In this series of blogs we examine all topics under the information security umbrella. From corporate blunders to rogue state attacks to the occasional celebrity hack, we believe there is something for businesses and individuals to learn from any cyber security event. We also believe that, while experience is the best teacher, it’s even better to let other people make the mistakes for you.
If you don’t know by now, owning a smartphone is effectively your sign of consent to be monitored. I know it sounds creepy, but there is a multi-billion dollar horse-trade for the information behind the glowing screen in the palm of your hand, in your pocket, on your nightstand. Most people by now are at least aware of the data collection that tech companies rely on to build better applications (or to sell to companies who build applications) suited to capitalizing off of your personal behaviors. What maybe isn’t as obvious is that while these companies have garnered some derision for their near surveillance of their customers, they also have invested heavily in ironclad protections of that very same information. Whether you consider encryption as protecting us, the proverbial gander of golden-egg-laying geese, or not, the fact remains that tech companies have invested so much that they have surpassed the encryption and decoding prowess of even the American government’s own clandestine services.
When Encryption Is Questioned
Rewind to San Bernardino, California, last December and the horrific scene at a Department of Public Health holiday party and training event where 14 people were killed during an act of terrorism. This tragedy and the ensuing chain of investigative events that followed was an unlikely beginning of what may very well become the biggest personal privacy case in a generation. In efforts to aide the Federal Bureau of Investigation while they rushed to piece together the facts surrounding the attack, Apple had been called upon to lend their hand in tracking the attackers’ digital activities leading up to the events on December 2, 2015. Per an open letter signed by Apple CEO, Tim Cook, Apple had been sharing with the FBI all of the information or expertise available to them since the early hours of the investigation. They have since drawn the line, however, following a request by the FBI to develop a new iOS that would bypass all of the security inherent in the total catalogue of Apple products. This is where the lawyers get involved.
Big Brother or My Buddy?
Setting aside what will likely be a long, protracted legal affair between Apple and the federal government to focus on the actual importance of encryption actually can shed a new light on the topic. There is, of course, an enormous investment at stake for companies like Apple to build, strengthen, and protect their encryption technology. Not only do consumers trust that it will protect our information, everything from our banking to our personal lives, but tech companies also invest in protecting the massive amounts of data that they collect on our habits. Without trustworthy security, consumers will not rely on smartphones for the increasingly long list of services they provide, and without strong protection of our information, tech companies will lose the critical revenue stream that comes from using it to build new products.
Though popular opinion is against data collection more often than not, there is an undeniable mutual interest in protecting users of all of the wonderful technology available today. When the FBI insists on tools that would provide them unfettered access to all of our information, the looming presence of the Silicon Valley Big Brother becomes less menacing and more like the older sibling who stands up for us against a bully. Of course no one can possibly know how Apple’s stance against the FBI will unfold just yet, it is easy to say that the immediate reaction is one of a collective sigh of relief. For now, the murky world behind the curtain of exhaustive user agreements which were once vilified, seems now to be our best asset as the world of information and privacy law in the connected era is only just now beginning to be explored.
How to Protect Yourself
Barring a scenario where the government is given the ultimate skeleton key to all of the digital devices in existence, there are ways to protect your information on an ongoing basis. Companies have seen the general discomfort of consumers who don’t want to be tracked and constantly monitored and have begun to design products for that market. One of the first ways to protect yourself is to begin doing safe searches on search engines like Google’s Incognito or the lesser-known DuckDuckGo. Both of these options are ways to navigate through the internet without having to “shake a tail” from following you around. Of course, that doesn’t apply to using them while on an insecure network or if you’re at work (editor’s note, don’t just look up whatever you’re thinking about at the office, get back to work instead). There are also smartphones that offer military-grade encryption and various methods of deception to purportedly protect all of your conversations and texts. Additionally, there are ephemeral messaging systems that can erase emails and messages in a predetermined amount of time or immediately following being read.
All this aside, it pains me to have to constantly mention this, but the number one way that hackers (or federal agents) can violate your privacy is by exploiting weak passwords. Use strong password management strategies and you will be exponentially less likely to fall victim to unwanted access to your information. Absent a solid foundation of password strength, nobody needs help from Silicon Valley to see what you’ve been up to. Remember that next time you consider using your pet’s name for a password.
Stay safe out there, and remember to protect ya neck!