Posted by Kalyani M. on Oct 30, 2013
Recently, I came across an interesting article by security researcher, Bruce Schneier titled the “ The Battle for Power on the Internet”. The article talks about the battle for power in the cyberspace between the traditional and institutional bodies like the government, and the cyber criminals (i.e. hackers). From the recent revelations about the NSA’s PRISM program, it looks like the government is winning this battle big time. The NSA has the power and resources to spy on each and every one of us. They have been successful in circumventing the majority of security controls on the web in order to gain control over Internet communications. In my previous blogs, we have seen how the government has joined hands with technology giants like Google, Apple, Facebook and other well -known companies to get access to user data that it couldn’t have accessed otherwise. Most of these companies provide information to the government, betraying their users’ trust. Besides that, the NSA also works with security vendors to understand the vulnerabilities of widely used commercial products and later exploits them for surveillance purposes.
On the other hand, cybercriminals are very quick at taking advantage of new technologies to accomplish their goals. During the early ages of the Internet, cybercriminals became more powerful because they could use this new technology to carry out cyber crimes before the government could think of a better way to use it. A new technology always benefits a hacker more than institutional powers, because the hackers are not hindered by bureaucracy or by ethics and laws. Therefore they evolve faster than the institutional powers. However when the powerful big institutions figure out a way to harness the Internet, they become even more powerful. For example “while the Syrian dissidents used Facebook to organize, the Syrian government used Facebook to identify dissidents to arrest.” We saw the launch of new iPhone 5S with fingerprint detector recently. Guess what? Two days after the smartphones went on sale, a Germany based hacker group, Chaos Computer Club (CCC) claimed that they have bypassed the fingerprint reader of iPhone 5S. The group confirmed the bypass on its website saying: “A fingerprint of the phone user, photographed from a glass surface, was enough to create a fake finger that could unlock an iPhone 5s secured with Touch ID.”
I totally agree with Schneier’s statement – “it is a battle between the quick and the strong”.
After reviewing the strengths and weaknesses of both hackers and the government, I feel that as the technology advances this battle is going to get worse. As a result, there will be more risks to the privacy of common people using the Internet. We do not have the technical ability to protect our data from government snooping, or avoid hackers from preying on us. With the rise in cloud computing we do not have the control over our data anymore, as they are stored in the servers of tech companies like Apple, Google, Microsoft and so on. From the PRISM revelations, it is clear that the government can get access to our data whenever they want by just issuing a warrant to these companies. In such a situation, what needs to be done to maintain the privacy of the users on the Internet? Firstly, the government needs to be transparent about its usage of user data. The more we learn about how our data is being handled by the government, the more we can trust that they are not abusing their authority. “Transparency and oversight give us the confidence to trust institutional powers to fight the bad side of distributed power, while still allowing the good side to flourish. For if we’re going to entrust our security to institutional powers, we need to know they will act in our interests and not abuse that power. Otherwise, democracy fails.”
Secondly, the technology companies also need to be transparent about their cooperation with the NSA in handling user data. We have seen in the past that technology companies are teaming against the NSA to publish a transparent report of user data requests made by the government. A detail report explaining what information they provided in response to National Security Letters and other government demands will help these companies in gaining the trust of their users. Also the cloud storage companies should implement strong security controls like strong passwords, longer keys or complex hash algorithms that will make it difficult for anyone to access user data.
Lastly, we as users needs to be aware of the security risks that comes with the Internet and take proper security measures to protect our data from unauthorized access.
Secure your personal data with SpiderOak
Users sometimes find that selecting a truly protected third party cloud service can be a challenge as most “secure” services on the market have glaring security gaps that leave their sensitive data wide open to third party attacks, leaks, and hacking. One rapidly expanding cloud storage and sync service that sets itself apart from the rest of the market is SpiderOak. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.
SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product now.