Old Laws, User Privacy, and Vendors Caught in the Middle

I’ve talked a number of times about researchers creating security busting software just because they can. The software often gets out into the wild where people who wouldn’t normally have a clue as to how to overcome security features can now use it to break the latest security in some product or application. Now the government is trying to force Apple (and probably other vendors) to write such software in pursuit of information hidden by encryption based on the mandates of a 227 year old law written at a time when no one had any idea that modern digital devices would even exist. The decree issued by the judge in charge of the case seems quite reasonable until you consider the fact that once Apple writes the software, it could end up in the wild, where hackers will almost certainly find ways to use it to overcome the security of legitimate users—making it impossible to ensure private information, such as credit card data, really does remain private.

The iPhone comes with some interesting security features that make it a relatively secure device. For example, tampering with certain device hardware will brick the device, which is the sort of security feature more devices should have. Modifying the security hardware should cause the device to lock down in order to protect the data it contains. The encryption that Apple offers with the iPhone is also first rate. No one but the user has the key used to unlock the encryption, which means that only the user can create a security problem by handing the key out to others.

The government is trying to change this scenario to make it easier to learn about anything it can about the data on Syed Rizwan Farook’s iPhone (one of the two San Bernardino shooters). On the surface, it seems like a good idea, if for no other reason than to potentially prevent other shootings. However, the manner in which the government has pursued the information opens the door to all sorts of abuse and then there is the matter of that software getting out into the wild. The issue here is that the law hasn’t kept up with technology, which is a recurrent problem. The government doesn’t have a law to cover the need to break encryption in a reasonable way, so it resorts to a 227 year old law that was never intended to address this need. The fact that the government is using the same law to try to force Apple to breach iPhone security in at least twelve other cases means that the argument that this is a one-off requirement doesn’t hold any water. Once Apple cooperates even once, it sets a precedent that will allow the government to force additional cooperation, even when such cooperation decidedly damages the privacy of innocent parties.

Tim Cook has rightly refused to cooperate with the government. There really is too much at stake in this case and even the government should be able to figure it out. What needs to happen is that our government needs to catch up with technology and write laws that everyone can live with to deal with the need to preserve the privacy engendered by encryption, yet make it possible for the government to obtain information needed to solve a case.

The question here is more complicated than simply managing information properly. It’s also one of keeping good technology (such as that found in Security for Web Developers) working properly and ensuring that government entities don’t abuse their positions. What is your take on the San Bernardino shooting and the information needed to pursue it? How do you feel about keeping your private data truly private? Let me know at John@JohnMuellerBooks.com.

 

Wi-Fi Access Point Privacy Issues

One of the issues with using any wireless technology is that any expectation of privacy is akin to screaming at the top of your voice in a mall and expecting no one to hear you. You can’t hear radio signals with your ears, but wireless transmits them in all directions and all it takes is an antenna to receive them. The radio signal doesn’t discriminate between the intended recipient and someone lurking in the background. Few people seem to understand this concept because they can’t actually hear the radio signal or see just how far it transmits.

Unless the communication is properly secured, assuming that you can safely send sensitive data using wireless technology is also a delusion. In fact, the lack of physical security makes wireless connectivity a risky choice anyway. Anyone can create a man-in-the-middle attack to place themselves between you and the access point you think you’re using. In addition, just hearing your supposedly secret conversation can give the hacker access to the data. Network Computing recently ran an article, The 9 Worst WiFi Security Mistakes, that outlines some of the serious consequences of not using Wi-Fi and other wireless connectivity with security in mind.

Wi-Fi endangers both security and privacy in a big way (even though the former issue seems to receive the most coverage). A recent article, Wi-Fi access point scans can betray a person’s location, points out that using Wi-Fi really is quite risky from a privacy perspective. Location data can help hackers guess user activities in some cases. The risk isn’t hypothetical or in the laboratory—it’s a real risk that exists right now. The fact that people don’t seem to want to pay attention to it makes the situation worse because hackers and others of ill intent could employ the techniques discussed in the article for a variety of purposes (none of them good). Even though the article focuses on consumer tracking, it isn’t hard to imagine using it for business purposes as well.

Wireless access actually amplifies security issues that are a problem for consumers and businesses alike anyway. A recent article, Don’t count on websites to hide your account info, discusses web site security issues. When you combine a lack of web site security, with wireless privacy and security issues, it becomes nearly impossible to ensure that the connection will remain secure enough to perform any task of a sensitive nature. When the network and endpoint are both suspect, you need to devise a robust app development and usage strategy (as described in Security for Web Developers). That is, unless you really do want everyone to hear you screaming from the rooftop.

Many high-end routers provide you with advanced configuration features (something I discuss to some extent in Build Your Own PC on a Budget). For example, you can choose to use only WPA2 security. According to a number of sources, such as PCWorld, WPA2 is the best solution to wireless security right now. Of course, you still need to use good passwords and employ other router features such as port filtering, IP packet filtering, URL keyword filtering, and MAC address filtering. Make sure you set up a guest account with a real password and change that password after your guest is done using your router. Limit guest access to only those areas a guest actually needs.

Wireless connectivity is a fact of life today—you can’t really get around it because wireless connectivity offers too many benefits to ignore. However, it’s important to remember that wireless lacks the physical security of a wired network connection, which means that you need to be extremely careful when using it or face the consequences. Let me know your thoughts about wireless connectivity security and privacy concerns at John@JohnMuellerBooks.com.

 

A Future of Fast Connectivity

When I was growing up, our home had a party line (at least, when I was younger). Of course, most people have no idea of what a party line is because most people have never experienced one. A party line is a telephone connection that you share with several of your neighbors. That’s right, you don’t have your own personal telephone connection or even a dedicated connection to your home. When you receive a call, a unique ring tells you that the call is for you and not for one of your neighbors. I’m really not kidding—this isn’t April Fools or some type of other fiendish joke foisted by someone who is older on an unsuspecting public.

The new world order of cellphones where every individual not only has an individual phone, but a separate telephone number is a huge advance over the days of my early youth. Of course, some of us still have landlines because cell access is a tad spotty, but eventually the cell providers or some other concern will address the problem. The idea that you can connect through your cellphone to the Internet and create a wireless connection is amazing. It’s not a fast connection in many areas of the country today, but at least it works much of the time.

Some people haven’t really stopped to consider the huge changes that have taken place during this transition. At one time, getting away from it all really did mean being out of touch and people survived just fine. Today it’s hard to get disconnected. Most people are tethered together 24 hours a day, 7 days a week. There is no private time and the thing we called privacy is a long forgotten dream. With the loss of privacy has also come a certain loss of freedom. Just how free are you when someone can track your movements and check up on you at any time.

Unfortunately, like it or not, the trend will just continue. I read an article entitled, Ultrafast Internet opens up new possibilities: experts, not too long ago that paints a picture of the future that some will find exciting. However, I have to wonder just how exciting it will actually be once it arrives. The mere act of walking around your home will possibly take on new meaning because virtual people could simply pop in at any time. Just think about it. You won’t be able to simply ignore the cell call you don’t want to receive anymore—the person will simply appear in your house unbidden. Of course, there won’t be anything illegal about the act because no one has bothered to create laws regarding it.

Lest you think that this is some future technology that you’ll never see, companies such as Google are making it happen as I write this post. Even though the connectivity isn’t yet what most would consider high speed, there are vendors who will sell you Internet connectivity literally everywhere—connectivity that brings this whole virtual reality one step closer. The fact of the matter is that it won’t be long and there will be no getting away from it all and there will be no privacy of any sort for anyone. We’ll be monitored, checked, validated, categorized, and controlled 24 hours a day unless laws are put in place now to keep this rampant technology in check.

The question, of course, is whether people really are ready for virtual holidays where everyone attends the family dinner from their own home (a technology called telepresence). Yes, you can see the other people, but will you truly be able to interact with them? What are your thoughts about the whole issue of connectivity so fast that our real world will be subsumed by a virtual world? Let me know at John@JohnMuellerBooks.com.

 

Cloud Computing and Privacy Rights

A number of the science fiction books on my shelf view the earth as having a single government. Countries no longer exist. Of course, we have still have countries. In fact, if anything, we have more countries today than we did thirty years ago. However, the Internet has reduced the impact of borders. The presence of global trade and other globe girdling changes have reduce the impact of borders even more. Still, countries exist partly because tradition demands it and partly because different groups have their own ideas of what a country should look like.

Most of my book shy away from any sort of legal discussion, mostly because I’m not a lawyer, but also the discussion of technology doesn’t apply to any particular country or its laws. When readers write to me, it doesn’t matter what country the reader is from, I can usually answer the question in precisely the same way. Variables work the same in Germany as they do in Spain, Japan, and America. It doesn’t mean that I’m unaware of potential legal issues surrounding technology. For example, I’ve written about privacy (or the lack thereof) a number of times.

Legal requirements, privacy needs, and the problems with borders are about to become more and more important because of one current technology and likely a host of others at some point. Storing data in the cloud means that users could create a situation where even the smallest company is in for a nasty surprise should the user work with data in other countries. Actually, the mere storage of data in the cloud could cause problems. Let’s say that the user in America chooses a storage facility in Mexico because it provides the least expensive service. Theoretically, the user’s data is subject to the laws of both Mexico (because that’s where the data is located) and America (because that’s where the user is located). If the user then travels to another country, such as Iraq, the data becomes subject (at least in theory) to the laws of Iraq as well.

In reading the views of several industry pundits on the topic, I can see where the legal issues could become quite vexing indeed—taxing even the best lawyer’s ability to untie the Gordian knot of legal consequences. So far, I can’t find anyone really trying to apply these multiple jurisdictions to a single user’s data, but I imagine it’s only a matter of time. As more and more technologies become global, however, and we begin to explore the stars with a greater sense of urgency, I begin to wonder just how long countries will continue to exist. It makes me wonder whether there will be a point at which the legal burden alone will make it a lot easier to have a single set of laws worldwide.

A number of people I’ve approached on the topic have presented perfectly valid arguments against a one world government. The most reasonable argument is that administering a single country is hard—trying to administer the entire world from a single place might well prove impossible. Still, I see more and more arguments about this whole issue of legal requirements, porous borders, global economies, and the like and it does make me wonder.

How do you feel about the legal issues regarding cloud computing? Is this simply the beginning of a much larger trend where legal requirements start to eat away at the need for countries? Does our future really involve a single world government? Let me know your thoughts on the issue at John@JohnMuellerBooks.com.

 

Considering the Continued Encroachment on Privacy

I keep a close eye on privacy issues because many companies are hoping we’ll all fall asleep and they’ll be able to do whatever comes to mind. I was recently appalled by a ComputerWorld article that describes a new technique that companies such as Verizon and AT&T are using to track you even when you perform tasks such as clearing your cookies. The sort of encroachment on privacy discussed in this article has nothing to do with the usual user sloppiness that I described in An Unreasonable Expectation of Privacy. (In this post I encourage people to keep their private lives private by not posting secrets on Facebook and other social media.) This new threat is different in that companies are actively circumventing your ability to remain anonymous. No matter what you do, companies are now able to snoop on your browsing habits and they’re quite open in saying that they don’t care if you mind.

The use of Unique Identifier Headers (UIDHs) should be illegal. In fact, the companies that are burdening users with this unwanted technology shouldn’t have created it in the first place because it’s a bad idea. The article tries to gloss over the fact that these companies knew full well what they were doing and are sheepishly trying to say that they never meant any harm. The organizations using the technology are stupidly placing the burden on the user to opt out, but giving themselves all sorts of outs for just ignoring the request. Opting out through organizations such as the Network Advertising Initiative (NAI) or the Digital Advertising Alliance (DAA) carries no legal weight. A company can choose to ignore your request and there is nothing you can do about it. If an opt out solution truly is required, it should carry some penalties for companies that choose to ignore the user’s request for privacy.

Of course, you could always question why you should care about companies snooping on your habits. After all, you have nothing to hide. Privacy is important because it allows you to do as you choose. You still have an ethical requirement to behave within the laws that society lays down, but you should also be free to browse where you want on the Internet without someone snooping on you. It’s a short trip from snooping on your browsing habits to other kinds of snooping. As society becomes inured to the snooping, companies can begin performing other sorts of snooping, some of which would be clearly inconvenient or dangerous.

Setting a precedent of allowing companies to snoop without consequence will lead to all sorts of issues in the future. As you lose your freedoms to corporations who really don’t care whether you’re free or not (actually, they’d prefer to enslave you), you begin to lose a lot of what makes our current society worthwhile. It’s time that government did step in and start controlling the use of snooping online (and not actually perform snooping itself). After all, one of the purposes of government is to protect citizens from precisely the kinds of threats that UIDHs represent. Let me know your thoughts about snooping at John@JohnMuellerBooks.com.

 

Thinking About the Continuing Loss of Privacy

It’s easy to wonder whether there will ever come a time when humans will no longer have any privacy of any sort. In part, the problem is one of our own making. We open ourselves up to all sorts of intrusions for the sake of using technology we really don’t need. I’ve discussed this issue in the past with posts such as Exercising Personal Privacy. As people become more addicted to technology, the thinking process is affected. The technology becomes a sort of narcotic that people feel they can’t do without. Of course, it’s quite possible to do without the technology, but the will to do so is lacking.

A couple of articles that I read recently have served to highlight the consequences of unbridled technology overuse. The first, Getting Hacked Is in Your Future, describes the trend in hacking modern technology. Of course, avoiding getting hacked is simple—just stop using the technology. For example, people have gotten along just fine without remote car starts to heat their cars. Actually, it’s simply a bad idea because the practice wastes a considerable amount of gas. The point of the article is that hackers aren’t ever going to stop. You can count on this group continuing to test technology, finding the holes, and then exploiting the holes to do something horrid.

Wearable technology is also becoming more of a problem. The ComputerWorld article, Data from wearable devices could soon land you in jail, describes how police will eventually use the devices you use to monitor yourself against you. The problem isn’t the wearable technology, but the fact that many people will use it indiscriminately. Even though logic would tell you that wearing the device just during exercise is fine, people will become addicted to wearing them all the time. It won’t be long and you’ll see people monitoring every bodily function 24 hours a day, seven days a week. The use of cameras to view static locations on a street will soon seem tame in light of the intrusions of new technologies.

A reader recently asked whether I think technology is bad based on some of my recent blog posts. Quite the contrary—I see the careful use of technology as a means of freeing people to become more productive. The problem I have is with the misuse and overuse of technology. Technology should be a tool that helps, not hinders, human development of all sorts. I see technology playing a huge role in helping people with special needs become fully productive citizens whose special need all but disappears (or possibly does disappear to the point where even the technology user doesn’t realize there is a special need any longer).

What is your take on the direction that technology is taking? Do you see technology use continuing to increase, despite the problems that it can pose? Let me know your thoughts on the good uses for technology and the means you use to decide when technology has gone too far at John@JohnMuellerBooks.com.

 

Are You Lying? Can I Tell?

I just read an interesting article, “What happens when your friend’s smartphone can tell that you’re lying?” The reason this article is so interesting is that it involves a kind of application development that I would never have thought possible at one time. That’s what is underneath the technology described in the article. The hardware provides sensors that provide input to application. The application uses the resulting data to determine whether the person in question is lying.

It’s an odd sort of thing to think of, but our society relies on lies to make things work. When someone asks how you feel, do you really think you can be brutally honest? Because lying has such negative connotations, most people would likely say that they’re honest all the time, but in fact, they aren’t. We habitually lie because it’s not only socially acceptable, but socially necessary to do so. Even if we feel terrible, most of us respond that we feel fine when asked how we feel. We know that the other person is simply trying to be nice and probably isn’t interested in how we feel. Asking how someone is doing or how they feel is an ice breaker—a means to start polite communication. The idea that smartphones can possibly detect these little lies will make people feel uncomfortable.

Our society is currently undergoing a massive change and most people aren’t even aware of just how significant the change really is. After all, the change lacks the protests, marching, and other indicators that previous changes have incurred. However, of all the changes I’ve read about, this change is possibly the most significant. We’re now monitoring every aspect of human behavior in ways that our ancestors couldn’t even conceive. Soon, we’ll have the capability of monitoring emotion. The idea that we can literally look into another person’s head and accurately see what they’re thinking and feeling is terrifying in the extreme. At some point we’ll have no privacy of any sort if things continue as they are now. We’ll become Borg-like creatures of the sort described in Star Trek: The Next Generation.

I’ve discussed privacy issues before. In An Unreasonable Expectation of Privacy, I pointed out that humans have never had complete privacy unless they became hermits (and even then, someone probably knew our whereabouts). I’ve also tried to help you counter some of today’s intrusions with posts such as Exercising Personal Privacy. Taking yourself off the grid, ensuring you maintain good privacy techniques online, and so on do help, but this latest article tells me that it may eventually become an issue of not being able to be private, even if you really want privacy. If someone can flash their smartphone at you and determine things like what you’re thinking and how you feel, the act of being private becomes impossible.

We’re on the cusp of a major change that we won’t be able to counteract. Humankind is plunging headlong into a new world where communication takes place more or less instantly and conveys more than just words. It’s going to be interesting to see what sorts of new social rules that we put into place to help with the loss of privacy. For now, users and developers alike need to consider how best to maintain privacy and allow for those times when privacy is no longer possible.

Where do you feel privacy is going? How do you think you’ll react as more and more applications are able to not only accept your input, but also sense your feelings and detect whether you’re engaging in behaviors such as lying? Do developers need to put safeguards in place to keep security issues under control? Let me know your thoughts about the future privacy implications of applications at John@JohnMuellerBooks.com.

 

Every Move You Make, Every Breath You Take, They’ll be Tracking You!

I read a ComputerWorld article recently entitled, “So what’s wrong with being tracked by advertisers?” that really makes me uncomfortable. The author describes scenarios whereby advertisers could track your every move—up to and including your bathroom habits. Such complete tracking doesn’t seem doable today, but the author’s arguments really do make such tracking seem like a reality that is about to happen. Of course, the question that comes to my mind immediately is whether the author is sincere in stating that only advertisers should be able to perform tracking at this level. It’s naive to think that governments and others won’t use the same technology to their advantage. For example, consider the crook who tracks your movements and holds you up immediately after you cash a check or obtain some other source of money to maximize their haul.

The article is eye opening because apparently, some companies are already involved in this behavior to some extent. My Tracks seems like an interesting app for your smartphone until you begin thinking about the implications. Any signal sent out by any device is capable of being intercepted by anyone, including that person down the street who makes you feel really uncomfortable. It makes me wonder why anyone in their right mind would install such an app in the first place.

Don’t get the idea that smartphones and other sources of electronic emission are the only potential tracking devices. Your computer makes it possible for someone to create a thorough profile of your behaviors and to track your activities to a point that you’d probably find unbelievable. Most people realize that browsers use cookies to track them, but you’re open to tracking in so many other ways. The InfoWorld article, “Anonymous is not anonymous” makes it clear that the best attempts to hide your online activities are completely worthless. The movie view of the “ghost hacker” is a myth today (if it ever existed at all).

It isn’t just computers either. The rewards card that your supermarket or drugstore issues likely has a Radio Frequency IDentifier (RFID) tag in it that makes it possible to track your precise movements through the store. The fact that RFID is passive technology makes it particularly onerous because you have absolutely no control over its use.

People have to start thinking about securing their privacy in the same way that others think about peering into their every activity. A recent article, “Hacked wireless baby monitor lets pervert spy on and cuss at baby girl” shows just how far other people are willing to go to pry into your life and turn it upside down. You can read about other sorts of appliance-based spying in the article, “Your Home Appliances May be Spying on You.” This sort of activity happens regularly now. Someone may be spying on you right now through your home security system if it contains any wireless elements at all. More importantly, you really do need to consider what you’re giving up by losing your privacy. A recent article entitled, “Noonan: What We Lose if We Give Up Privacy” provides great food for thought on the issue.

I don’t mean this article as a scare tactic. What I want to do is arm you to think about your privacy and security in light of the gadgets that you use. My post, An Unreasonable Expectation of Privacy, received quite a bit of attention and I received more than a few emails about it. Some people felt that I was making up some of the issues I discussed in that article. It truly is hard to believe that things have become so bad, so fast. However, your privacy is in your own hands. If you want to keep a secret, then don’t tell anyone about it. Likewise, if you don’t want someone to know your location, leave your cellphone at home. If you don’t want someone to spy on you, make sure your home security system doesn’t have any outside connections or rely on wireless communication. Yes, the solution to the problem is inconvenient and frustrating, but that’s the only solution you truly have. Let me know your thoughts about tracking at John@JohnMuellerBooks.com.

 

Vacation Time Again!

Today is my last day in the office for a little over two weeks. Of course, I’ll still be doing quite a lot, but it won’t be in the office. I’ll see you again on July 15th. In the meantime, it’s time to rest for a while and recharge my batteries so I can continue to do a great job helping you with various technology and self-sufficiency issues. I’ve written about the need to unplug before and I highly recommend that everyone do it from time-to-time. Life is too short to spend all of it in front of a computer monitor .

In the meantime, if you do encounter problems with one of my books, please be sure to check the blog posts I’ve provided. Each one of my current books has its own category with a number of helpful posts about issues readers have encountered. If the posts don’t quite do it for you, be assured that I’ll start reviewing and answering e-mail the moment I return. I want to be sure you have a great reading experience and discover as much as you can.

While you’re reading, I’ll be fishing and gardening (amongst other things). There will be a picnic or two and barbecuing every day. The annual puzzle is a big event (and I may actually review the puzzle when I get back). Most of all, I’ll spend the time with my lovely wife, and that’s the most important part of all.

 

An Unreasonable Expectation of Privacy

We live in a social world. Knowing a bit of something about someone has always carried with it a certain level of perceived power. The more private that something is, the more power the monitoring entity thinks is at stake. The fact that someone is monitoring someone else at all times shouldn’t surprise you at all. People are nosy, as a result, organizations are nosy as well. Curiosity is a basic factor in our makeup.

I’ve written about the issues regarding social media before. In fact, I made a specific post about the dangers of online social media in my Social Networking Traps post. Of course, none of this means that I think people or organizations are correct in monitoring others. What I’m saying is that the monitoring will occur whether it’s correct or not, legal or not. Yes, we could (and should) pass laws to reduce any organization’s (including the government’s) ability to use knowledge gained during unauthorized snooping against us, but the fact is that the snooping will continue unabated until there are no humans left to snoop.

It isn’t as if any of this is new. Reading history (any history) shows that people, organizations, and governments have snooped for all of recorded history. In a best case scenario, the snooping was offset by the institution of laws that limit the use of snooping. However, even then, some level of snooping has always been allowed. Legal snooping whitewashes the act and makes it appear legitimate, but in reality, it’s still snooping.

Of course, some snooping has paid off in the form of reduced crime or possibly the saving of someone’s dignity, but by and large snooping does more harm than good. Unfortunately, the damage done by snooping will continue. Whether it’s the government prying into our affairs or a neighbor who is keen on hearing about an indiscretion, someone will be monitoring you at all times.

There is one perfect answer to all this. If you want to keep something secret, then don’t tell anyone about it. People are unlikely to follow the advice. We’re social and we just have to tell someone. The second a secret, any secret, leaves our lips, the expectation of privacy should go down. The more people we tell (or are told by those we tell), the less secret something becomes until there is no expectation of privacy at all.

In this day of computers that can record anything perfectly and electronics that can snoop anywhere, it’s reasonable to expect that the government (or some other organization) is snooping on you. What will need to happen is that we’ll have to limit the ability of organizations to use the information obtained from snooping to harm others. The snooping will take place, but we can make it harder to use that information in a destructive manner.

Technology has brought us a considerable number of positives—everything from longer lives to being able to use those lives more fully. However, as users of technology, we have to keep in mind that it has always been easier to destroy than to create. The very technology that enables us to do so many interesting things is just as easily turned against us. What we need to do now is exercise vigilance and use technology wisely. Just as you wouldn’t stick your hand in a fire on the stove, but would use that same fire to cook your food, you need to use technology for the positive purposes for which it was designed. Let me know your thoughts on snooping at John@JohnMuellerBooks.com.