As a child growing up in Sri Lanka and India, I was used to how impossible it was to keep anything private. It almost felt like gossip was a full time job for many idle folks who stayed home and didn’t have much in the way of diversion. No television and radio programs of interest were fairly limited. As a result, these folks were theorizing about everyone else’s lives and fake news was all over the place. I have witnessed many cases where this had resulted in irreparable reputational damages to many.
After moving to this country, I began to appreciate the value of privacy. It is not that people didn’t gossip or wanted a window into others’ personal lives, it just was very different, both in terms of scale and the distance people liked to keep. Now, with the recent advances in technologies and lack of policies and laws, I feel that we have lost privacy forever. Anyone with a little time, minimal technical savvy and intent can learn so much about many of us at a scale that was unprecedented. As a result, it has become much easier for people to be judgmental and cause harm either intentionally or unintentionally. Worse, corporations and governments have gotten in on this to monetize and spy against the citizens.
Every day we hear one thing or the other. Today, it was Unroll.me selling to Uber information they had collected.
(more…)
During the Cybersecurity month presentation by John Sileo, I heard him mention something to the effect that the constitution does not guarantee privacy. Whether the constitution explicitly provides privacy protection seems to be unsettled and different legal scholars seem to have different opinions about this. Whether constitution guarantees it or not, we have all made serious assumptions about privacy and lived with those assumptions and in the digital age, this has become a serious issue. In 1999, Scott McNealy was quoted as saying ““You have zero privacy anyway. Get over it.” Despite the fact that this was pretty scary to hear, in the networked world, this has turned out to be correct.
Whenever you have a networked device that connects to the internet, it needs a unique identity, typically an IP number. I will keep things simple (because in reality they are very complicated as to how this works) by saying that in order to reach the destination, say a web site, information travels through multiple networked devices and all of them pass information from you to the destination. If your connection is encrypted (such as an SSL connection using https://), the content traveling back and forth is encrypted and generally hard for those intermediate devices to unravel, but there are certain pieces of information such as source and destination IP numbers and the “ports” on which they communicate which have to remain unencrypted. Ports are some predefined mechanism for different types of network communication to occur. This simply means there are a whole lot of devices and operators of those devices who have access to at least the IP numbers of who is communicating with who and what type of communication it is (typically based on port numbers). You need this information to properly route your packets back and forth. Requiring every intermediate device to unencrypt and re-encrypt this information is not practical and provides no additional security. And one we can generally agree that this is a serious privacy issue, especially, as we have found out that the government itself uses this information in ways that violates privacy!
(more…)