A Personal Security Classification Taxonomy (PSCT)

Who is ultimately accountable for protecting your private interests?  The simple answer is, “you are!”  But how does one go about protecting their own personal information assets, in a meaningful and cost effective way?  The obvious answer is to develop and use a security classification taxonomy that is on par with what governments use to protect their own national security & national interests.


It is strongly suggested that you already be familiar with the material covered in these posts:

  1. What to know about Need-To-Know.
  2. U.S. security classification taxonomies.
  3. The fallacy of Unclassified information.

Classifying Personal Information

The classification scope for personal information is anything directly associated with you, in which unauthorized or inadvertent disclosure, could reasonably be expected to have an adverse impact on your personal life.  When designing the Personal Security Classification Taxonomy (PSCT), the following factors were considered:

  1. Number of levels: Too many levels creates a continuum, that blurs the distinction between classification levels.  Too many levels makes it difficult to discern appropriate classification levels for information assets.
  2. Consequences for unauthorized disclosure: Levels should be delineated, based upon the consequences resulting from unauthorized disclosure.  Levels based on consequences help the classification discernment process.
  3. Strength of protective measures: Protective measures should be appropriate and proportional to the consequence you are trying to avoid.  Measures that are inappropriate or out of proportion will, because of human nature, be ignored.
  4. Amount of information in each level: The aggregate amount of information in all levels should form a linear scale; with the least amount of information in the highest level and the most amount in information in the lowest level.  Too much information in the higher classification levels can create an unbalanced, stressful, and unhealthy situation, in one’s personal life.
  5. Jurisdiction: The results are within the legal and cultural context of persons living within the United States. Differences in legal systems and cultural norms require modifications when applying the PSCT outside of the US.

Depending upon your particular lifestyle or cultural background, other factors may be considered as well.  However, based upon the previously stated considerations; the following classification levels should be sufficient for most people.

Life & Liberty: Unauthorized disclosure of personal information assigned to this level could reasonably be expected to result in the loss of your life or liberty.  Requires extreme, almost paranoid, protective measures; which may include destruction of the information asset being protected.

Wealth & Welfare: Unauthorized disclosure of personal information assigned to this level could reasonably be expected to result in loss of your finances, home, or health.  Requires strong protective measures to ensure that information cannot be disclosed without your knowledge and affirmative consent.

Lifestyle: Unauthorized disclosure of personal information assigned to this level could reasonably be expected to create lifestyle “annoyances,” requiring a moderate expenditure of time, money or resources to overcome.  Requires discretionary protective measures to reduce the risk of unauthorized or inadvertent disclosure.

Use caveats to group similar kinds of information together.  Suggested caveats include; Family, Financial, Housing, Insurance, and Medical.  Caveats apply to specific groups of information and can span multiple classification levels.

Let us suppose you have a “Financial” caveat for all information concerning your finances.  Where you bank might be classified as “Lifestyle – Financial,” because inadvertent disclosure could reasonably be expected to result in you being robbed at the ATM; and having to file a police report.  Your actual account numbers and PIN would be classified as “Wealth & Welfare – Financial,” because you want to ensure that only people who need it are given this information; to prevent the loss of your life savings.  And information concerning a large deposit for which you don’t plan to pay taxes on may be classified as “Life & Liberty – Financial,” for reasons that will not be discussed!

Any personal information that has not been classified is considered Unclassified.  This should include a rather large amount of trivial information about yourself.  Having too little Unclassified personal information violates the rule concerning the amount of information at each level; and attracts unwarranted attention to the fact that you have information worth protecting.

If necessary, you should create and promulgate as much “trivial information” about yourself as possible.  Internet social networking sites are an excellent way to promulgate such information, provided that appropriate precautions are taken to prevent the inadvertent creation of classified information; through the aggregation of seemingly unrelated pieces of Unclassified information.

Using PSCT In Your Daily Life

E-mail Accounts

Create and use multiple e-mail accounts; one for each classification level, including a regular Unclassified e-mail account.  Correspondence with banks and creditors should be done using your “Wealth & Welfare” e-mail account.  Correspondence with friends and family should be with your Unclassified account.  Legal correspondence should be through your “Life & Liberty” account.  Your “Lifestyle” account can be used to make online purchases or reservations.

Additional accounts should be created for caveated information that requires compartmentalization from other kinds of correspondence; such as a separate “Lifestyle – Adultery” e-mail account.  Doing so limits the amount of compromise that occurs from unauthorized access to your e-mail accounts; provided that you use different passwords for each one.

Having separate e-mail accounts also limits the type and amount of spam that you receive; limiting the Viagra spam to only your Unclassified e-mail account, provided that your “Wealth & Welfare” account is only used for bank and credit card company correspondence.  You also reduce the risk of falling victim to phishing; because you should never receive any messages from your bank at any other e-mail address besides the one designated for “Wealth & Welfare.”

Consider creating your separate accounts on different e-mail providers; being mindful of each provider’s reputation for data retention.  You may not for instance, wish to use Gmail for you “Lifestyle — Adultery” correspondence; because of Google’s reputation of keeping things “forever.”

And if you have correspondence that requires protection from possible government intrusion, you may want to use an e-mail provider whose computers are physically located in a country that is politically at odds with the United States.  Doing so creates an additional bureaucratic hurdle for the authorities to overcome, in order to subpoena information.

Do not incorporate classification level or caveat names into your e-mail address names, because doing so draws attention to the account name.  “JohnSmithF” is okay to use as an e-mail address, but “JohnSmithFinances” is not.

User Names, Passwords & PIN Codes

Many people choose the same user name for all of their accounts, choosing new ones only if they’re told “the one they wanted has already been taken.”  We are also told that we should choose hard to guess passwords and PIN codes.  But because of human nature; we usually end up picking one “unique user name” and one “really good password,” and then use them across all systems; like they were some kind of master key.

Unfortunately, if the master key becomes compromised, you must quickly change it for every place that you use it.  Always consider the amount of trust you have towards places where you use the same user names, passwords and PIN codes.  Never use the same user name and password for the adult entertainment site, that you use at your credit card company’s site.  Doing so increases the risk that your credit card account can be compromised.  Not because the adult site operators are dishonest, but because somebody might hack their site and use your account information.

Like the e-mail accounts, you should create unique user names that only you can associate with caveated information.  You can use “JohnSmithF” as the user name for financial information sites, “JohnSmithX” for adult sites and “JohnSmith” for everything else.  Memorize a list of passwords and PIN codes for each classification level.  Use your “Wealth & Welfare” PIN for you ATM and credit cards; and your “Lifestyle” PIN for your cell phone.  If your cell phone PIN becomes compromised, you won’t have to change the PIN to your ATM card.  Children are smart; the first 4 digit number they’ll try at the ATM is your cell phone PIN!

Social Networking Sites

Never post anything above the Unclassified level on Myspace, Facebook, Twitter, YouTube, or any other social networking site.  Like pieces to a puzzle, tidbits of Unclassified information can come together through aggregation, creating new classified pieces of personal information.  When in doubt, don’t post.

Additionally, to ensure extra privacy, consider the use of aliases when creating profiles on social networking sites.  The use of aliases is legal, provided you are not trying to break any laws.  You then have the luxury of revealing yourself to individuals at your convenience.


Cell Phone Text And Picture Messages

Wireless providers keep copies of every text and picture message you have ever sent within the last two years, or more.  In the Casey Anthony and Kwame Kilpatrick criminal cases, wireless providers turned over thousands of text and picture messages to law enforcement agencies.

Their availability as evidence is subject to the terms of US Code (USC), Title 18, Section 2703, “Requirements For Governmental Access,” which states that telecommunication carriers must provide assistance to law enforcement investigations.  Wireless providers are also subject to the terms of USC Title 47, Section 1002, “Assistance Capability Requirements,” which says that carriers must also have the technical capability to intercept communications.

All text and picture messages are forwarded to your provider’s “mediation switch,” which serves as an endpoint to the FBI’s Data Collection System Network (DCSNet).  Most wireless providers outsource their mediation switches to VeriSign Wireless Mediation Services [Link to this particular page went 404 after publication of this article].   Mediation switches communicate with DCSNet “central monitoring plants” by means of Virtual Private Networks (VPN), over Sprint’s Peerless IP Network.  This is a privately run IP network, that is isolated from the public Internet; like the DoD’s SIPRNet.

Unless you can claim Attorney-Client privilege, never send anything above the “Lifestyle” classification by text or picture message.  If you absolutely need to send information above that level, use your phone’s Internet browser to send the message; using an Internet webmail site like Yahoo Mail, as the content of such messages will not be kept by your wireless provider.

Messages sent or received via your wireless provider’s Blackberry E-mail service can be kept, because the carrier is providing you with the e-mail service.  At this time however, such records appear limited to only transactional logs, [date, time, subject, to and from] and not actual message content.  This is because of technological and cost reasons, which could change in the future.

“Information service” providers and 100% “cloud based” communication services are not currently subject to the requirements of either USC Title 18, Section 2703 or USC Title 47, Section 1002, but this may change at a future time.  Legislation such as  the “Internet SAFETY (Stopping Adults Facilitating the Exploitation of Today’s Youth) Act of 2009,” S. 436 [US Senate] and H.R. 1076 [US House of Representatives], increase record retention requirements for Internet services.  These bills also have the potential to impose governmental record and data retention requirements, of two years, on owners of home WiFi networks.

USC Title 47, Section 1002, does not require that telecommunication carriers be able to decode encrypted messages; just that they be able to “intercept them.”  However, there are efforts within the US to create laws similar to the United Kingdom’s Regulatory Investigative Powers Act (RIPA), which imposes two to five year prison sentences for failure to hand over passwords and cryptographic keys, when subpoenaed.

Cell Phone Instant Messages (IM)

There are two ways Instant Messages (IM) can be sent and received by a cell phone.  The most common way is for the IM to pass through an SMS gateway that converts the IM to and from text messages; that are relayed between your cell phone and the IM service [AIM, Windows Live, Yahoo, et al].  The second way is for your cell phone to use an IM client that directly communicates over the Internet with the IM service, without the need for a gateway.

Any IM that pass through a gateway are subject to the warnings mentioned for cell phone text messages.  IM that are sent or received using a client are not, because the client directly communicates with the IM service, via the Internet.

Some wireless providers, such as Verizon Wireless, provide users with IM clients that are really text message managers; not “real IM clients.”  If your wireless provider counts IM as text messages, then you are using a gateway.  If your IM are being counted as Internet data usage then you are using a “real IM client.”  In any case, it is best if you never discuss anything above the “Lifestyle” classification level when using IM; whether it be by cell phone, or computer, unless you are using a secured device like the so-called “BarackBerry.”


You’ve been WAPped!

Sprint manager of Electronic Surveillance, Paul Taylor, disclosed in an interview the extent to which landline and cellular companies provide customer records to law enforcement; without a court order.  It seems that court orders for customer surveillance only apply to “live” transactions; i.e. wiretaps.  But that any stored, or residual information can be freely obtained by law enforcement, under the terms of US Code (USC), Title 18, Section 2703.

Disturbingly, according to the interview, this includes the history of websites visited through a cellular provider’s WAP gateway.  Phone companies have no legal mandate to record this information; it is done solely for billing and marketing purposes.  But because the information is kept, it is fair game for law enforcement requests.  If you are surfing the web on a cellphone handset, as opposed to a smartphone, you are most likely going through a WAP gateway.

To reduce the amount of stored and residual information that is available to law enforcement without your consent or knowledge, The Assurer recommends the use of smartphones over handsets for mobile web access.  Also consider the use of a tethered laptop, to obfuscate your mobile online activities.

You might consider this advice for information at the “Life & Liberty” classification level, or for specifically caveated “Lifestyle” classified activities.  Not that you are concerned about law enforcement knowing details of your personal affairs, but because the information may be maliciously disclosed to the public; especially if you are a high profile individual or organization.

Does your head hurt yet?

Managing your personal information assets requires your full attention.  The Assurer realizes this and is prepared to help.  If you would like assistance with integrating PSCT into your daily life, please contact The Assurer.

Spread the word!