a page of technology, maybe one of my good ideas but in that case one of my professional failures
Preamble
Years ago, before CD-R, there were optical drives known as WORM ('Write Once Read Multiple') drives. They were expensive and I looked at them briefly and longingly as a means of offline storage of images, this in the days when 80MB was a large HDD, USB thumbdrives weren't even on the horizon, image compression was not so well-developed and image storage was a real problem despite small file sizes necessitated by relatively small memory (my 16MB of RAM was in those days greeted by friends with a 'wow').
AFAIK they are no longer available, made redundant by CD-R, CD-RW and the various DVD formats. Were I dictator-for-life, that would change. This isn't quite what the Wikipedia article said last time I checked. There's more to WORM than you might think.
The beauty of the original WORM drives as opposed to CD-R is that on a true WORM you can't easily change the data once it is written. The firmware in the drive prevents it. This was not a deliberate feature, and nobody seems to have valued it. Again, were I d-f-l I'd not only bring back this feature, I'd strengthen it.
Business use
The WORM drive is the right medium for any data that has the following characteristics:
- It needs to be stored for more than a few days.
- It shouldn't ever be changed once it's written.
These are of course the characteristics of nearly all financial data. Errors in a ledger aren't corrected by changing them. They are corrected by reversing them with balancing entries. Or that's what my audit training told me, anyway. A hard disk drive, on the other hand, is about the worst possible storage mechanism for such data.
The rejection of my proposal to the EDP Auditor's Association (published in Australia in EDPACS newsletter, I don't have the date to hand) that we should promote the use of WORM drives was, in hindsight, the beginning of my disillusionment with auditing as a profession. WORM drives stood to empower the people, and reduce the overheads of financial auditing.
I thought at the time that nobody cared. I'm now a bit more cynical. I now think that at least some of the senior people in the big accounting firms quite correctly saw that use of WORM devices stood to reduce both their corporate and individual incomes!
Again, if I were d-f-l, every ATM, every POS terminal, every place that is capable of offline processing of financial data would have a cheap, mass-produced WORM drive, using cheap mass-produced media not mountable on a CD-R but using similar technology, and with a "printable" top surface which could not only be printed, but also signed with a felt pen. Large corporates would similarly keep records of auditable information in this form. Some court and government proceedings would be similarly recorded.
These disks would be kept for a period as archives of the transactions. Some of the more important ones would be lodged in a national archive, some of them indefinitely.
Possession of machinery capable of tampering with these records would be a criminal offence similar to counterfeiting. There is no reason for anybody to have such gear unless they are committing fraud.
Food for thought? Maybe it's not too late. If we are serious about empowering the little guys, and protecting them from Enron and the like, WORM drives still make a lot of sense to me.
Private and general use
Imagine that you could save a file knowing that no virus, ransomware, or error could ever corrupt or delete it.
That's what saving a version to a WORM drive does.
Attractive? It should be. Files include not just documents and images. They even include programs. Still more attractive? It should be.
Why they don't want you to have it
There are obviously issues if you live in a state or territory where you have reason to fear the authorities. These authorities might for example compel all users of computers to keep logs of their emails, and reveal any passwords protecting them. But that's already happening even without WORM drives. Where I live, if the police impound my computer, or even a hard drive or thumb drive etc, and find it's password protected and ask me for the password, I am obliged to give it. If I've honestly forgotten it, I'm a criminal.
And that's in a country that calls itself part of the free world. As Arlo Guthrie said, they'll get anybody.
But there are far more sinister reasons for opposing WORM technology. I said above, programs are themselves files. If I had for example saved a complete image of Windows XP Service Pack 3 (oh how I wish I had!) with Office 97 installed (all of which I bought and quite legally installed), I'd be much happier running that than forced to use Windows 10 and go to an online-only version of Office. And that does not fit the business plan of Microsoft one bit!
And there are also cynical reasons for my former profession of EDP Audit to reject the idea. It could save the clients a lot of money... Some of which they now pay to their auditors!
Is that beyond the realms of possibility? When I suggested the idea to my then colleagues, the reasons that the members of big accounting firms gave for dismissing the idea were rather lame. But they were very ready with these reasons, to the point that I now suspect that I was not the first to make the suggestion.
How it could work now
Obviously the previous technology could be rolled out again. But that's not the only way, or even the best way.
I'd suggest instead that what is needed now is a WORM thumbdrive that plugs into a USB port. But there are many possible hardware implementations and variations. The piledriver approach is for it to be intelligent, but for its own programming to be strictly non-upgradable. Burned into ROM preferably. Its storage can then be RAM or ROM, it doesn't matter.
Because for the data storage itself, ROM has neither advantages nor disadvantages over RAM. The data needs to be protected against any form of corruption.
It should be bootable, and it should be possible to save an image of the device storage (both real and virtual) and use it to carry on from the point at which the image was saved. This doesn't preserve any open files of course, they need to be backed up separately. But it does save images of the programs.
Each piece of such media (ie each thumbdrive if that is the medium) should have a physical serial number of course, and this serial number should be clearly visible on it and tamper resistant, and digitally available from the device as well. Nothing is completely tamper-proof of course, but tampering with such a device should in many cases carry criminal penalties.
And if the media programming ever really needs an upgrade itself, you simply transfer the data to a new thumbdrive and (securely) throw the old one away (ie destroy it) or archive it (depending on your management controls over the data). Any other approach is a compromise and the security can be breached. But that approach is secure, and easy.
It's still a business opportunity IMO
So watch this space! I disclosed it back in the 1980s so I cannot patent it. But I'd love someone to run with it like any of my other good ideas.
2021 Update
Ransomware is in the news. See Colonial_Pipeline_cyber_attack and tell me, wouldn't it have been good had this been physically impossible?
So why isn't it possible, even trivial, to prevent such things?
I have several friends who have suffered ransomware attacks. Some have paid quite a lot of money, but none of them have got their files back. Others have just accepted the loss.
Comments (0)
You don't have permission to comment on this page.