Main Page
Services
Forum
Support
News
About Us
Organisations
 
Why Our Services ?
 
Privacy & Security Articles
 
Public Key
 
Our Policies
Smart Technology ? The Enemy Within !

"The road to hell is paved with good intentions" Saint Bernard of Clairvaux (1090-1153)


The year 1984 is behind us by some three decades. In the meantime, we are close to that Orwellian world in more ways than the author would have imagined. As we are lured by new technology that makes our life simple, they are the additional pathways being created that let powers that be to increasingly be in the know of our behavior. That knowledge is a very short distance away from controlling our lives in the wrong (right?) hands !

Anonymous, aggregated data about consumer behavior could easily be justified as a business need. They do need to assess and segment the demographic data in terms of consumer behavior to address the market and offer the right products. In our efforts to surf the net and conduct business over the Internet, we give away a lot of data that is identifiable and can be linked with an individual. Some of these, like name, address, social security, date of birth, birthplace, email address, IP address, vehicle registration, drivers license, credit card details, photos, fingerprinting, handwriting and so on, can identify an individual directly. Some other non-personally identifiable data can uniquely identify a person when combined. Privacy does not make sense after that. The risks associated with such personally-identifiable data are that they can not only be exploited by criminal elements but are increasingly being monitored and used by ruling governments of countries. That’s one part of the problem. The second part is active snooping to get into your systems that are connected to this worldwide network, the internet. As these connections extend to your home, to you personally, there can be active data gathering by getting access to your systems. You may try to secure your device, but the technology is so complex you may not succeed completely. Besides, the interested people who supply you the technology to give you ease of use, comforts and so on are themselves interested in leaving trapdoors that enable gathering of information. Along with the apparent ease with which you can utilize the ever newer devices, you are open to snooping and profiling with every new technology that gets deeper into your life. Along with the technologies, we use today and are about to start soon, imagine how close we get to this huge connected network with such technologies of the Internet of Things (IoT)! Along with the comfort of being able to pick up that bottle of juice for your fridge when you are in the store, the intelligent fridge can provide information about what juice you prefer and other food habits related data. Did the news stories about how NSA snoops on citizens, other governments and various other organizations bother you?! Forget any ethical questions, this clearly shows nothing can be secure enough. When even government agencies from other countries with access to sophisticated technology cannot always protect themselves against snooping, commoners stand no chance without help. It clearly establishes that whatever you may do; interested parties can get into your systems quite easily if you simply assume your government and corporations have your back. Then there is the human aspect to the vulnerability story. Snowden, the whistle blower of the NSA story, mostly social engineered coworkers to get access to more NSA secrets. The people you believed were respecting your privacy and followed the law !

No Idle Imagination of Conspiracy Theorists

One could easily dismiss such concerns as imagination of conspiracy theorists around the world running wild. We discuss some pointers to a study and a news item to indicate;

1. Significant portions of people are not bothered that their privacy may be compromised.
2. Large-scale data gathering is happening and they include data that should be private.
3. Governments increasingly are coercing data-gathering companies (besides their own gathering) to hand over data about individuals.

“Big data” is a big deal with businesses. The easiest way to understand the big data is that it is about the collection of as much data as possible about consumer behavior. Businesses process such data to derive competitive advantages. Simplest issues would be to derive knowledge of market segment so that their products or services could be offered such that profit is maximized. Obviously individually identifiable data too is gathered for analysis. Forbes Insights published a report “The Promise of Privacy: Respecting Consumers’ Limits While Realizing the Marketing Benefits of Big Data” this year based upon a survey conducted as recent as last September. Though the report is about how to collect big data for a business’s benefit and still respect the privacy of individuals, the findings are interesting in the context of the current discussions. A part of the summary from the report says ”everyone knows” that privacy is a sensitive issue when it comes to marketing and big data. A Forbes Insights study conducted in association with Turn, a provider of data-driven marketing services, has found that, while a small subset of consumers cares a lot about privacy, what most are concerned with is security." Security measures make sure no one could intrude into your digital life and gather data about you. The main premise of this article is that technology is extending the reach of the elements (government and otherwise). Some of the findings that are of interest here are as follows below. The surveys covered big as well as small companies, B2C and B2B.

1. Companies are active in data gathering. 59% of them are very active and 23% are active; that’s a total of 82%. It tells you the extent of data gathering going on.

2. Only about 47% of B2C consumers are concerned and very concerned while 31% of B2B buyers are concerned about privacy. Businesses feel that consumers willingly participate in the data-gathering trading off the benefits like discounts (etc) that arise. Clearly, consumers are out of touch with reality !

3. Measures that prevent data gathering such as declining to provide information, “abort due to too many questions”, delete cookies to stop tracking, ad-blocking among others are used always by a small fraction of B2C consumers. These measures are used without fail by a small fraction (12 to 23%) of users. Even individual use of any one or more of these measures is adopted by a fraction of users at similar percentage levels.

4. A high percentage of such data-gathering efforts is meeting or bettering ROI targets. Thus, they are likely to continue to do so and an even larger percentage of companies is likely to get into the band wagon. About 59% of businesses plan to accelerate data gathering and analysis. 40% will at least continue their efforts at the same levels.

Another part of this story is all these data reaches the hands of governments eventually. Just an indicator towards this is the news Google: We're bombarded by gov't requests on user data. Google says such requests for data has doubled from the number of three years ago. The US government is the top such requester. The number may well be the proverbial tip of the iceberg. Google says this is about the requests they are allowed to talk about. There are others they are not allowed to provide estimates about. The governments are from all over the globe. India in Asia is the second in the list, followed by Germany, France and the UK. Between January and June 2013, there were 11,000 requests made by the US. There are similar reports from Apple for information on individuals. Sir Tim Brenners-Lee, the father of the Internet is on record about his concern about widespread privacy invasion and snooping.

Technologies That Bring the Vulnerabilities Closer to Home

As discussed already the vulnerabilities arise from the connectivity available to technological devices we use with the rest of the world. Someone determined enough would be able to hack systems that can be reached. This section of the article looks at how such access is available through the use of devices / technologies such as;

1. Smart Meter for power, water and gas
2. Smart Phones
3. Smart TV & Interactive TV
4. Smart Cars
5. Smart Glasses
6. Smart Drones / UAV
7. Smart Cameras & CCTV
8. Fingerprint ID
9. Body Scanners

Smart Meters

The smart meters report energy consumption (water, electricity or gas) frequently to the offices of the utility. They use digital technologies and communicate with central servers using wireless frequencies. From the standpoint of the suppliers, detailed data on consumption at different periods during a day, aggregated over users in a supply area provide them better managing of demand and supply. However, the use of these frequencies raise health issues and many compare the threats with those caused by cellular phones. Privacy and security concerns arise from the fact that such meter can be used for other purposes. The data it supplies could easily be correlated with when someone is in the shower, when a fridge door is opened, if the homeowner is in or out of the house and so on. For example thieves and burglars would be able to better identify their targets and determine the time of break-in for low-risk time periods. Law enforcement agencies and other intelligence gathering agencies would be able to pinpoint the behavior pattern of occupants easily. Quite often it would not take much of a hacking effort as this data is often transmitted without encryption on open channels or only takes a legal order. Other snooping technologies are available to tap into communication over the power lines. Once every corner of your house or building can communicate with the outside world, the threats multiply !

Smart Phones

Smart phones are just another computing platform. They have the capabilities to execute various apps (applications). Thus, it would be easily possible to download an app to your phone that can use the array of sensors (camera, GPS, touch.) to snoop on you actively or simply listen to everything you do with it. Even the manufacturers are not beyond using such capabilities in these devices to gather data of their interest. When iPhones came out there was news about “iPhones phoning home” where data is reported to Apple. There were even reports of a “kill switch” that will make the phone inoperable in some circumstances. There is hardly any protection available with smart phones that can check for such tweaks and possibly disengage them. Besides, external agencies too can invade the phones and the protections are not as well developed as with the PC (even with PCs security vulnerabilities remain after decades or so that they have been around). Smart phone protection mechanisms will take its own time to come up to the standards available for personal computers. Even then, vulnerabilities remain that are inherent to software life cycle and its development. As with recent news it shows that especially governments are interested in exploiting smart phones for their own agendas. Sometimes it has nothing to do with general safety but rather economical espionage.

Smart TV & Interactive TV

Smart TVs are those that can connect to the internet and allow users to surf the net. Interactive TVs let users connect back to a central location to interact for finding out program schedules, selecting a program, scheduling recordings and maybe interact with customer service too. For this they connect to a network through which communications can be sent and received. In case of smart TVs, the vulnerabilities are the same as when a PC connects to the Internet. Interactive TVs often use the Internet to get the interactions done. In which case the security vulnerabilities and privacy concerns are the same as with your computer on the Internet. Often such intelligent TVs are interconnected through a Home theater PC to the home network, creating extensive vulnerabilities for all the machines in the home network besides the TVs themselves. With access getting extended to all the parts of your home network, snooping or data gathering can take on many forms. A simple form of snooping could turn on a webcam on one of the home PCs and shoot footage that show what family members have been doing during the snooping period. Same applies with the microphone on the machine. You do not need to hire a gumshoe to install bugs anymore.

Smart Cars

Smart cars will use a lot of computing power and connectivity with the Internet to derive advanced driving information such as driving conditions, directions, location of the next petrol pump and pricing or a rest area and even delivery of entertainment. Even though you are comfortable to leave the most stressful job of actually driving the car, you are connected to the rest of the world and in communication with millions of computers all over the globe. Your driving habits, travel history, stops you made (time and locations), how many passengers were in the car, what entertainment you consumed, what communications were made, etc. could easily be reported automatically to the manufacturer or be collected by a snooping entity. The manufacturer probably will offer you the excuse that all such data will help improve the car’s performance for the current one as well as future ones, maybe offer you extra benefits in exchange for your data. As corporations operate from diverse locations, there is no way they can avoid complying with the dictum’s of the government for that geo-political location (on top of their own agenda's ofcourse).

Smart Glasses

Google glass is a notable recent example of wearable computer technology that is already on us. It is a spectacle shaped device that has a camera and a display in front of the eye. At a personal level, it is very useful as you are able to interact with your computer even when you are outdoors and there are no wires tethering you to your back end equipment in any way. You are able to view vital information like airline flight details (gate number, flight time, etc.), driving directions, answers to queries regarding something you are viewing, biometric data and much more. It is also a great snooping tool as you can take pictures, record videos, share them immediately etc. Anyone wearing a Google Glass can snoop on you without detection. Complementary part of it is entities will hack into it while you are connected to the Internet and undermine your privacy and security like with any other computer-based equipment that is connected with the net.

Drones / UAV

Gizmodo and Engadget reports availability of miniature drones or UAVs for direct monitoring of target persons on the ground with laser and cameras. These were launched about a year back. Depending on who controls it in a given mission you could be followed and your actions monitored in unlikely places. Even when you are mobile, it is hard hiding from them. While these specific devices are about 25 inches square, technology promises these flying robots / drones / UAVs to come down in size and become comparable to insects. Where would you hide when such devices are following you and these could be launched by a corporate body or the government for example. Additionally, if you were to deploy such equipment for your own safety, there is another side to the problem. These devices will have to communicate wireless back to the command center through the Internet for example. That makes it vulnerable to the shenanigans of the snoopers of either corporate variety or governments.

Smart Cameras & CCTV

Closed-circuit TV systems for security use have been around for a while now. The recordings used to be done inside the premises and the tapes used to be stored in a secure location. Things were simple back then. In a security scenario these days, the cameras send the images to a central server by (unsecured) FTP periodically or when there is movement detected. The cameras may communicate wireless within the premises. However, the bigger systems deployed nowadays will have to connect to at least a network that goes outside the premises. Most often one uses the network infrastructure already available in the form of the Internet. Once that is done, your vulnerabilities and snooping risks are about the same as in the standard PC connected to the Internet. With video cameras, the added vulnerability is that somebody can use them as remote eyes to view into every corner of your home or business.

Fingerprint ID

Had it worked dependably, this was a technology that could have solved the problem of the password. Many used passwords with today’s computing power available can be easily cracked. Not so with fingerprints, at least theoretically. However, within days of Apple introducing the technology with their smart-phones, someone announced having hacked the technology used. Now you have an added threat of your fingerprints being misused, identity theft in combination with (copied) fingerprints. Also note that the flaws in fingerprint authentication have been around for several years already but did not receive enough attention.

Body Scanners

As we are already aware, the body scanners in airports show you off in full naked glory. In airports, it could possibly be justified for security reasons. Even during development of the systems, the potential for misuse was hotly debated. It is quite certain corporate, particularly developers of the system and those marketing them will find convincing reason to sell them at more places outside of the airport use. That volume is hardly anything to go by! There will be any number of user agencies, including government agencies who would be able to find justifications for installing such systems at other places. The potential privacy invasion would be unimaginable. Various lobbyists would eventually succeed in convincing politicians to adopt these systems for more widespread use. Saving money, safety and comfort would be typical selling points used by these people. If a problem needs to be invented for solving by using these devices, so be it.

Health Concerns

Most technologies use wireless technologies to get connected and to communicate. Communications at those high frequencies as are used for a lot of wireless networking / scanning can have health repercussions. There are studies that indicate that being submerged in these high-frequency radiations is harmful for you. That is another reason to carefully evaluate if you always need the latest and the greatest technological convenience. Though jury’s still out for a conclusive proof, it is safer to be careful about it. Sometimes, corporations, backed or not backed by governments, often experiment with their technologies out in the third world. It is mainly because the awareness about privacy, security and health issues are not that strong. For confirmation, one has only to look at the clinical trials being conducted by pharmaceutical companies in the developing world. In fact, many governments in these countries may actually welcome technologies that help control and monitor their people. Subsequently, it is possible to present statistics about how a number of countries have already adopted and approved these advances to convince or lobby (bribe) the decision makers to give green light.

Wake Up

As we get connected more and more the vulnerabilities increase. The technology is moving towards a scenario where connections are creeping inside our homes. It is easy to imagine that IoT (Internet of Things) is going to succeed, and you will have a situation where even your fridge is going to be a tool of reporting on you and your family members. Whenever computers are connected together and someone from somewhere can find you, it would be easy for someone to hack into your devices. None of the protection methods available can make you absolutely safe. The basic technologies of communication over the Internet were initially built on trust. The Internet was to be a means of collaboration between such trusted collaborators. Any security system we build will find it very hard to secure everything completely based upon that good faith foundation. That seems to be a weakness that cannot be overcome easily. Even after several decades of existence of the Internet so far, security holes keep coming up even today. It will be practical to assume that anything that is connected with the rest of the world would be vulnerable in some way. All the billions of devices communicate with each other through the software built on them. Software building is a team-based effort and people have varying sense of security, closure and even the concept of software tools in use. Even these tools and programming languages have in-built flaws that can create security holes providing clandestine access to malicious parties. The whole process is not as robust and accurate as the products built with engineering discipline. Software is now critical and can make nowadays the difference between life and death.

Consider this a wake up call to not blindly rely on whatever is “sold” to you as a citizen using one or more buzzwords like: comfort, safety and profit. Things are inherently problematic and the "attackers" keep utilizing newer techniques (in addition to the age old “social engineering”) one needs to watch out. Every new technology provides access to another wonderful world, making it more convenient to live and so on. However, when you do get tempted, remember the flip side too !


Privacy & Liberties is our business
Take your privacy back today !
The TriTeam


     
Copyright © 2005-2018 Trilight Zone. All rights reserved.