Creating / Using encrypted source data

[AdamS]

I was just thinking something over and thought I'd float the idea here to see if I get get some thoughts/feedback from people.

 

I'm thinking about ways that we might process highly sensitive information in such a way that although I would be processing and hosting the data, I couldn't actually view the files themselves. I'm thinking along the lines of either illegal material (ie assisting the Police) or highly secretive material where a client may wish to conduct the review internally but without disclosing any data to me or other third parties.

 

It got me thinking about how this could be accomplished but I don't know if it's even possible with the way Intella works internally or not, but here it is:

 

Data Capture

This would obviously need to be facilitated by the client and in such a way that they handed me an encrypted container with all the information for processing. There are many ways the data could be encrypted but rather than Intella having to develop a bespoke encryption package I though it might be easier to partner with an existing software such as 7zip. Using 7zip it's very easy to create an encrypted archive and relatively quick comparative to the size of the data. Intella would need to incorporate some mechanism that prompts for the archive password at the beginning of the indexing stage which would then allow Intella to index the data inside the encrypted archive. There is the obvious problem here that I would need the password to process the data, thereby negating the whole 'secrecy' component, however this could be overcome by having the client on hand at that stage to enter the password and visually confirm that I don't have access to the data.

 

Indexing

There would need to be an option for 'secure processing' or the like that we select at the beginning of the case setup, this option would have the effect of suppressing some of the statistical reporting of Intella to ensure no information is disclosed to the operator (ie me). The insight tab would be unavailable and no other data would be visible during or after the process has completed.

 

Review Stage

At the conclusion of the indexing process a secure database archive is created with a one time random password generated by Intella. The database can only be accessed using the password and strict logging protocols would need to show any and all access to the database. Although at this stage I could technically view the results, the audit trail will give comfort and proof that no one has viewed the data. The case can then be shared via Connect or viewed via Intella as needed.

 

That's a very simplified process flow but I think you get the idea. I would see something like this as very uncommon but it could have interesting applications particularly to assist Police.

 

I'd be very interested in if anyone else would find this type of process useful and especially interested in hearing from the Admins if something like that would even be possible and how hard it might be to implement? Possibly even as an add on component that is sold separately to reflect the time and effort that would have to go into building something like that?