What you'll find below are some of the best articles on data and privacy that were shared in the CTOdaily newsletter in 2018.
For more content like this delivered right to your inbox, head to buckhamduffy.com/subscribe.
In this piece, renowned hacker Kevin Mitnick explains how to be a secure netizen in the age of big data and mass surveillance. From encryption to metadata, Kevin explains and explores how you can navigate the net securely and maintain anonymity.
A Virtual Private Network (VPN) allows you to create a secure connection to another network over the Internet. VPNs can be used to access region-restricted websites, shield your browsing activity from prying eyes on public Wi-Fi, and more. They present a paradox, though. "Sure, it helps you hide from some forms of surveillance, like your internet service provider's snooping and eavesdroppers on your local network. But it leaves you vulnerable to a different, equally powerful spy: Whoever controls the VPN server you're routing all your traffic through." To help fix this problem, "Jigsaw, the Alphabet-owned Google sibling that serves as a human rights-focused tech incubator, will now offer VPN software that you can easily set up on your own server—or at least, one you set up yourself, and control in the cloud. And unlike older homebrew VPN code, Jigsaw says it's focused on making the setup and hosting of that server simple enough that even small, less savvy organizations or even individual users can do it in minutes."
Cambridge Analytica made headlines for a number of reasons. One of the more important ones is how they used research-backed personality traits to target adverts on the Facebook platform more effectively. "The American Psychological Association defines personality as “individual differences in characteristic patterns of thinking, feeling, and behaving.” Scientists have believed for centuries that humans have a mix of traits that determine the way individuals interpret the world and how they subsequently behave. Studies of identical and fraternal twins suggest that about 40 to 50% of our personalities can be attributed to our genes." The "theory is that if you can match the tone and framing of the communications or marketing with the personality profiles and thinking styles of potential customers, patients, voters, or those whose behaviour you’d like to change, you can boost effectiveness." Check out the article to find out how you can use knowledge of these personality traits to improve your marketing efforts. Here's a link to the literature review on personality traits in marketing.
A little over a a week ago, European researchers discovered something rather worrying about the security of emails. They "showed that encrypting (and therefore private and secure) email is not only hard to do, but might be impossible in any practical way, because of what email is at its core." This is at the center of the issue of "why email itself is the main way we get hacked, robbed, and violated online." While email has changed substantially since its inception a few decades ago, the foundations upon which the developments of email services today rest upon shaky foundations. I highly recommend checking out the full piece linked above - it's a fascinating insight into one of the core communication technologies that has shaped the world.
Encrypted messaging is becoming more widespread and you should probably be using it. The data that is sent across the net by companies like WhatsApp and Signal is rendered to be gobbledygook by encryption, so no one but the intended recipient can decipher what the message is -- even owners of the platforms themselves. It's not a magic privacy bullet, however. There's the obvious issue of you needing to trust the recipient of the information. Syncing access to these messages across multiple devices also increases the risk of your information getting into the wrong hands. "Relying solely on these encrypted messaging tools without considering how they work, and without adding other, additional protections, leaves some paths exposed."
Facial recognition is everywhere. Now that the millions of cameras that line the streets, shopping malls and other public spaces have the capacity to be empowered with AI, issues of privacy are all too pressing. There are a number of good arguments for using facial recognition technology in public spaces... but, intuitively, it seems as though there should be some restrictions placed on how, where and when should this technology be used. If that's the case, what should they be and why? The piece linked above tries to answer some of these questions. It features a number of technologists' opinions on the regulation of facial recognition technologies. With China moving quickly ahead with the deployment of its national Social Credit System and facial recognition technologies being a big part of it, as well as the rapid increases in the efficacy of AI and machine learning, these are questions we need to answer sooner rather than later.
The 'Five-Eyes' group of nations -- the US, UK, Canada, Australia and New Zealand -- demanded in a recent memo that technology providers “create customized solutions, tailored to their individual system architectures that are capable of meeting lawful access requirements.” What is meant by 'lawful access requirements' basically means an encryption backdoor, which would give these countries access to the encrypted communications of their citizens (and most likely citizens from other countries as well). Apps like WhatsApp employ end-to-end encryption which only allows the sender and receiver of a message to view the contents of a message. Not even the companies providing the service can access the original messages. The rationale behind this move is to try and stop these security technologies from hindering criminal investigations and help protect national security. The move to try build in backdoors is not without its critics. Security researchers have "long said there’s no mathematical or workable way to create a 'secure backdoor' that isn’t also susceptible to attack by hackers, and widely derided any backdoor effort."
It’s time to talk about who can access your digital genomic data - The Conversation
Is your DNA data yours? Don't be so sure. You can get your genome sequenced pretty cheaply nowadays. But what if that information got in the hands of your insurance provider, or the law? This piece poses some interesting questions we will have to grapple with in the near future.