Stata The Stata listserver
[Date Prev][Date Next][Thread Prev][Thread Next][Date index][Thread index]

Re: st: Protecting data sets


From   Phil Schumm <[email protected]>
To   [email protected]
Subject   Re: st: Protecting data sets
Date   Thu, 5 Jan 2006 09:57:15 -0600

On Jan 5, 2006, at 8:30 AM, Fred Wolfe wrote:
We sometimes loan our set of research stata dta files and programs we have developed to investigators to work with. We have some concern that the files could be passed on to others that shouldn't have access to them or that they might just sit on a computer and be accessible to other. It occurred to us that one way to protect files would be to have a pass word and date requirement. For example, after 6 month the dta files would not be accessible without a (changing) password (which we would have to supply). I wonder if anyone else has thought about issues such as these or if Stata Corp has some plans or ideas on the subject.

In order to share sensitive files with another individual, you must trust that individual to handle those files properly. This includes disposing of them securely when he or she is finished using them. The expiration date you suggest could be easily subverted in a number of ways (e.g., one could simply read the data into memory and then save a copy, or alternatively, simply open a log file, list the data, and then read it back out of the log).

Sharing files via symmetric encryption (i.e., using a common password) is inherently problematic. First, the password itself must be shared (and stored) in a secure manner, and this can be difficult to do. Second, you need to generate a different password each time you want to share with a different person or set of persons. These problems are avoided with public key (or asymmetric) encryption. We use public key encryption extensively to store and distribute data files securely for several collaborative projects.

Take a look at http://www.gnupg.org/. From there you can download GnuPG -- a widely used open source program for public key encryption. To learn more about public key cryptography, you might try the "Links" page on that site and/or Wikipedia. If you're instead interested in a commercial solution, see http://www.pgp.com/.


-- Phil

P.S. One drawback with using gpg to encrypt data files is that you must decrypt them manually each time you want to use them, and then remember to wipe the decrypted version when you're done. A possible way to facilitate this would be for -use- to recognize that a file is encrypted and then call gpg automatically to decrypt it (prompting the user for his or her passphrase), piping the decrypted stream directly into Stata (this way, a decrypted version of the file is never written to disk and thus you don't have to worry about remembering to delete it). I believe GnuPG can be built on all platforms supported by Stata. Perhaps I'll raise this as a "wish" at the next Users Group Meeting.


-- Phil

*
* For searches and help try:
* http://www.stata.com/support/faqs/res/findit.html
* http://www.stata.com/support/statalist/faq
* http://www.ats.ucla.edu/stat/stata/




© Copyright 1996–2024 StataCorp LLC   |   Terms of use   |   Privacy   |   Contact us   |   What's new   |   Site index