Vulnerabilities / Threats
12/30/2013
10:00 AM
Martin Lee
Martin Lee
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
100%
0%

Security, Privacy & The Democratization Of Data

Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?

Fifty-one years ago President Kennedy shocked the world when he revealed reconnaissance photos of Soviet missile launch sites in Cuba. Today, I can browse satellite images of the same locations from the comfort of my sofa on Google Earth. This once top secret capability has become democratized and available to all. At some point, today's top secret technology will also be accessible from your sofa.

In the same way that few people use Google Earth to search for Cuban missile bases, the average citizen is unlikely to be concerned with identifying enemies of the state. However, the digital, networked world makes it increasingly difficult for us to keep track of the trustworthiness of people that we may need to rely on. This human need to know someone's reputation is very relevant in a networked world, in which we may never meet our closest collaborators, and may provide a strong impetus to drive the creation of a democratized data gathering system.

In retrospect, the forces that drove the democratization of satellite imagery are clear: the development of digital camera technology, the development of privatized satellite launches, and the development of the Internet to deliver images to users.

The View From The Top
(Source: Norman Kuring, NASA/GSFC/Suomi NPP)

Democratizing forces are still acting to make information available that is currently restricted to government agencies. Satellite navigation systems were once available only to deliver high explosives with high accuracy. Now they are to be found in almost every phone, delivering people with high accuracy to unfamiliar addresses. Similarly databases were once costly systems running on costly hardware available only to clients with the deepest pockets. Now, open source database software can be downloaded by anyone and run on the cheapest low-end desktop.

With some thought we can discern some of the long-term forces that are currently in play.

  • Data storage costs are decreasing year on year, allowing us to store quantities of data that were previously unthinkable.
  • Tools are becoming available that can store and make sense of these increasing amounts of data, such as Hadoop and Splunk.
  • As the Internet continues to develop, more information will become publically available for analysis, and the resulting analyses will be freely shared. Hence, the data gathering, analysis and storage abilities that previously required dedicated government ministries and major investments in hardware, will step-by-step become available to all.

Who do you trust?
In our ancestors’ villages everyone knew everyone else. The whole village knew who was trustworthy and who was not, who was skillful and who was not. If you needed someone to help you with a task, you knew who to turn to. As digital technology shrinks the world to make a global village, keeping track of others' reputation becomes tricky. With so many people to keep track of, the task becomes too much for our human capacities. Yet to collaborate in a digital world we need to be able to judge if we can trust a potential collaborator -- even if we will never physically meet them.

As governments implement systems to keep track of individuals to estimate if they are a risk to national security, we can envisage how this technology will become democratized. We can imagine systems that keep track of others' reputation to determine if they pose a risk to us through violence or fraud, if they are likely to assist us to help us achieve our goals, or if we are likely to be able to help them achieve their goals.

In a similar way as our ancestors' reputation spread within their villages, our digital reputations will be known to all. A reputation is likely to encompass the knowledge that we hold, our past deeds, the reputation of those with whom we keep company, and the opinions that others hold of us. Comprehensibly gathering such information and keeping the data accurate is within the reach of nation states, and before too long will be within the reach of private citizens.

We can already see antecedents of such functionality in the like button of Facebook, the recommendation system of Linkedin, or the crowd-sourced recommendations supplied by TripAdvisor. Our peers are able to show their approval or disapproval of our actions and display their judgements of us for others to see. We may choose to keep certain aspects of our life private, but we cannot keep private our public deeds and achievements, nor can we keep private the opinions that others may hold of us.

The changes brought by technology create many challenges for society and our individual need to manage our relationships with others. Conversely, the lack of knowledge about an individual's reputation exposes us to danger, such as fraud or engaging in personal or professional relationships that might do us harm.

The good news is that just as technology exposes us to these problems, it can also bring solutions. Governments are investing in vast data-gathering systems to identify individuals who pose a risk to society. The march of technology suggests that these systems that only governments possess today will be available to all of us in the future. In a global, digital village, reputation, integrity, and honor will be everything. As we begin the new year, it’s time to ensure that our digital reputation reflects upon us well.

Martin Lee is the technical lead for Cisco’s  Threat Research, Analysis, and Communications (TRAC) Team.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Li Tan
50%
50%
Li Tan,
User Rank: Apprentice
1/3/2014 | 3:39:16 AM
Re: Reputation Management
This fact holds true across different races and tribal groups. It's quite common in China as well - the people build the rudimentary mutual trust from traditional ancestral relationships. The people living around the same community become a kind of gang. This is not common in modern cities nowadays but still holds true in those rural area and small villages.
byock981
50%
50%
byock981,
User Rank: Apprentice
1/2/2014 | 8:56:22 PM
Controlling our online reputation profile?
In addition to democratization of data another reason it is easy for governments, companies and other citizens to form these "reputation profiles" is because we do not currently have great ways of controlling our online presence.  The Internet2 Scaleable Privacy Project is attempting to help citizens protect their privacy and strength the nations identity ecosystem.  It is attempting to put the "Informed" into Informed Consent with creation of privacy manager tools.  With these types of privacy manager tools our reputation profiles will become more targeted and relevant depending on the context of our digital interactions.  Without them I worry our digital interactions will be mis-understood and hence our reputations tarnished. 
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/2/2014 | 10:54:00 AM
Re: Reputation Management
That doesn't surprise me. My husband is a financial investigator who works for an arm of the judicial system that investigates white collar crime by lawyers against clients. He sees a lot of cases that exploit that tribal mentality of trust, where "no one  in my (fill in ethnic group) would take advantage of me or steal from me." 

 
MartinL923
50%
50%
MartinL923,
User Rank: Apprentice
1/2/2014 | 10:34:52 AM
Re: Reputation Management
Marilyn: A few years ago I had the honour of conversing with a law enforcement officer who was investigating a gang of internet fraudsters. The gang only recruited members from a specific ethnic group who spoke a particular dialect and whose family origin could be verified. This made infiltration  by law enforcement almost impossible since their reliance on tribal ties facilitated the detection of imposters. Even in this day and age, internet fraudsters abusing the global village rely on their ancestral villages to filter out imposters.

Martin Lee
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
1/2/2014 | 10:09:47 AM
Re: Reputation Management
I really like the comparison between our ancestral village and today's connected global village. Back in the day when people knew each other because they lived next door, or went to the same school, or were related through marriage and family friendships that crossed generations, reputations were well known and frequently entrenched and hard to change when they were wrong). Today many of our personal and professional relationships start with email or social media: a resume to a prospective employer, a response to a rental listing on Craigslist,  a comment on a product review.

While it is fairly easy undertake a rudimentary reputation check through LinkedIn, Facebook Google, etc. the con artists, predators and bullies are expert at creating attractive --and false -- public personas. So in addition to making sure our personal digital reputation is, like Caesar's wife, above reproach. We must also make sure that those we encounter in our virtual village are who they say they are. 
WKash
50%
50%
WKash,
User Rank: Apprentice
1/2/2014 | 10:03:59 AM
Re: Reputation Management
 
Rate It
50%
50%
 

MartinL923 

MatiniL923, I agree. It's worth noting how safety regulations evolved in the auto industry and with the likes of Underwriters Laboratory. It's not a perfect example, I know, since flaws in software and online systems don't kill people. But there is an argument that people need more safeguards and resources to protect themselves in cyberspace than the commercial market currently provides them.  
MartinL923
50%
50%
MartinL923,
User Rank: Apprentice
1/2/2014 | 4:55:13 AM
Re: Reputation Management
Every advance has its disadvantages too. Your comments are entirely correct. Unfortunately the remedies for the downsides of inventions tend to lag. We're still trying to come up with ways to remedy many of the unforeseen consequences of the Internet, the importance of security being one of these. I'm sure that our future successors will wonder at how we could possibly work and live without invention X that solves problem Y which currently plagues our existence. The good news is that fame and hopefully fortune awaits the person who does invent and build the tools that will help us solve these issues.
WKash
100%
0%
WKash,
User Rank: Apprentice
12/31/2013 | 1:12:30 PM
Reputation Management
The democratization of digital tools may be make it easier to assess the reputation of individuals and businesses, but it also creates new opportunities for abuses that we're not yet fully equipped to deal with. One of the sad undercurrents of this digital democratization is the amount of social media trashing and abuse being inflicted today on teens by their peers -- sometimes with tragic effect.  Then there are the challenges of setting the records straight after having your digital identity stolen.  In both cases, reputations can be completely and wronglfully compromised. Yet we still lack the tools needed to help individuals recover quickly when the digital ill-will of others strikes us or our kids.
asksqn
100%
0%
asksqn,
User Rank: Ninja
12/30/2013 | 11:20:49 PM
Hot diggety
Imagine the day when Americans are able to browse the vast digital dossiers kept on us by the NSA.
MartinL923
50%
50%
MartinL923,
User Rank: Apprentice
12/30/2013 | 5:55:07 PM
Re: Reputation Management
I agree entirely. I think as the world got bigger doing that due diligence became more difficult. However I suspect that technology advances are going to make following someone's history a whole lot easier.
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3580
Published: 2014-12-18
The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x before 1.7.19 and 1.8.x before 1.8.11 allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) via a REPORT request for a resource that does not exist.

CVE-2014-4801
Published: 2014-12-18
Cross-site scripting (XSS) vulnerability in IBM Rational Quality Manager 2.x through 2.0.1.1, 3.x before 3.0.1.6 iFix 4, 4.x before 4.0.7 iFix 2, and 5.x before 5.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

CVE-2014-6076
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allow remote attackers to conduct clickjacking attacks via a crafted web site.

CVE-2014-6077
Published: 2014-12-18
Cross-site request forgery (CSRF) vulnerability in IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

CVE-2014-6078
Published: 2014-12-18
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.