Vulnerabilities Revealed Amidst Digital ‘Arms Race’

2016-06-15-digtial arms race

Although encrypted data has reportedly not yet posed a problem for investigators in the Orlando killing spree case, that didn’t stop early media speculation that the investigation could reignite high-profile battles over data security.

Earlier this year, Apple and the Federal Bureau of Investigation got into a fight over security features on a phone related to the San Bernardino shooting that killed 14 people, and Apple’s refusal to help the FBI unlock the phone. This week, Apple announced a new security and encryption feature for its devices, although the tech company was criticized for not making the encryption feature a default setting, and also because it’s unclear whether the source code will be made public.

In the San Bernardino case, the FBI said it ended up hiring third party hackers to break into the supposedly-ironclad iPhone, ending further court proceedings on the matter. Apple’s latest announcement appears to be a direct response to that embarrassment. This escalating encryption “arms race” has received considerable media attention.

Many privacy advocates sided with Apple in the San Bernardino case. Though the inclination towards Apple’s privacy-related arguments is understandable, however, it is also clear that Apple pursued the course it did largely for public relations reasons, and headlines this week provide sobering reminders of why it is important to remain skeptical about the motives and capabilities of both business and government.

As the Financial Times reports, Microsoft’s recent deal to buy professional networking platform LinkedIn for more than $26 billion works out to about $60 per LinkedIn user – what seems on its face to be an astronomical price. But Microsoft is buying much more than LinkedIn’s social media brand recognition.

“Apart from data about every member’s career and background, Microsoft gains knowledge of the network of executives and professionals they know — what sociologists would call their ‘weak ties’ and LinkedIn calls ‘the economic graph,'” the Times reports. “It amounts to a hoard of data to be mined for advertisers and licensed to marketers so that salespeople can pitch to potential buyers.”

This perhaps provides a clearer picture of the value that the biggest tech companies really place on their customers’ data and privacy.

As Apple announces its new encryption, meanwhile, new details are also coming to light about why the National Security Agency couldn’t simply give the FBI what it needed or crack the San Bernardino shooter’s iPhone for the bureau in the first place.

“We don’t do every phone, every variation of phone,” NSA deputy director Richard Ledgett reportedly said last week. “If we don’t have a bad guy who’s using it, we don’t do that.” Ledgett reportedly claimed that the agency doesn’t have the money or resources to do things like figure out how to hack the most popular phone in America (and China). Given the range of technologies the agency has developed, and the clear use it would have for being able to break into iPhones, this claim is hard to believe.

Nevertheless, it’s clear that government cyber initiatives, both offensive and defensive, have often fallen short. As hacking revelations continue, a report released today reveals in detail the workings of a market for access to more than 70,000 compromised servers – for sale for as low as $6 in some cases. This includes both corporate and government servers from 173 countries, including nearly 1,400 in the U.S.

Indeed, as the national privacy debate focuses on encryption vs. law-enforcement access to devices, fueling a so-called arms race, it is worth stopping to consider the inherent risks of electronic communication, despite the reassurances from companies that they are protective of privacy, or claims from shadowy government agencies as to what they can and cannot access.

In contrast to this metaphorical arms race, our former opponent in the last literal one is taking a different approach. In Russia, the Snowden revelations have reportedly led to greater reliance on paper records and a reversion to using typewriters.

In his article on the LinkedIn sale, Financial Times columnist John Gapper points out that business cards, which have never gone out of style, serve the same role as LinkedIn, without the dangers involved in handing over personal data to tech companies. As various parties who claim to benevolently protect our digital records continue to be exposed as ultimately self-interested and incompetent, we might be wise to consider this perspective, and to learn from the Russians.

“From the point of view of ensuring security, any form of electronic communication is vulnerable,” Nikolai Kovalev, a Russian member of parliament and former head of the Federal Security Service, reportedly said shortly after the Snowden revelations.

“Any information can be taken from computers,” Kovalev said. “Of course there exists means of protection, but there is no 100% guarantee that they will work. So from the point of view of keeping secrets, the most primitive method is preferred: a human hand with a pen or a typewriter.”

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s