SPOC-Web Icon, semantic Knowledge Management

How to... get Things done

What is security and why does it matter?

Many, especially young people see neither a cause to worry about security, not do they feel the need for privacy. The desire to cultivate ones image is exploited in social media. It can exceed many limits and cause irrevocable damage.

Enterprises usually act in public and impose strict criteria on their image. They have dedicated employees both to handle their public image and to care for security.

This topic is also of interese to private persons, even when they are less often targets of professional hackers. Media competency is required from everyone nowadays, no longer only as consumers, but also as producers of contents.

Targets

There are a number of worthwile targets also with private persons that hackers attack:

  • Privacy, even when it is compromised anyway using cell phones and social media. Anonymity offers considerable security and should not be given up easily. 
  • confidential data, e.g. passwords or facts that can be used for blackmailing
  • Hardware: stolen Computer or Handys need to be unlocked and the data on it is sometimes very valuable
  • Online-Identity, i.e. usernames and passwords to be used for business transactions like bank transfers or ordering.

Online-Identity and privacy

The internet never forgets!

 

You should always be aware of this fact when you publish data or pictures. Die rage for collecting things in these days of "Big Data" takes on with more companies. And cheap storage memory makes it attractive, not only for Google or Facebook, to track every online-Activity, in the case that it could be useful.

This data retention is prohibited in the european union, but this doesn't hinder anyone located in the USA or Great Britain. From email to visiting web sites or publishing photos or videos, nothing can be undone in the internet, and ever more is being tracked. Anybody can make private copies of it and store them as long as they wish.

We have nothing to hide

Many optimists assume this stance when we talk about privacy; and in a tolerant society it is hard to argue against this. But in a tight social climate, any trait or action can be chosen as the cause for repressions. Especially in this context you should remember that the internet never forgets anything. Even when web sites are deleted or rewritten, there are backups, log-files and last, but not least the Internet Archive, where you can recall most versions of many web sites.

What is inoccuous today, can be compromsing in decades to come, when the social climate has changed. Jews in Europe for example had to learn this bitterly when the Holocaust was considerably simplified by the systematic registration of their ethnic and religion in the decades before.

But even in less horrible szenarios, public appearance encourages and facilitates die persecution by stalkers and defamers. People are being hurt by hate campaigns and shitstorms socially and psychologically, often also economically.

Anonymity is a precious asset both for dissidents as well as for private citizens and deeply rooted as a human right in all demokracies.

What is there to lose?

This rethoric question is brought up to lessen the topic of data security. In this case the people concerned often don't realize the value their data has, though the Databases of companies and secret services are considerably more interesting for hackers.

The Financial Times has set up a calculator for the price of your data. Depending on your personal situation you can obtain up to a Dollar, rarely more since there already is a surplus of personal data. The data collected by well-known search engines and social networks starts with collecting personal preferences and search-requests by well-known search engines like Google or Bing. over many years can reveal a large part of your privacy like your residence, habit, work etc.

Additionally the number of important electronic documents increases with digitization: starting with (confidential) EMails to diaries, notes and backups for PINs and passwords. The latter can be used to steal the identity, usually more severe than the pure loss of data. Often the theft is not even detected. Only a few permille of the identities stolen are actually used for further fraud, therefore the number of thefts is unknown, but in 2012 alone about 15 million (about 5%!) Americans had their identity stolen.

A great deal of damage can be caused with a stolen identity:

  • fake public statements can damage the sociale image severely.
  • Web sites and other public appearances are destroyed or altered.
  • Bank-accounts are cleared
  • Credit cards are overdrawn

 

Trust and the "Patriot Act"

When you consider the many ways to attack a computer, the conclusion is that, in the end you have to trust the producers of hardware and software to a large extent. This is true even for downright computer-experts, because even these can hardly cover the whole perimeter from attacks. Just these software-producers work mostly in the USA; a country, in which any attempt to protect confidentiality can be deemed high treason, thanks to the Patriot Act. The espionage-activities of the USA after the second world war are unbelievable in their dimensions and not only confined to the formerly communist eastern bloc states. Every country is monitored. In their rivalry CIA, Secret Service, NSA (Echelon and Prism) and FBI overbid each other in their data collecting mania and ruthlessness. Add to this private US enterprises like Google, Facebook etc., that can be forced anytime to surrender their customers' data.

In one extraordinary incident in 2016 Apple fought the FBI in several court cases, who wanted to force Apple to build backdoors into their encryption. The outcome of this showdown is still unclear, since the FBI surprisingly withdrew. They found an alternative way to get at the data of iPhone users. As the Apple Transparency Report shows, in 2015 alone Apple still complied to more than 80% of the 4000 official requests from US law enforcement (not counting the confidential government requests).

Similarly also Microsoft and Google are regularly asked to hand over Data from their cloud-storage, even when it is stored outside of the US. While Microsoft could turn this down, requiring consent of the irish Jurisdiction, Google has already created a precedent by turning over eMails to the FBI.

Don't take Email too seriously

EMail is hard to assess for many people. On one hand it is used by many companies for notifications, newsletters, even temporäry Passwords. Some firms process consumer business mostly via EMail. This renders a contract-like charakter to eMail. 

On the other hand eMail is incredibly cheap (about 1 Cent for more than 20 Mails) and incredible masses are sent by fraudulent firms to fish for gullible people.

A compromised EMail-Adress attracts several thousand spam-mails every day. The bulk has usually been filtered by your eMail-provider using keywords and blacklists. Only a small fraction reaches the user, who is often unaware of these dimensions.

EMails appear as personal letters, guaranteeing them increased attention. But due to their inflationary price, they can be used like web sites for advertising or to check out possible victims.

 

As a basic principle eMails are no legal Documents in the EU, and you don't need to react to every EMail. To be legal in the EU, a contract must be physically or electronically signed. In the USA though an ongoing correspondence from both sides can be used to construct a legal situation.

Keep this in mind when scanning your eMails the next time.

Incidentally, senders of newsletters are required to provide a link unsubscribe, unless the mail deals with customer-transaktions. When this link is missing or not functional, you should notify the sender, their provider and yours. This puts pressure on the Spammers. Ultimately their providers will cancel their contract to prevent ending up on a black list.