Vulnerabilities / Threats
12/30/2013
10:00 AM
Martin Lee
Martin Lee
Commentary
Connect Directly
LinkedIn
Twitter
RSS
E-Mail
100%
0%

Security, Privacy & The Democratization Of Data

Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?

Fifty-one years ago President Kennedy shocked the world when he revealed reconnaissance photos of Soviet missile launch sites in Cuba. Today, I can browse satellite images of the same locations from the comfort of my sofa on Google Earth. This once top secret capability has become democratized and available to all. At some point, today's top secret technology will also be accessible from your sofa.

In the same way that few people use Google Earth to search for Cuban missile bases, the average citizen is unlikely to be concerned with identifying enemies of the state. However, the digital, networked world makes it increasingly difficult for us to keep track of the trustworthiness of people that we may need to rely on. This human need to know someone's reputation is very relevant in a networked world, in which we may never meet our closest collaborators, and may provide a strong impetus to drive the creation of a democratized data gathering system.

In retrospect, the forces that drove the democratization of satellite imagery are clear: the development of digital camera technology, the development of privatized satellite launches, and the development of the Internet to deliver images to users.

The View From The Top
(Source: Norman Kuring, NASA/GSFC/Suomi NPP)

Democratizing forces are still acting to make information available that is currently restricted to government agencies. Satellite navigation systems were once available only to deliver high explosives with high accuracy. Now they are to be found in almost every phone, delivering people with high accuracy to unfamiliar addresses. Similarly databases were once costly systems running on costly hardware available only to clients with the deepest pockets. Now, open source database software can be downloaded by anyone and run on the cheapest low-end desktop.

With some thought we can discern some of the long-term forces that are currently in play.

  • Data storage costs are decreasing year on year, allowing us to store quantities of data that were previously unthinkable.
  • Tools are becoming available that can store and make sense of these increasing amounts of data, such as Hadoop and Splunk.
  • As the Internet continues to develop, more information will become publically available for analysis, and the resulting analyses will be freely shared. Hence, the data gathering, analysis and storage abilities that previously required dedicated government ministries and major investments in hardware, will step-by-step become available to all.

Who do you trust?
In our ancestors’ villages everyone knew everyone else. The whole village knew who was trustworthy and who was not, who was skillful and who was not. If you needed someone to help you with a task, you knew who to turn to. As digital technology shrinks the world to make a global village, keeping track of others' reputation becomes tricky. With so many people to keep track of, the task becomes too much for our human capacities. Yet to collaborate in a digital world we need to be able to judge if we can trust a potential collaborator -- even if we will never physically meet them.

As governments implement systems to keep track of individuals to estimate if they are a risk to national security, we can envisage how this technology will become democratized. We can imagine systems that keep track of others' reputation to determine if they pose a risk to us through violence or fraud, if they are likely to assist us to help us achieve our goals, or if we are likely to be able to help them achieve their goals.

In a similar way as our ancestors' reputation spread within their villages, our digital reputations will be known to all. A reputation is likely to encompass the knowledge that we hold, our past deeds, the reputation of those with whom we keep company, and the opinions that others hold of us. Comprehensibly gathering such information and keeping the data accurate is within the reach of nation states, and before too long will be within the reach of private citizens.

We can already see antecedents of such functionality in the like button of Facebook, the recommendation system of Linkedin, or the crowd-sourced recommendations supplied by TripAdvisor. Our peers are able to show their approval or disapproval of our actions and display their judgements of us for others to see. We may choose to keep certain aspects of our life private, but we cannot keep private our public deeds and achievements, nor can we keep private the opinions that others may hold of us.

The changes brought by technology create many challenges for society and our individual need to manage our relationships with others. Conversely, the lack of knowledge about an individual's reputation exposes us to danger, such as fraud or engaging in personal or professional relationships that might do us harm.

The good news is that just as technology exposes us to these problems, it can also bring solutions. Governments are investing in vast data-gathering systems to identify individuals who pose a risk to society. The march of technology suggests that these systems that only governments possess today will be available to all of us in the future. In a global, digital village, reputation, integrity, and honor will be everything. As we begin the new year, it’s time to ensure that our digital reputation reflects upon us well.

Martin Lee is the technical lead for Cisco’s  Threat Research, Analysis, and Communications (TRAC) Team.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
<<   <   Page 2 / 2
RobPreston
100%
0%
RobPreston,
User Rank: Apprentice
12/30/2013 | 2:45:54 PM
Reputation Management
Lack of knowledge about an individual's or company's reputation exposes us to no more danger in a digital world than it did in a non-digital world. In the non-digital world, you did background checks, you asked for references, you relied on trusted brands and companies, you lived by the premise that if something sounds too good to be true it probably is. The problem today is people don't do their homework on the many more people/companies/offers that come their way digitally. Do your homework--using reputation-management tools or not. Limit your exposure.

 
<<   <   Page 2 / 2
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

CVE-2014-7142
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?