Vulnerabilities / Threats
12/30/2013
10:00 AM
Martin Lee
Martin Lee
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
100%
0%

Security, Privacy & The Democratization Of Data

Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?

Fifty-one years ago President Kennedy shocked the world when he revealed reconnaissance photos of Soviet missile launch sites in Cuba. Today, I can browse satellite images of the same locations from the comfort of my sofa on Google Earth. This once top secret capability has become democratized and available to all. At some point, today's top secret technology will also be accessible from your sofa.

In the same way that few people use Google Earth to search for Cuban missile bases, the average citizen is unlikely to be concerned with identifying enemies of the state. However, the digital, networked world makes it increasingly difficult for us to keep track of the trustworthiness of people that we may need to rely on. This human need to know someone's reputation is very relevant in a networked world, in which we may never meet our closest collaborators, and may provide a strong impetus to drive the creation of a democratized data gathering system.

In retrospect, the forces that drove the democratization of satellite imagery are clear: the development of digital camera technology, the development of privatized satellite launches, and the development of the Internet to deliver images to users.

The View From The Top
(Source: Norman Kuring, NASA/GSFC/Suomi NPP)

Democratizing forces are still acting to make information available that is currently restricted to government agencies. Satellite navigation systems were once available only to deliver high explosives with high accuracy. Now they are to be found in almost every phone, delivering people with high accuracy to unfamiliar addresses. Similarly databases were once costly systems running on costly hardware available only to clients with the deepest pockets. Now, open source database software can be downloaded by anyone and run on the cheapest low-end desktop.

With some thought we can discern some of the long-term forces that are currently in play.

  • Data storage costs are decreasing year on year, allowing us to store quantities of data that were previously unthinkable.
  • Tools are becoming available that can store and make sense of these increasing amounts of data, such as Hadoop and Splunk.
  • As the Internet continues to develop, more information will become publically available for analysis, and the resulting analyses will be freely shared. Hence, the data gathering, analysis and storage abilities that previously required dedicated government ministries and major investments in hardware, will step-by-step become available to all.

Who do you trust?
In our ancestors’ villages everyone knew everyone else. The whole village knew who was trustworthy and who was not, who was skillful and who was not. If you needed someone to help you with a task, you knew who to turn to. As digital technology shrinks the world to make a global village, keeping track of others' reputation becomes tricky. With so many people to keep track of, the task becomes too much for our human capacities. Yet to collaborate in a digital world we need to be able to judge if we can trust a potential collaborator -- even if we will never physically meet them.

As governments implement systems to keep track of individuals to estimate if they are a risk to national security, we can envisage how this technology will become democratized. We can imagine systems that keep track of others' reputation to determine if they pose a risk to us through violence or fraud, if they are likely to assist us to help us achieve our goals, or if we are likely to be able to help them achieve their goals.

In a similar way as our ancestors' reputation spread within their villages, our digital reputations will be known to all. A reputation is likely to encompass the knowledge that we hold, our past deeds, the reputation of those with whom we keep company, and the opinions that others hold of us. Comprehensibly gathering such information and keeping the data accurate is within the reach of nation states, and before too long will be within the reach of private citizens.

We can already see antecedents of such functionality in the like button of Facebook, the recommendation system of Linkedin, or the crowd-sourced recommendations supplied by TripAdvisor. Our peers are able to show their approval or disapproval of our actions and display their judgements of us for others to see. We may choose to keep certain aspects of our life private, but we cannot keep private our public deeds and achievements, nor can we keep private the opinions that others may hold of us.

The changes brought by technology create many challenges for society and our individual need to manage our relationships with others. Conversely, the lack of knowledge about an individual's reputation exposes us to danger, such as fraud or engaging in personal or professional relationships that might do us harm.

The good news is that just as technology exposes us to these problems, it can also bring solutions. Governments are investing in vast data-gathering systems to identify individuals who pose a risk to society. The march of technology suggests that these systems that only governments possess today will be available to all of us in the future. In a global, digital village, reputation, integrity, and honor will be everything. As we begin the new year, it’s time to ensure that our digital reputation reflects upon us well.

Martin Lee is the technical lead for Cisco’s  Threat Research, Analysis, and Communications (TRAC) Team.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
RobPreston
100%
0%
RobPreston,
User Rank: Apprentice
12/30/2013 | 2:45:54 PM
Reputation Management
Lack of knowledge about an individual's or company's reputation exposes us to no more danger in a digital world than it did in a non-digital world. In the non-digital world, you did background checks, you asked for references, you relied on trusted brands and companies, you lived by the premise that if something sounds too good to be true it probably is. The problem today is people don't do their homework on the many more people/companies/offers that come their way digitally. Do your homework--using reputation-management tools or not. Limit your exposure.

 
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-3518
Published: 2014-07-22
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to exec...

CVE-2014-3530
Published: 2014-07-22
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.