Using Delay to Defend Against Database Extraction

For many data providers, the “crown jewels” of their business are the data that they have organized. If someone could copy their entire database, it would be a competitive catastrophe. Yet, a data provider is in the business of providing data, so access to the database cannot be restricted entirely. How is the data provider to permit legitimate access to users who request access to small portions of the database while protecting the database from wholesale copying? We suggest that delay can be used for this purpose. We show, under reasonable assumptions, that it is possible to slow down the copying of the entire dataset by an arbitrary amount ensuring that queries that return a significant portion of the database introduce a delay that is orders of magnitude higher than that for legitimate user queries. We then consider issues of change, and show, under reasonable assumptions of rates of change, how to limit access so that the voyeur is guaranteed never to have a complete up-to-date dataset. We also present several extensions of these two major results. We have implemented our technique on a commercial relational database, and we present numbers showing that the analytically expected delays are indeed observed experimentally, and also that the overheads of implementing our scheme are small.