included documents describing the trade secrets), in EMC's Documentum eRoom. The legal teams were made up of attorneys and experts from around the country and this was the only practical way to share the trial information.
I second the hand delivery, view in person, destroy method.
We often allow some information to be previewed in a secure conference room on a screen. No recording devices of any sort allowed. They can spend as much time as they want with the data, but there is always one person in the room with them controlling the media.
If you are following jhup and others' choice of a "view-only" option; then one way of remotely doing so may be a webex or similar technology…
But at some point, you have to trust the recipient (someone said this earlier too) to not printscreen or some other method to subvert the check/balances you're trying to achieve. But now you're getting into DRM-like technologies that would require a more infrastructure and administrative overhead (in my opinion). I'm unsure if Adobe Acrobat Pro has such features as expire this file after X days, do not allow printing/copy/paste/etc., but if it does, that may be a cheaper way to go. But again, these are DRM-like technologies that are also subject to imperfect human logic and implementation (and therefore hackery).
If the only thing you want to achieve is protection during transit, then I'd suggest using some secure file transfer service like SFTP/SCP, etc. to transfer (as seanmcl suggested) a protected SE-executable.
I'm interested in what you decided to do and why.
If you're paranoid and also don't want the recipient to be able to make an unencrypted copy of the data, the only solution is to not give them the data in the first place. Any kind of DRM (which is really what you're talking about, at that point) is simply making it less convenient for them to copy it.
If you reasonably trust your recipient not to be malicious, all you need to do is reduce the chance that they inadvertently make an unencrypted copy (which as Sean points out, isn't really all that easy).
Of course, if you only need to protect it in transit, then an encrypted ZIP file is just as good.
Thanks for all the replies guys - I think some of you have gone off on a complete side note but it is very interesting to read all the different ways you can do this.
My original request was to see how the majority of people send a CD from A to B securely, but I expanded to see how people minimalise the spread of evidence at the other end. I see the view on once you send them the data - it's in their possession and you've done your job. I don't want to treat the clients as idiots - but at the same time I want the CD I'm sending to be simple to decrypt and minimalise risk of the data being left on the clients hard drive. Yes I know that the machine with cache a copy and files will be kept in the RAM but then again it's overkill to start looking into blocking this as well.
I went with the truecrypt volume, and created an autorun.inf file to automatically run truecrypt in the command line via a batch file that auto mounted the volume whilst prompting for a password. This is working great so far.
This is turning into a great thread - it's definately got my thinking cap on.
If you are following jhup and others' choice of a "view-only" option; then one way of remotely doing so may be a webex or similar technology…
No Webex or such. That would allow screen scrapes. lol
They have to be physically present.