Imagine you are part of a an elite four person mercenary crew.
Imagine also that rather implausibly you trust these people enough to turn your back on them when they’ve a gun in their hand but still think they may betray you.
What solution would you devise? Mary Watson claims in the latest episode of Sherlock that her own team decided to keep everyone’s entire personal history on USB sticks, so that if someone were to betray the others they could be easily tracked down and bloody vengeance extracted.
In the latest episode The Six Thatchers Sherlock and John seem to accept this as gospel, despite the fact that firstly they are aware the team was betrayed without the use of the USB sticks and that also a former member has been able to hunt down Mary without one.
According to John’s wife, her Soldiers of Fortune were at the “Top of [their] game”, so how did the sticks help?
The episode didn’t make clear to me whether everyone had a copy of everyone else’s secret data or whether each individual person had only info about one of the others. Either way from a security standpoint it’s ludicrous.
Aside from the fact that the system was demonstrated to have failed within the episode, it’s not clear how AGRA ever hoped it would work.
If each member of the team was responsible for creating their own identity, safe houses and keeping a log of all jobs done to date, clearly someone interested in betraying their comrades wouldn’t provide accurate information.
If there’s some central database against which the facts can be checked though, for instance a computer which doles out fake ID’s, then doesn’t this defeat the entire point of walking around with data sticks around your neck?
Let’s assume for the sake of artistic licence however that your fellow mercenaries are trustworthy enough to provide entirely accurate information but are still bent on betraying you, would the sticks help?
A key point in the episode is that one AGRA team member Ajay had to hide his USB stick prior to being captured. He also (mistakenly) believes that he must have been betrayed by Mary who he assumed gave or sold the information on it to the enemy. Sherlock later on claims he “glanced” at the information on the stick.
All of the above seems to suggest that the data on the stick wasn’t encrypted. This means in the event someone is killed or captured, the stick with any details of living team members becomes a huge liability. This said the two other members’ USB sticks aren’t even mentioned despite the fact they must have fallen into the hands of Terrorists.
What then could have been done to avoid this digital noose around their necks? Aside from putting a password on the stick or better yet using a hardware based PIN to unlock data, the team had any number of options to ensure that they couldn’t be betrayed.
Assuming the data is sensitive, trusting it to a third party would be out of the question, as that person would then be in on the secret. The fact that if someone were betrayed, they wouldn’t be able to make use of the data around their neck seems lost on Sherlock writers Messrs. Moffat and Gattis.
This presumably means that the data has to be all stored offline and/or a copy of the unencrypted contents of the USB sticks can’t be given to anyone else. (The episode doesn’t explain how AGRA made sure other team members weren’t doing this, it seemed a given that data on the USB was the only copy.)
One choice could have been for each of them to encrypt data about their murky goings on and leave it with a trusted friend or in a bank safe deposit box. The password could then be left on a remote server, set to email the password every 24 hours unless reset manually.
For lovers of low – tech solutions, the dirty secrets of each AGRA member could also have been encoded using a One Time Pad or the rather less secure Book Cipher as shown in the Season 1 episode The Blind Banker. This would have not involved trusting any one party with the particulars, as one person would have the encoded ciphertext and another the key itself.
You may be thinking this is all rather elaborate compared to having a USB stick around the neck but this is rather the point – it would ensure that in the event someone betrays you that the information would get out. By making your own arrangements, you’ve no need to trust the fact that the stick will fall into the wrong hands or simply never be used.
Of course, Sherlock is just a TV series. Sadly though, the USB sticks serve as a McGuffin for most of the episode, which is why I was left dumbfounded as to why more thought wasn’t put into it.Better luck next time boys.