Reining in the Data ITAG tech360 Penn State Great Valley 2015
-
Upload
andrew-schwabe -
Category
Internet
-
view
142 -
download
0
Transcript of Reining in the Data ITAG tech360 Penn State Great Valley 2015
Reining In The Data
The Social Impacts of the Privacy
Crisis In the Post-Snowden Era
ITAG 2015 Andrew Schwabe
A Copy of this Presentation
• Will be shared via twitter:
– Follow me at @aschwabe
• Posted on my blog: PainInTheApps.com
Background
• Hacker Entrepreneur
• 20 yrs in Encryption + Data Security
• Big Data, Mobile, Privacy focus now
• Assisted FBI for online predator hunts
• Founder of Point.io
• Founder + CEO of Formatic.ly
• Privacy + OSS Advocate
• Just Launched in 2015!
• Behavioral Analytics + Smarter Engagement
for web and mobile forms!
• See us at ‘Innovation in the Region’ @ 3:30
• http://formatic.ly
Ignorance *was* bliss
• A smartphone was just a phone with
email and junk and stuff
• We didn’t care if our kids uploaded pictures and shared
where they were during the day (every day?)
• We didn’t think twice about emailing sensitive or
private stuff to ourselves or friends, even in gmail…
and stealing your secrets…
…took effort and some paper moon trickery…
<Cthon98> hey, if you type in your pw, it will show as stars
<Cthon98> ********* see!<AzureDiamond> hunter2<AzureDiamond> doesnt look like stars to me<Cthon98> <AzureDiamond> *******<Cthon98> thats what I see<AzureDiamond> oh, really?<Cthon98> Absolutely…<AzureDiamond> oh, ok.
So What Happened???
• Mobile devices got powerful and complex
• Social media exploded onto the scene
• Consumerization of IT
• … and we didn’t know what was going on…
The Privacy Crisis
• We can at least be concerned that the NSA
have cracked and monitor:
– SSL (HTTPS) website activity
– RSA encryption certificates (public/private keys)
– 4G mobile networks (voice and data)
– VoIP voice services
– And any websites/etc. that use the above
NSA security coverage
• Means that they *can* (not will)
hack/monitor most of the services we rely on
daily
• These all use the same core security tech
Anonymous Networks Compromised
• Kremlin put out a bounty for info
to hack TOR
• Gov’t / law enforcement compromised
portions of the TOR network late 2014.
Facts:
• Hacking incidents are here to stay.
• You are never truly anonymous.
• Adapt or be a continual victim.
Data creation explosion
We are creating huge
amounts of digital
content, much of
which lives longer in
the cloud than we
intended or have use
for.
Apps that are helping
• Snapchat
• Wickr
• Spideroak
• All focused on being a “place” where your
stuff is secure
, sort of
, sort of
Ephemeral
• What does it mean?
• Origin: greek word “ephĕmeros”
• “lasting for a very short time”
• The new “bucket” for technology that
manages the life of digital content
How does it help
• Personal privacy
• Corporate Risk
• Facebook vs snapchat models
• The opposite of Big Data ?
Is it enough?
• The concept is still new
• People are building “apps” more than broad
sweeping “solutions”
• It doesn’t address the issue of being
monitored/collected by NSA/Others
Is Anonymity The Answer?
• Can communication really be anonymous ?
• Only available for *some* activity online
• Whistleblowers – do we want to enable
WikiLeaks and Snowdens ?
• But isn’t true anonymity the….
Tools exist for anonymity
• “Leak” website lets you send untrackable anonymous emails.
– Inappropriate emails anybody ?
– Harrassment, abuse ?
• Tor lets you encrypt your web traffic and make you difficult to track
– Porn and pirated content
• Bitcoin exists to keep the banks out of your financial dealings
– Silk Road. BUSTED.
• Wickr has been spotted being used to sell/traffic illegal drugs
But Still Enable Naughty Activity
• Gov’ts around the world cracking down on
porn and sex trafficking
• FBI Infecting Tor users with Malware
• Google and Microsoft scan emails, etc. and
report questionable content to authorities
• Evil begets evil
Accountability
• There is no way to make everybody behave
• As a global society we need new ways to
encourage law abiding netizens
OMG I’m Scared
• What should I do?
– Know the risks
– Use technologies to
protect yourself
– Don’t associate with those who don’t behave
Parents:
• Do you know what your kids are doing ?
– Multiple email addresses / facebook profiles ?
– Ephemeral and anonymous mobile apps
– Its too easy to share pictures and photos
What we need (the Future?)
• Smarter users, and smarter parents
• Anonymous peer validation for data integrity
• Anonymous submissions to known entities
only for whistleblowing
• Social content stays social and never collected
for “Big Data”
In Summary
• We are in a new era
• Keep Calm
• Stay Educated
• Don’t Share unless you know the risks
• Use the right tech for your security/privacy needs
For Some Fun Reading
• “Cryptonomicon” by Neal Stephenson
– A futuristic take on:
– Underground Data Haven
– Anonymous Internet Banking
– Digital Gold Currency