The Security Risks of Third-Party Data

Most of us get to be thoroughly relieved that our e-mails weren't in the Ashley Madison database. But don't get too comfortable. Whatever secrets you have, even the ones you don't think of as secret, are more likely than you think to get dumped on the Internet. It's not your fault, and there's largely nothing you can do about it.

Welcome to the age of organizational doxing.

Organizational doxing -- stealing data from an organization's network and indiscriminately dumping it all on the Internet -- is an increasingly popular attack against organizations. Because our data is connected to the Internet, and stored in corporate networks, we are all in the potential blast-radius of these attacks. While the risk that any particular bit of data gets published is low, we have to start thinking about what could happen if a larger-scale breach affects us or the people we care about. It's going to get a lot uglier before security improves.

We don't know why anonymous hackers broke into the networks of Avid Life Media, then stole and published 37 million -- so far -- personal records of AshleyMadison.com users. The hackers say it was because of the company's deceptive practices. They expressed indifference to the "cheating dirtbags" who had signed up for the site. The primary target, the hackers said, was the company itself. That philanderers were exposed, marriages were ruined, and people were driven to suicide was apparently a side effect.

Last November, the North Korean government stole and published gigabytes of corporate e-mail from Sony Pictures. This was part of a much larger doxing -- a hack aimed at punishing the company for making a movie parodying the North Korean leader Kim Jong-un. The press focused on Sony's corporate executives, who had sniped at celebrities and made racist jokes about President Obama. But also buried in those e-mails were loves, losses, confidences, and private conversations of thousands of innocent employees. The press didn't bother with those e-mails -- and we know nothing of any personal tragedies that resulted from their friends' searches. They, too, were caught in the blast radius of the larger attack.

The Internet is more than a way for us to get information or connect with our friends. It has become a place for us to store our personal information. Our e-mail is in the cloud. So are our address books and calendars, whether we use Google, Apple, Microsoft, or someone else. We store to-do lists on Remember the Milk and keep our jottings on Evernote. Fitbit and Jawbone store our fitness data. Flickr, Facebook, and iCloud are the repositories for our personal photos. Facebook and Twitter store many of our intimate conversations.

It often feels like everyone is collecting our personal information. Smartphone apps collect our location data. Google can draw a surprisingly intimate portrait of what we're thinking about from our Internet searches. Dating sites (even those less titillating than Ashley Madison), medical-information sites, and travel sites all have detailed portraits of who we are and where we go. Retailers save records of our purchases, and those databases are stored on the Internet. Data brokers have detailed dossiers that can include all of this and more.

Many people don't think about the security implications of this information existing in the first place. They might be aware that it's mined for advertising and other marketing purposes. They might even know that the government can get its hands on such data, with different levels of ease depending on the country. But it doesn't generally occur to people that their personal information might be available to anyone who wants to look.

In reality, all these networks are vulnerable to organizational doxing. Most aren't any more secure than Ashley Madison or Sony were. We could wake up one morning and find detailed information about our Uber rides, our Amazon purchases, our subscriptions to pornographic websites -- anything we do on the Internet -- published and available. It's not likely, but it's certainly possible.

Right now, you can search the Ashley Madison database for any e-mail address, and read that person's details. You can search the Sony data dump and read the personal chatter of people who work for the company. Tempting though it may be, there are many reasons not to search for people you know on Ashley Madison. The one I most want to focus on is context. An e-mail address might be in that database for many reasons, not all of them lascivious. But if you find your spouse or your friend in there, you don't necessarily know the context. It's the same with the Sony employee e-mails, and the data from whatever company is doxed next. You'll be able to read the data, but without the full story, it can be hard to judge the meaning of what you're reading.

Even so, of course people are going to look. Reporters will search for public figures. Individuals will search for people they know. Secrets will be read and passed around. Anguish and embarrassment will result. In some cases, lives will be destroyed.

Privacy isn't about hiding something. It's about being able to control how we present ourselves to the world. It's about maintaining a public face while at the same time being permitted private thoughts and actions. It's about personal dignity.

Organizational doxing is a powerful attack against organizations, and one that will continue because it's so effective. And while the network owners and the hackers might be battling it out for their own reasons, sometimes it's our data that's the prize. Having information we thought private turn out to be public and searchable is what happens when the hackers win. It's a result of the information age that hasn't been fully appreciated, and one that we're still not prepared to face.

This essay previously appeared on the Atlantic.

Posted on September 9, 2015 at 8:42 AM • 45 Comments

Comments

K.S.September 9, 2015 9:23 AM

I am cautiously optimistic that if not AM, then next big leaks will lead to general public questioning widespread collection of personal data by commercial entities. As of today, almost nobody cares about pervasive for-profit tracking because downsides are not well-understood. This will change.

GregWSeptember 9, 2015 9:37 AM

On the subject of organizational doxxing, as a practical matter I find myself wondering whether this potential for organizational doxxing of email is mitigated or exacerbated by moving one's email to, say, gmail-in-the-cloud versus on-premises Exchange or whether it's kind of a wash.

It seems like despite the downsides of off-premises webmail you might be better off with the protections there unless you dedicate substantial resources to monitoring Exchange and your network and servers. There are some tools in place but I have no idea if the monitoring is really decent/sufficient in-house. My guess is that stuff internally is rarely watched or looked at. But I find it pretty deeply ironic that pushing the email off-site might "improve" our security.

Beyond organizational doxxing, even the earlier "all-your-email-gets-compromised" security issue more generally has raised behavioral questions for me in recent years.

Given the possibility of stored emails being a juicy target for attackers, I've found myself several times in recent years wondering whether to report security issues in our company (which our security policy mandates I report) over email or in-person. It always seemed plausible to me that a hacker might access emails in our company before finding some of the holes I've found and I didn't particularly want to give a roadmap that would allow deeper exploitation or persistence. In-person is more secure and avoids raising liability issues for the company, but it leaves no "paper trail" that protects me and no paper trail to push the company or individual in charge to do something. I've found myself doing a mix of either depending mostly on how badly embarrassing and unlikely to get fixed the issue was in my judgement. What do you all do?

Another thing I find tricky advising corporate management on is the transmission of passwords via email and on corporate intranet sites. One can say "don't do it" but it's hard to stem the tide. We aren't big enough and it's nobody's job to police the policy so what you don't measure doesn't get managed. Of course a major aspect of the problem is that there are shared accounts to which multiple people share credentials to begin with, but it's a (web service) software shop and the software often runs as a particular service account/user and those credentials inevitably get passed around for operational or debugging reasons. I've been at companies where they would send the password in a separate email from the user credentials but the flaw in that is pretty obvious. Personally I always just think: "could a hacker easily find this password if given access to all emails and search capability" but it's hard to get your whole org to think this way, and the various rule-based mitigations I've run across (put passwords in a separate email from the login credentials, or communicate the more-easily-remembered username out-of-band, or don't use the word "password" in the email) are all a little leaky or annoying enough that people don't do them. As a general rule in the company security policy we encourage people to put passwords in their wallet or purse if they have to be written down, but its the password transmission in training materials or email discussions where imho we don't do well. Is there a preferred approach?

(Oh, the other approach I've considered advocating is service password rotation so at least the emailed passwords get stale more quickly. Is their really a substantial risk reduction obtained by rotating our operational service passwords at the risk of breaking our operational services to push management to adopt this business process? Sure once we get the kinks worked out it's not that big a deal but it's hard to push for the effort to deal with this if one can't clearly advocate for the degree of risk reduction.)

wtfSeptember 9, 2015 9:43 AM

AT&T is underwriting National Public Radio with a message that says in part "with AT&T the network is On Demand, the office is mobile and the cloud is designed for high security."

Can we sue them for false advertising? AT&T doesn't even control the security of "the cloud"

d33tSeptember 9, 2015 9:47 AM

"Privacy isn't about hiding something. It's about being able to control how we present ourselves to the world. It's about maintaining a public face while at the same time being permitted private thoughts and actions. It's about personal dignity."

In this day and age, knowing "they" will never stop collecting all available information about people and their private lives, I choose to embrace this fact. One of my favorite games is to provide as much false information as possible along with real information to the machine. As far as I'm concerned, providing false information to a machine about things that will never be any of its business is perfectly fair game. The machine will swallow lies just as quickly as the truth too, which is pretty sweet. If my government, society, service providers choose to treat me as a number, not as a human or at least as the naked ape that I am, then disinformation is one form of self defense I can use to fight back. Most times information gathered about me is horribly flawed anyways.

I still need to write a Chrome or FF extension that uses something like https://www.google.com/trends/ to randomly pick and then search for topics in the background as I work with a browser. Something like that probably exists already I'm sure, but writing one of my own would likely be a better approach nowadays. Every other search will probably be something sexually related. It doesn't matter what, as long as I didn't really choose to search for it and it's "hot".

If busted for thought crime, I'll blame it all on the plugin.

AJWMSeptember 9, 2015 10:08 AM

I've been using email for 35-ish years (long before public access to the internet) and always assumed somebody other than the intended recipient could read it (the sysadmin, at the very least), so never put anything in there that would be personally embarassing if made public. On the other hand, I did my military service in the Signal Corps, so communications security was drummed into me at an early age.

@d33t:

Yes, this. Raise the noise level. For general statistical analysis it doesn't matter much anyway (in fact there are survey techniques where respondents deliberately randomize their answers (eg by dice roll) a percentage of the time to allow plausible deniability to specific (potentially embarassing) answers; with enough data the correlations can still be teased out).

And a browser plugin which occasionally searches for a random word or phrase (selected from an optional user-supplied list?) would be wonderful. Something I've been thinking about for a while too. (OTOH, as a writer, my search history is pretty eclectic as it is; it's amazing the rabbit holes you tend to follow when doing story research.)

MikeASeptember 9, 2015 10:40 AM

@Daniel: "blast radius" may feel old to you, but it communicates "likely area or population affected by collateral damage" in fewer keystrokes. Maybe Bruce is practicing for Twitter.

@GregW: Password aging is a marginal idea anyway, but combining it with sending out the new passwords to all and sundry via email strikes me as madness. Especially if they all expire on a predictable schedule. Reminds me of the mail-theft rings that only bother to go over to the local subsidized housing on the day Social Security checks are delivered.

uh, MikeSeptember 9, 2015 10:42 AM

I was buying a week of timeshare, and since I was paying cash, the salesman told me I didn't have to provide my Social Security number.

I thanked him, mentioning my credential, and the reason why collecting unneeded data is bad.

I didn't do MySpace, Facebook, the family tree outfit, or other gratuitous self-doxing services. I keep my email backlog cleaned up. I have a personal, and a separate commercial email address.

Some of us have been paranoid from the beginning. The rest? Your data will age and lose its value over time.

ianfSeptember 9, 2015 10:44 AM

Gosh, Daniel, Bruce's organizatorial dox[x]ing blast radius is exactly right & very precise. Who'd have thought forging of apt neologisms would be on Bruce's CV?

DanielSeptember 9, 2015 10:54 AM

@Uh, Mike

The problem is that it isn't always possible to pay with cash. I bought something on e-bay recently because there was no way to get it locally.

So here are the players that know what I bought.

(1) e-Bay
(2) Paypal
(3) My CC company
(4) The third-party shipper.
(5) my e-mail provider.

And these are just the people with direct knowledge and don't include secondary players.

So the good news is that I could buy something I would not have otherwise be able to buy. The bad news is that I spread my information everywhere.

blakeSeptember 9, 2015 11:23 AM

@Daniel
> The bad news is that I spread my information everywhere.

Yes, that is part of the cost of online transactions, as indicated by the last sentence of the article:

> It's a result of the information age that hasn't been fully appreciated, and one that we're still not prepared to face.

WayneSeptember 9, 2015 11:59 AM

@D33t: be sure to put a randomizer in the timer between searches so it looks more like a person doing it. I'd pay money for it.


One thing I'm curious about the AM hack. The CTO bragged in an email about hacking another dating site and I believe it said he stole their entire user base. I'm curious if he inserted those people in to AM, does anyone have any info?

There was an article about a man who found himself in the AM hack. Turned out another person with a similar name created an account, they were able to confront the man and the guy's wife was totally accepting as to what happened.


And there's always https://haveibeenpwned.com/ to see if your email(s) address(es) appear in any breaches. Two of mine were compromised thanks to Adobe.

Clive RobinsonSeptember 9, 2015 12:22 PM

A question for people to think about...

In the past thirty years or so of Internet and Email there have been so many cases of people being embarrassed by the actions of others. So why on earth do people think anything they type or link they click on is not going to appear in public to embarrass them at a later date?

Even though I try to be cautious to the point others think it borders on paranoia, there are a couple of times I've been embarrassed by both an Email I've sent and a link I clicked on.

In the case of email it was the change from Lotus to Micro$haft at a company I was working at. A sales person clicked on the wrongly named link in the company address book and a message I'd sent to the sales person containing a mildly worded warning that a re-seller was very slow on sending back sales details so customers could be supported properly ended up going to the re-seller and others... not to the internal sales managment team as it was intended.

Not my fault as such, but I got the fallout nether the less...

I don't know how many times a day such inadvertant mistakes get made, let alone quite deliberate actions when people think it's funny or gives them a sense of power.

I'm aware of Richard Branson (Virgin boss) sending out an internal mail advert to sell a pair of womens shoes. Not, his but his assistants who --against all security advise-- had been logged into his Email account. Yes it provided the staff with a giggle and Richard got a little good natured leg pulling over it, but it could have been worse

But why do people send racey/raunchy "love poems" and intimate pictures etc, it just strikes me as being mad...

As was once pointed out to me about that old fashioned process of writing a letter, there are worse sins than bad handwriting, writing in anger or haste is not wise, thus "Always assume your worst enemy is going to see what you put on paper".

ianfSeptember 9, 2015 1:24 PM

@ GregW

Re: whether potential for organizational doxxing of email is mitigated or exacerbated by moving one's email to, say, gmail-in-the-cloud versus on-premises Exchange

My gut impression is that, while one is more susceptible to NSA/ etc. hoovering up one's data out of Google, there is lesser risk of those being stolen, thus later doxxed, via an outside breach. YGMV ;-))


Re: porting security risks or breaches OR NOT

It depends on the context & who is, how competent is the person receiving it. I've had bad experiences doing it face to face with admins of various (by and large mere office, nothing critical) networks. But that was when I was assumed competing for their job—which I might have been. I fared better when I raised "theoretical" concerns that I already knew were real in departmental (equiv.) meetings. Then the admins present, or alerted by their peers, instantly recognized that "my threats" were already deployed/ needed to be plugged. But as a result I was never too popular with that crowd due to knowing bit too much about their assumed-zeecret knowledge domains.

Re: LAN-distribution of passwords

A sysadmin friend of mine swears by this perl-automated method (~200+ people, relatively low turnover organization, all tech degrees): each user or new employee stops by his workstation, and has the password distribution system demoed. Then s/he picks a MASTER "what do you first think of" word of minimum 8 letters—can be a cat's conjoined 2 names, or whatever. This gets typed by the user into the sysadmin's private encrypted database, and becomes the middle part of a twice-yearly changing password made up of a 3-6 letter prefix (+ the SECRETWORDS) + 3-6 letter postfix.

These combinations are generated automagically by a secure cron job, and then mailed internally to end users in "prefix[*]postfix" format. The usable password then becomes prefixSECRETWORDSpostfix, and is 14-20 chars long. A (hard to remember, say) password can be refused by the user, and a new one requested at any time. In addition to that, the users are prevented from pasting the passwords in, string has to be typed in a character (micro-delay) at a time. The MASTER word gets changed every 3rd year, and is checked against reuse.

Previous passwords continue to work during a 48 hour transition period. If the user enters just "prefix[*]postfix," or a version thereof, a new combo password is generated & the user advised about it. The combinations are not reused, and the prefixes are of ~20000 English, French & Spanish dictionary and made-up, but pronounceable words (I think I described it truthfully, and was told it was easy to explain en face with a sample like "tin2missPixielogo"). Lastly, the new password email gets deleted 36 hours after it's been read. I hear it's been fairly unproblematic in the 10+ years of use.

Bob S.September 9, 2015 2:10 PM

As a preface I will say I have no faith at all the US government, or any government, will do anything to restore our rights or protect us from predation of our electronic communication.

With that said, ...what if the various agencies and corporations that loose third party data, or first or second party data, faced stiff financial penalites for allowing our emails to be read by millions of people, or even a few crooks, government voyeurs or insiders?

How about a $10,000 fine with automatic restituion to the victim of $10,000 for every singe record, email, phone number, email address, whatever, lost to hackers, crackers, theives and foreign or domestic governments?

But, that's not going to happen, is it?

Now the government agency or corporate ne'er do well says,

"We are sorry". That's it. Problem solved until the next breach.

OK, Target et al had to pay back VISA and so on, but that's the jackals fighting among themselves. The people whose data was lost get nothing, except maybe yet another new shiny credit card to replace the one lost to the nether world.

It's up to us to protect our stuff. The essential first step is to convince people that's the bottom line.

d33tSeptember 9, 2015 2:10 PM

@AJWM
This kind of bot definitely won't stop the analysis of group behavior since there is always a big sample of users / fake users to watch.

@Wayne
Timing randomization would be good.

Maybe it would be a better fit while using the TOR network? Although it would consume more bandwidth than the average user for sure. It would be funny to have it also trigger from ads fed to the user via Google services / other. Metaspy would have been a good trigger. If the bot noise has decent enough bandwidth and followed a natural chaos that allowed it to mimic reality, it could be tuned over time also.

Maybe Google Ads would need captchas to verify real consumers eventually?

ianfSeptember 9, 2015 2:32 PM

@ Bob S How about a $10,000 fine with automatic restituion to the victim of $10,000 for every singe record, email, phone number, email address, whatever, lost to hackers, crackers, theives and foreign or domestic governments?

All the baddies would need to do is to declare bankruptcy & they're home free. So #fuggedaboutit.

Alan KaminskySeptember 9, 2015 2:40 PM

@Clive

As was once pointed out to me about that old fashioned process of writing a letter, there are worse sins than bad handwriting, writing in anger or haste is not wise, thus "Always assume your worst enemy is going to see what you put on paper".

With a physical letter, you seal it, you carry it to the mailbox, you drop it in. The letter leaves your hands. You see it going out there. You are aware that the letter is now in a place where you can't control what happens to it. The recipient won't get the letter until several days later. (All this if you were born in a certain decade, as I was and as I'm guessing you were, Clive.)

With an email, there is no such cognitive reinforcement. You click "Send" on the email, and it's apparently no different from clicking "Save" on a file. The window goes away, and the email is in the computer somewhere. But you don't see anything physically leaving your hands. There's nothing to show that the email is now out there out of your control. In fact, it looks as though the email is still in your machine, in your Sent Messages folder.

Perhaps this is why younger people in general apparently give no thought to what they put in their emails, Facebook posts, tweets, etc. They literally do not think anything is going out there. Their content just magically disappears from their screen and instantly reappears on someone else's screen without traversing the space in between, as though there were a wormhole directly between the two machines.

albertSeptember 9, 2015 4:22 PM

@Alan Kaminsky,

It's all about trust, isn't it? Letters used to be sealed with wax, marked with a crest. Remember when notaries had embossing stamps? Telephones were a remarkable invention (thank you, Don Ameche). You could be reasonably sure you were talking to friend, unless he had Rich Little on the line. Video chat was even better (unless your friend looks like Rich Little). That's cognitive reinforcement.
.
Now we got nearly instant email and texting* and twitter. How many movie/novel plots use the cliche of the bad guy using the good guys phone to set a trap, by texting of course.
.
My favorite TV ad is the one where the lady in the airport telling her friend how much fun her Hawaiian vacation will be, and a guy in a mask replies, "Have a nice trip!".
.
In the blogosphere, one hardly ever knows who one is talking to, or where they are located, so one can easily diss others with little fear of retaliation (see Popehat.com for many examples of real (but mostly illegal) retaliation.)
.
I could easily call you a douchebag here (which is protected speech), without much consideration, but I doubt I could do it face-to-face. Real douchebags it seems, are sensitive to good-natured ball-busting. OTOH, I have friends and family who are absolutely addicted to Fascebook and twitter, and they actually believe that only friends and family can see their posts, that emails are private, and that America is beautiful (OK, that last point was uncalled for)
.
Tweeting has led to folks being fired, marriages dissolved, families broken, lawsuits bankrupting innocent individuals, fights, and assaults.
.
While there are younger folks who may think there's 'nothing going out there', for most, it's a matter of not thinking at all. Why? Because they haven't been educated. Maybe this wave of super-doxing will wake 'em up.
.
For the fun side of twitter (and the Internet Illusion), see: https://twitter.com/DPRK_News, and: http://popehat.com/2014/12/20/the-curious-case-of-the-t-v-attorney-and-twitter/
.
Don'cha just love the foolishness of it all?

...........
*an absolutely brilliant way for telcos to save bandwidth and VM overhead. Twitter is the internet equivalent.
. .. . .. o

Medical Records TargetedSeptember 9, 2015 4:28 PM

One of the primary targets is your HIPAA ‘protected’ medical history. The gov’t and Big-Data are compelling doctors to store your most personal afflictions in the cloud. Their wireless patient room laptops are vulnerable. Doctors specialize in medicine not computer hacking!

The second related technology is company’s collection vast databases of our medical prescription or ePrescribe. For companies like DrFirst a major issue is positive patient verification as prescriptions cannot be mixed-up between patients ever. So they are quietly resorting to Social Security Numbers!

My new doctor asked for my SSN after I refused to write it on the new patient form. They admitted that it was ONLY for bill collection purposes. However this is not true.
When a doctor writes and e-prescription the doctor must input your Social Security Number.

Electronic Health Records are not safe ANYWHERE in the world:
Wikipedia:
In 2013, reports based on documents released by Edward Snowden revealed that the NSA had succeeded in breaking the encryption codes protecting electronic health records, among other databases.
In 2015, 4.5 million health records were hacked at UCLA Medical Center.
https://en.wikipedia.org/wiki/Electronic_health_record

WinterSeptember 9, 2015 5:04 PM

"The one I most want to focus on is context."

The Humanists were telling us centuries ago that you should read words in historical context. Since then, linguistics has shown us in every possible way that "meaning" is only present in a "context".

So why are witch hunters still crucifying random people based on single tweets or random jokes "out of context"?

I can only think of one reason: They want their public crucifiction and witch burning. And they do not want to be hold back by details like what was really said or done.

People are searching these databases for sticks they can use to beat up people. Any stick will do.

BoppingAroundSeptember 9, 2015 5:08 PM

Clive Robinson,
> So why on earth do people think anything they type or link they click on is
> not going to appear in public to embarrass them at a later date?

To go for the most obvious...

'Uh, the chances of that happening are close to nil. Not going to happen to me.'
'You gotta live. What now, fear any shadow?'
'I'm no celebrity, why would anyone care about my stuff?'

This type of recklessness can be observed in other aspects of life as well.
Doing over 70 mph on a wet slippery road. Eating food that smells funny (that is, most
likely to be spoilt). Walking dangerously close to construction sites. Drinking
too much spirits.

Perhaps it has something with imprinting a less acute self-preservation
mechanism. Being the risk-taking type. As well as 'having it easy' when, for any reason, one has been lucky not to get oneself in any kind of [big] trouble.

Add in that the threat of such embarassment is perceived as more distant than
close. Which only gives more incentives not to care much about it.

> As was once pointed out to me about that old fashioned process of writing a
> letter, there are worse sins than bad handwriting, writing in anger or haste
> is not wise, thus "Always assume your worst enemy is going to see what you put
> on paper".

I really like how people from the former commie republics put it in a form of a joke, 5 rules of living under a Communist regime:

1. Do not think.
2. If you think, do not speak.
3. If you think and speak, do not write.
4. If you think, speak and write, do not sign.
5. If you think, speak, write and sign, do not be surprised.

p34tSeptember 9, 2015 8:20 PM

Bruce, I love you, but there's no proof that North Korea hacked Sony beyond the FBI saying so. We should know better who to trust.

albertSeptember 9, 2015 8:41 PM

@BoppingAround,
Why should those 5 rules apply only to communist regimes. Don't they work well in any totalitarian state? How about a fascist or quasi-fascist state?
.
@p34t,
Let's see, DPRK, or the FBI...sometimes life gives us difficult decisions....Maybe the FBI did it, to frame NK. They do spend a lot of time going after copyright violators. Look for a blockbuster action movie about the FBI fighting cyber-terrorists...from Sony Media!
.
Cyber-terrorism provides a veritable cornucopia of enemies to fight. Real or imagined, it's all virtual.
. .. . .. o

geogriffinSeptember 9, 2015 9:51 PM

"Google can draw a surprisingly intimate portrait of what we're thinking about from our Internet searches" -- though this reminds me of a certain book:

"What does a scanner see? I mean, really see? Into the head? Down into the heart? Does a passive infrared scanner like they used to use or a cube-type holo-scanner like they use these days, the latest thing, see into me - into us - clearly or darkly? ... Because, he thought, if the scanner sees only darkly, the way I myself do, then we are cursed, cursed again and like we have been continually, and we'll wind up dead this way, knowing very little and getting that little fragment wrong too."

food for thought...

NameSeptember 10, 2015 12:16 AM

The recent WP article about the L0pht members explained that today's lawmakers lack any incentive to legislate against sloppy internet practices by anyone. As if their paychecks aren't "incentive to do their jobs"? Well then what about that essentially self-inflicted OPM hemorrhage? Sony, Ashley Madison, Manning or Snowden (PBUH)? I have trouble wrapping my mind around this. The coming IoT, with it's hackable light-bulbs and hackable cars and who-knows-what (hackable Hoover Damns, Jet airliners, Tomahawks & ICBMs?) is truly terrifying. It's like a government experiment against all society.

When I first heard about the cloud storage nearly 15 years ago, I scoffed. Now I scoff at my 15-years-ago self instead. Orwell was an optimist!

rgaffSeptember 10, 2015 12:45 AM

@Name

"OPM hemorrhage? Sony, Ashley Madison, Manning or Snowden (PBUH)? ... hackable light-bulbs and hackable cars and who-knows-what (hackable Hoover Damns, Jet airliners, Tomahawks & ICBMs?)"

The thing is, our lawmakers are still under the impression that all they need to do is just "get tough on crime" and make it MORE illegal to hack things, stronger penalties, longer time periods in prison, etc, and that's enough. Every problem has that kind of solution to them.

The fact that all our electronic things are weak, and maybe THAT should be fixed, never enters their minds.

ianfSeptember 10, 2015 1:00 AM

… essentially self-inflicted OPM hemorrhage? Sony, Ashley Madison, Manning or Snowden (PBUH)

PBUH TOO CRYPTIC TO COMPUTE. Other than that, the various spectacular data heists & security breaches do indeed "smell" of the affected bodies managements' lack of foresight, no advance disaster planning, and in fact arrogantly-suicidal mode of operations.

It's sort of understandable in case of governmental OPM & the NSA+DoD-uality, given that they by and large are unsupervised in their respective sandboxes—so what did they care, their funding would unlikely be drying up NO MATTER WHAT. It's more of a stretch to accept that the powers that be of SONY and AshleyMadison weren't a.w.a.r.e. of what might happen when they set up such unsecured databases & failed to keep a.w.a.k.e.

ToleranceSeptember 10, 2015 7:16 AM

"Privacy isn't about hiding something. It's about being able to control how we present ourselves to the world. It's about maintaining a public face while at the same time being permitted private thoughts and actions. It's about personal dignity."

As more people's secrets are exposed, people will eventually realize that we all have little secrets and be less judgmental. People will become more tolerant.

As just one example, the more people who come out of the closet, the easier it becomes for others, the more socially acceptable it is to acknowledge that you're not straight.

BoppingAroundSeptember 10, 2015 9:35 AM

albert,
I'm just re-telling an old joke. It does indeed apply to other kinds of
totalitarian environments but I guess the environment of the day, when the joke
was conceived, used to be of Communist origin primarily.

albertSeptember 10, 2015 11:23 AM

@BoppingAround,
I understand. It's somewhat comforting to know that humor existed in Communist states. "..."Always assume your worst enemy is going to see what you put on paper"...." And your best friend, as well! It must have been a bitch to be a standup comic back then. I guess I'll have to start writing a standup routine for comics in totalitarian states.
.
@ianf,
In the case of DOD and NSA, yes, infinite funding; for OPM, no, they're just bean counters. Ditto for the VA, necessary, but undesired money drains. In the case of the corporocrats, money lust* overrides careful evaluation. Then there is the possibility that they're just ignorant. JFK said he was amazed at how "second-rate" to top movers and shakers were.
.
@rgaff,
It's puzzling, isn't it? How does this happen among reasonably intelligent people? It's not rocket science (which, ironically, we do fairly well). I can see saving money and throwing the dice (Ford kicked the can down the road for 20 years before fixing their rolley-polley Explorers, which cost them tens of millions in legal settlements, and God only knows how much in legal fees). I can't see sittin' and fiddlin' waiting for Rome to burn. We don't need more and tougher laws (presenting, as evidence, the 'War on Drugs'; I rest my case). What the hell good do draconian penalties do when our water supply systems shut down, our electrical grid blows out, our planes and trains crash, and our cars and trucks stop running. Surprisingly simple hacking can bring down a countries entire industrial infrastructure. This is far more serious than any AM or Sony hack.
.
I know, I know, I'm ranting again. I hate to see folks hurt by any means, especially by hacking, especially when it's so preventable. I don't give a RSA for what might happen Sony Media or AM. AM customers should consider that hack fallout as a form of karma. You pays your money, you takes your chances. Don't bother me with prattle about innocent spouses and children being hurt. AM certainly isn't responsible for that. That blame rests solely on their customers. Since adultery is illegal in many states, I wonder why they haven't been sued yet. States could initiate those suits on their own, IIRC.

..............
*gold fever
. .. . .. o

BoppingAroundSeptember 10, 2015 4:38 PM

albert,
Of course it existed :-) As someone put it, there is no fate that cannot be
surmounted by scorn.

If you are interested, look up 'East Germany jokes'. That's one instance of such
jokes that I know exists translated to English. Not sure about the other parts.

Some of them require a mild knowledge of history to put things in the right
context.

'What is the favourite sport of CPSU Central Committee?'
'Gun carriage races around the Red Square.'

(Hinting the high number of state funerals during the 1980s and the usual
funeral ceremony.)

BartSeptember 10, 2015 6:10 PM

"Privacy isn't about hiding something. It's about being able to control how we present ourselves to the world. It's about maintaining a public face while at the same time being permitted private thoughts and actions. It's about personal dignity."

I'm pretty sure FIFA's president will like that statement. Or Tiger Woods. Or the users of Ashley Madison. They had nothing to hide. Until their data was breached. Suddenly they had things to hide.

Privacy has always been about hiding something. Privacy IS abused, until today, to cover up corruption, racism, corporate mistakes with death as a result, and all other bad things in the world. Privacy is never used to cover up something good. People flaunt everything that is good. See Facebook, aka the book of successes and achievements stripped of failures.

I grew up with the internet already being around, and I'm grateful for that. In my experience, one of the good things about the internet is that it allows to expose people who do wrong. People who were able to hide their wrongdoings in the past, are now finding their history being leaked. And I think it's ironic to see how older generations, who are accustomed to the idea that they can hide all (or most of) their wrongdoings under the "privacy" blanket, are freaking out every time their blanket shrinks. But they have good reason to obviously. This year, Ashley Madison's users were exposed. Maybe it will be their turn next year. Even though they had nothing to hide, right? I mean, just like the Ashley Madison userbase, right?

No one should be able to "control" how they present themselves to the world. There's just one version of you, that is your authentic you and not a fabricated you. Again, recorded history of mankind has proven again and again that no one uses this control ability for the better. Straight and gay people would have been treated equally for centuries already if the latter weren't able to hide their orientation. It's also quite the contradiction to plead for a control ability, while young people are at the same time always being advised to just be theirselves.

As a young person I can't wait for the day that all information about anyone will be freely available. But don't think that I will poke around in your medical records or your web history. Really, I don't care. You're a human, which means that you have strengths and flaws. I know that already. I have those too. All pretty normal. What I do care about is that my children will live in a society that is more secure than the explosive "privacy"-society you're giving to us, because committing any crime will take enormous amounts of energy and time to avoid being preliminary detected (I'm not saying that crime will be eliminated). Where I am able to consult the background and location history of their teachers (without having to blindly trust the school's word). Where I know that their job search will be unaffected by lies and favoritism because all applicants and the corporate's hiring decisions are published. And so on. Generations of disadvantaged people dreamt about this kind of transparency. The internet is finally making this possible. It is happening right now.

Look around you, privacy keeps diminishing. It will eventually disappear. Within decades, privacy will be a remnant of the past. But in return we will have amazing technology that will be able to integrate our personal data and protect and assist us on a much more individual scale than today. And that will make us stronger and less afraid/insecure humans who are accepted for who they really are, ready to tackle more difficult challenges than today. There's really no reason to be afraid of the future, it will only get better.

Disclaimer: I'm very concerned about the subject of internet privacy, and often choose this subject to discuss internet freedom. The text above is my abbreviated but honest and real opinion and also accurately describes my experiences. I use generalizations (for example: older generations) as appropriate. From its definition it follows that a generalization does not necessarily imply that I'm talking about you, even if you may fit the demographic target. While the subject often comes up in heated discussions, it's not my intent to provoke strong emotions. I welcome and read all rational responses which may or may not agree with my opinion .

rgaffSeptember 10, 2015 8:25 PM

@ Bart

I disagree, but I'm glad to hear an alternate view, put forth in an honest and clear fashion.

Since you don't believe in any privacy, and you believe that a total lack of privacy makes everything better... will you please publicly share the following information about yourself:

- your full real name
- all your bank account numbers
- all your credit/debit card numbers
- all your pin numbers
- social security number
- mother's maiden name
- city of birth
- drivers license number
- passport number (and country of citizenship, of course)
- phone number
- snail mail address
- email addresses
- your login and password to your computer(s)
- full list of user names everywhere you have ever registered for anything
- full list of matching passwords for everywhere you've ever registered
- a detailed close-up picture of your face, suitable for creating a picture-id

Additionally, I would ask that you please refrain from wearing clothes any longer, and please publicly blog a full train of every random thought that ever pops into your head day and night, whether you are proud of it or not.

At some point, I propose that if you do all this, you might realize that, even when you've done nothing wrong, the truth can hurt you, because not everyone in the world has only good intentions toward you. This is why true freedom and safety requires some privacy. it might be different if there were no evil in the world, but that's not the world we live in.

DanielSeptember 10, 2015 8:28 PM

@Bart.

So let's assume that everything you state is correct. I'll grant every point you make. Still, even granting every point you make you have only analyzed 1/2 the problem.

The part you are missing is called propaganda. Because even if everyone knew everything about everyone else there is not a equal power distribution. So even if I know everything about President Obama and President Obama knows everything about me our ability to act on that knowledge is not the same. If he learns I am a secret spy, for example, he can send the entire army to kill me. But if I discover he is a secret spy, what can I do? Nothing.

So it follows that if the government can see everything that means that they can do anything with it, including making propaganda that tells me what to eat, what to wear, and even what to think. And I have no power the other way around.

So fundamentally privacy is not about an information imbalance--it's about a power imbalance. And until you address the power imbalance your argument is shit.

name.withheld.for.obvious.reasonsSeptember 11, 2015 1:39 AM

@ Bart

Look around you, privacy keeps diminishing. It will eventually disappear. Within decades, privacy will be a remnant of the past. But in return we will have amazing technology that will be able to integrate our personal data and protect and assist us on a much more individual scale than today. And that will make us stronger and less afraid/insecure humans who are accepted for who they really are, ready to tackle more difficult challenges than today. There's really no reason to be afraid of the future, it will only get better.

Have you read any of Bruce Schneier's Books, two Specifically, "Secrets and Lies" and "Liars and Outliers"? In combination one might understand, maybe experience an epiphany, that society makes progress (specific and general improvements, such as the end of slavery) in starts and fits due to both experience and knowledge.

I will simply state the without perfect knowledge and WISDOM, the inability to maintain private spaces (either property or ephemeral) dooms society to regress--to support repression. Without privacy, we, the society as a whole enforces behavioral pasteurization that resembles something seen in Germany in the late 20's and early 30's.

In suppressing free or dissident thought or forcing "prior restraint", boundaries expressed by social norms (under a "no more secrets") society begins to question behaviors in a scoped fashion. As "systems" constrain behaviors as abhorrent the response time of these actions will quash and minimize what might be an act that is part of a larger set of events that represents a revolutionary advance in some form of human endeavor. I'd argue that if you use your model, set the clock back to 1740, and observe the advances of the colonies in the Americas. My bet, the formation of the first democratic republic ruled by entities without pedigree or royal origins (the common [wo]man).

tyrSeptember 11, 2015 3:13 AM


@Bart

Please find time to read a history book and pay attention
to minor stuff like the St Bartholemu massacre. Notice
that it happened in the same country that massacred the
Albigensians and the Gnostics for thinking bad thoughts.

If you are in the majority like the american indian in
1500 you have nothing to fear from full disclosure until
the power balance shifts. Take the time to run your idea
about homosexuals only needing exposure to achieve a
modicum of equality past someone who lived before the
Stonewall riot and was gay then. Find someone who was
around during the 1960s and ask them why it was so hard
to get negroes equal legal recognition in the land of
the free. Full disclosure is all about leverage over
anyone who doesn't fit the changing picture of a norm.
Since the committee to investigate claims of normality
hasn't found any yet everyone is at risk from over exposure.

None of the brutal and nasty things humans have done to
each other in the history books have gone away, they still
occur everyday and just because your own experience is
limited doesn't make you safe from any of them happening
to you if the political climate shifts.

Dirk PraetSeptember 11, 2015 6:44 AM

@ Bart

Within decades, privacy will be a remnant of the past. But in return we will have amazing technology that will be able to integrate our personal data and protect and assist us on a much more individual scale than today.

You undoubtedly mean well, but there is exactly no basis in the real world for what you're describing. What we are seeing today is actually the exact opposite of what you are claiming.

I am especially surprised that you are still buying into the "nothing to hide" fallacy. That's just not how things work. Privacy, like food and water, is a basic human need. Everybody knows what you're doing on the toilet and in your bedroom, but that doesn't mean you're going to invite other people in, let alone record it. What you do is close the door, because what you're doing there is simply none of anybody's business.

BoppingAroundSeptember 11, 2015 9:57 AM

Bart,
> Straight and gay people would have been treated equally for centuries already
> if the latter weren't able to hide their orientation.

What makes you believe that?

> But don't think that I will poke around in your medical records or your web
> history.

Maybe you won't. I'm not so sure about the others.

I don't really buy the 'transparent society' wash. What I think it might bring,
is more divide between those with guns and those who dig. You'd 'know'
things, but what will you be able to do about them? Blab on Facebook about it?

The recent NSA clusterfuck, for example. You know about it yet you cannot stop
it. You don't seem to be able to stop it.

What makes you believe things will go the better route? Have sanctimony and
hypocrisy been eradicated?

What makes you believe the big cats will relieve the power they have now and
join you in your 'fair play' instead of getting whatever advantage there is to
get over everyone else?

Nice fairy tale anyway.

BuckSeptember 11, 2015 9:11 PM

  • Society comes to accept the fact that sometimes people act out of anger, curiosity, haste, love, superstition, etc. in ways that could potentially be embarrassing when taken out of context. Everyone does it, and it's their own private business as long as no one else is being harmed. Those who would seek to take advantage by exploiting the secrets of others are seen as madmen and sent to be rehabilitated or otherwise shunned by society at large.
  • Everyone shares an image of themselves as they'd like to be seen by others. For those who choose not to share or are caught in a lie, the social repercussions are swift and severe.
  • An amazingly great amount of chaff is deployed to protect the wheat of truth from the others -- which will eventually lead us back to the violently fearful tribal societies of yore.
  • The ruling class will use their reams of wealth to hire hoards of PR teams and discrete service providers in order to avoid public shame. This knowledge will be passed down through their progeny and maybe some other chosen ones... Meanwhile, the working classes will be expected to share everything for fear of being denied employment.
The former would never come to pass without great pains -- consider how profitable it can be to destroy individual privacy in secret, and then launder your ill-gotten gains through incomprehensibly advanced algorithms and other obscure financial or legal mechanisms...


The latter is the most obvious progression based on my own personal understanding of historical events. To sustain it would likely require a considerable increase in censorship, public demonization of rogue journalists, and a massive movement towards more militarized police forces. Even then, how long can it last until the 21st century digital version of the guillotine.

Of course there's always a wildcard -- be it global thermonuclear warfare or a solar flare in just the right spot that wipes it all clean, I doubt anyone would waste a second thought about these trivial matters of privacy at that point in time...

hungerburgSeptember 12, 2015 9:41 PM

Bruce, last I read here, that the Sony Hack cannot be attributed with certainty to any part; now that seems to have changed, its North Korea for sure, you say?

gompySeptember 14, 2015 4:24 AM

@hungerburg

Bruce already said that numerous times when nsa top dog called it a nork act. It's the few occasions, as far as I know, where Bruce delegated judgement sans evidence ie wo due diligence to an official response. that says a lot... so I'm going to believe it.

Jeffrey DeutschOctober 10, 2015 7:50 PM

Even in the year 2015, some of our best and brightest still don't get it.

This past summer, I contacted a state office for hiring attorneys to represent indigent defendants for bond hearings and arraignments, on behalf of a lawyer I know who wanted to apply. Their application form requested, among other things, a Social Security Number*...and the first application method listed is email!

So I explained that the attorney is not comfortable putting any part of an SSN over insecure email, and asked if the application could instead be faxed or mailed, or if the attorney could email the application form without the SSN and separately call the office to give the SSN.

Their response: "our email is secure...." Wow...when did they acquire the whole nationwide email network? Not to mention foolproof security measures (assuming those even exist)?

(They allowed that faxing the application would be OK, so I didn't make an issue of it.)

On another front, an online tutoring service I work for asks each tutor, shortly before his or her earnings in a year approach $600.00**, to fill out a tax form...including their Social Security Number*.

But their site doesn't even have a secure page to enter that information...so the company asks tutors to email in the forms. Or make an appointment for one of the company people to call them for the information. And I see tutors (as recently as a week or two ago) seriously suggesting, say, emailing one half of the SSN in one message and emailing the other half in another, and/or not using the term "Social Security" in the email.

I wasn't having any. When my turn came last fall, I explained my concerns and asked permission to paper mail them the form. They said OK, I mailed it and they got it.

But even now when they ask tutors for the tax form information, they don't even mention the mailing option.

[*] In each case, an Employer ID Number is also acceptable. However, most people don't have one...and if an Employer ID takes the place of an SSN I would assume it becomes as sensitive as an SSN too.

[**] In the U.S., anyone who pays an independent contractor at least that much in a given year must file a 1099 form with the tax authorities (and send the contractor a copy).

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.