Mitigating Risk while Complying with Data Retention Laws

Data breaches represent a signicant threat to organizations. While the general problem of protecting data has received much attention, one large (and growing) class has not -data that must be kept due to mandatory retention laws. Such data is often of little use to an organization, is rarely accessed, and represents a signicant potential liability, yet cannot be discarded. Protecting such data entails an unusual combination of practical constraints (such as providing verication to a party that may be unknown) and thus requires functionality that is not well addressed by traditional cryptographic primitives. We propose to mitigate the risk to such data through a new system called Dragchute, which creates a time window during which locked data cannot be accessed by anyone. Based on a veriable non-interactive, non-parallelizable, time-delay key escrow mechanism, Dragchute is novel in that it requires that no cryptographic material capable of providing early access to the data be retained, yet provides verication for multiple properties. We dene a base construction for Dragchute, show possible extensions that help meet additional verication requirements, and characterize its performance. Our results show that Dragchute systems oer veriable, customizable, computational protection against data exposure for encryption costs similar to traditional methods (e.g., less than 6% overhead compared to AEAD). We thus show that Dragchute systems provide a critical new means for protecting data that must be retained long term due to mandatory retention laws. CCS CONCEPTS • Security and privacy → Cryptography; Database and storage security;