In Praise of Pen and Paper

Back before the Internet became ubiquitous, one of the most commonly given pieces of computer security advice was to not write passwords down on Post-It notes and stick them to your computer. The threat model was obvious. Anyone sitting down at the computer would have access to the password. This threat model was the most common one back then. While writing passwords down on Post-It notes isn’t a good idea today, it’s actually quite secure against today’s most common threats because a piece of paper can’t be accessed remotely. Ubiquitous Internet connectivity has shifted the most common threat models from local access to remote access.

Data breaches, ransomware, and distributed denial of service are three of the most common forms of attack we read about today. Data breaches in business and government networks have resulted to tremendous amounts of personal information being leaked online. Ransomware attacks can grind businesses to a halt by locking away the data needed to complete day to day tasks. Likewise, distributed denial of service attacks can bring businesses to a halt because so much data has been uploaded to other people’s computers. If those computers are knocked offline, the data uploaded to them becomes inaccessible. A folder containing information written on paper forms stored in a filing cabinet can’t be stolen remotely. It can’t be maliciously encrypted remotely. Access to it can’t be taken away remotely.

The benefits of paper don’t stop there. Paper has an intuitive interface. You pick it up and you read it. Accessing information on a piece of paper doesn’t require trying to figure out a command line or graphical user interface designed by a mad programmer who seemed to take design cues from Daedalus. The user interface of paper also doesn’t change. You don’t have to worry about a software company releasing an update to a piece of paper that drastically changes the user interface for no reason other than the sake of changing it.

Paper is resilient. Data stored on a computer can be corrupted in so many ways. A file loaded into RAM can be corrupted due to a memory error and that corrupted data can be dutifully written to disk and then included in backups. It’s possible that a file that is accessed infrequently can be corrupted without anyone noticing until all of the backups of the uncorrected file are cycled out. A file can also be corrupted while it’s stored on a hard drive or SSD. Paper doesn’t suffer such weaknesses.

Writing information down on paper has a lot of security and integrity benefits. None of this is to say there aren’t downsides to using paper. But the next time you read about patient information being leaked online because a hospital suffered a data breach, consider how much safer that information would have been if it had been stored on paper forms instead of a database. When half of the Internet disappears due to another Cloudflare misconfiguration and you are unable to perform a task because the information you need is hosted on somebody else’s computer, consider that you’d still be able to complete the task if the information was on a paper form in your filing cabinet.

Just because a technology is old doesn’t mean it’s completely outdated.

Leave a Reply

Your email address will not be published. Required fields are marked *