Reining In The Data

The Social Impacts of the Privacy

Crisis In the Post-Snowden Era

ITAG 2015 Andrew Schwabe

A Copy of this Presentation

• Will be shared via twitter:

– Follow me at @aschwabe

• Posted on my blog: PainInTheApps.com

Background

• Hacker Entrepreneur

• 20 yrs in Encryption + Data Security

• Big Data, Mobile, Privacy focus now

• Assisted FBI for online predator hunts

• Founder of Point.io

• Founder + CEO of Formatic.ly

• Privacy + OSS Advocate

• Just Launched in 2015!

• Behavioral Analytics + Smarter Engagement

for web and mobile forms!

• See us at ‘Innovation in the Region’ @ 3:30

• http://formatic.ly

Ahhhhh the Internet!

• Back in my day…

Ignorance *was* bliss

• A smartphone was just a phone with

email and junk and stuff

• We didn’t care if our kids uploaded pictures and shared

where they were during the day (every day?)

• We didn’t think twice about emailing sensitive or

private stuff to ourselves or friends, even in gmail…

Then…

1.2 Billion Usernames and passwords compromised

Welcome to a new Era!

Used to be…

…the government would protect your privacy

and stealing your secrets…

…took effort and some paper moon trickery…

<Cthon98> hey, if you type in your pw, it will show as stars

<Cthon98> ********* see!<AzureDiamond> hunter2<AzureDiamond> doesnt look like stars to me<Cthon98> <AzureDiamond> *******<Cthon98> thats what I see<AzureDiamond> oh, really?<Cthon98> Absolutely…<AzureDiamond> oh, ok.

So What Happened???

• Mobile devices got powerful and complex

• Social media exploded onto the scene

• Consumerization of IT

• … and we didn’t know what was going on…

The Privacy Crisis

• We can at least be concerned that the NSA

have cracked and monitor:

– SSL (HTTPS) website activity

– RSA encryption certificates (public/private keys)

– 4G mobile networks (voice and data)

– VoIP voice services

– And any websites/etc. that use the above

NSA has been outed…

NSA security coverage

• Means that they *can* (not will)

hack/monitor most of the services we rely on

daily

• These all use the same core security tech

Anonymous Networks Compromised

• Kremlin put out a bounty for info

to hack TOR

• Gov’t / law enforcement compromised

portions of the TOR network late 2014.

Google, Microsoft, otheremail scans

What is next ?

And most recently…Oh, great... The government that has been spying on citizens just got hacked…

And most recently…

… and hackers in Asia know more about you than your siblings

Facts:

• Hacking incidents are here to stay.

• You are never truly anonymous.

• Adapt or be a continual victim.

Some companies are Desperate

Data creation explosion

We are creating huge

amounts of digital

content, much of

which lives longer in

the cloud than we

intended or have use

for.

Data creation

• A large portion of what we create will live on

disk somewhere beyond our use for it

People know enough to be concerned

Google’s Right to be Forgotten

Apps that are helping

• Snapchat

• Wickr

• Spideroak

• All focused on being a “place” where your

stuff is secure

, sort of

, sort of

Apps that are NOT helping

• Snapchat

• Tinder

• Facebook

• Burner

• etc

We SHOULD…

• Be concerned about

– what gets shared

– with whom

– And how long it lasts

Ephemeral

• What does it mean?

• Origin: greek word “ephĕmeros”

• “lasting for a very short time”

• The new “bucket” for technology that

manages the life of digital content

How does it help

• Personal privacy

• Corporate Risk

• Facebook vs snapchat models

• The opposite of Big Data ?

Is it enough?

• The concept is still new

• People are building “apps” more than broad

sweeping “solutions”

• It doesn’t address the issue of being

monitored/collected by NSA/Others

Is Anonymity The Answer?

• Can communication really be anonymous ?

• Only available for *some* activity online

• Whistleblowers – do we want to enable

WikiLeaks and Snowdens ?

• But isn’t true anonymity the….

Dark Side of the Internet

Tools exist for anonymity

• “Leak” website lets you send untrackable anonymous emails.

– Inappropriate emails anybody ?

– Harrassment, abuse ?

• Tor lets you encrypt your web traffic and make you difficult to track

– Porn and pirated content

• Bitcoin exists to keep the banks out of your financial dealings

– Silk Road. BUSTED.

• Wickr has been spotted being used to sell/traffic illegal drugs

But Still Enable Naughty Activity

• Gov’ts around the world cracking down on

porn and sex trafficking

• FBI Infecting Tor users with Malware

• Google and Microsoft scan emails, etc. and

report questionable content to authorities

• Evil begets evil

But Still Enable Naughty Activity

Informants Targeted

Accountability

• There is no way to make everybody behave

• As a global society we need new ways to

encourage law abiding netizens

OMG I’m Scared

• What should I do?

– Know the risks

– Use technologies to

protect yourself

– Don’t associate with those who don’t behave

Parents:

• Do you know what your kids are doing ?

– Multiple email addresses / facebook profiles ?

– Ephemeral and anonymous mobile apps

– Its too easy to share pictures and photos

What we need (the Future?)

• Smarter users, and smarter parents

• Anonymous peer validation for data integrity

• Anonymous submissions to known entities

only for whistleblowing

• Social content stays social and never collected

for “Big Data”

In Summary

• We are in a new era

• Keep Calm

• Stay Educated

• Don’t Share unless you know the risks

• Use the right tech for your security/privacy needs

For Some Fun Reading

• “Cryptonomicon” by Neal Stephenson

– A futuristic take on:

– Underground Data Haven

– Anonymous Internet Banking

– Digital Gold Currency

Q&A

Thank you for coming!

• Presentation will be shared via twitter:

• Follow me at @aschwabe

• AND Posted on my blog: PainInTheApps.com