Posts Tagged ‘arin’

Privacy in the Digital Age

During the Cybersecurity month presentation by John Sileo, I heard him mention something to the effect that the constitution does not guarantee privacy. Whether the constitution explicitly provides privacy protection seems to be unsettled and different legal scholars seem to have different opinions about this. Whether constitution guarantees it or not, we have all made serious assumptions about privacy and lived with those assumptions and in the digital age, this has become a serious issue. In 1999, Scott McNealy was quoted as saying ““You have zero privacy anyway. Get over it.” Despite the fact that this was pretty scary to hear, in the networked world, this has turned out to be correct.

Whenever you have a networked device that connects to the internet, it needs a unique identity, typically an IP number. I will keep things simple (because in reality they are very complicated as to how this works) by saying that in order to reach the destination, say a web site, information travels through multiple networked devices and all of them pass information from you to the destination. If your connection is encrypted (such as an SSL connection using https://), the content traveling back and forth is encrypted and generally hard for those intermediate devices to unravel, but there are certain pieces of information such as source and destination IP numbers and the “ports” on which they communicate which have to remain unencrypted. Ports are some predefined mechanism for different types of network communication to occur. This simply means there are a whole lot of devices and operators of those devices who have access to at least the IP numbers of who is communicating with who and what type of communication it is (typically based on port numbers). You need this information to properly route your packets back and forth. Requiring every intermediate device to unencrypt and re-encrypt this information is not practical and provides no additional security. And one we can generally agree that this is a serious privacy issue, especially, as we have found out that the government itself uses this information in ways that violates privacy!

(more…)