Sunday, December 04, 2011

Cyber security in headlines again

Cyber security has filled the technology news headlines over the last week. There were heightened concerns after WikiLeaks founder Julian Assange told smartphone and email users they were "all screwed", and that there were companies openly selling software that allows users to change SMS content, track mobile device locations and steal email contacts of targeted individuals [AP / ZDNet / Register].

The revelations were published on The Spyfiles a relaunch of the Wikileaks website which shut down last month over funding issues. While some people may not be unduly concerned by the claims, it may ring alarm bells in some quarters where privacy and secrecy is an issue.

IP threat

"International surveillance companies are based in the more technologically sophisticated countries, and they sell their technology on to every country of the world. This industry is, in practice, unregulated," Wikileaks said in a statement.

Governments have been spying on its citizens and other countries for years, but the open availability of such technology may open a bigger can of worms. Companies arre finding it increasingly difficult to retain their grip on intellectual property, or IP.

For years some countries have churned out fake copies of Gucci handbags, Adidas clothing and other name-brand products. Despite continued protests by the companies concerned, the practices continue. At the Silk Market department store in Beijing fake brand labels are openly on display despite claims by authorities they are cleaning up the practice. Items of clothing, such as Abercrombe, Adidas, North Face and Columbia, are often available at a tenth of the price the real item would cost. And given such items are made in China anyway, many suspect they are coming from the same factory but are passing out the backdoor.


It is possible that while security might be tight at the many factories manufacturing items such as the Apple iPhone, here too backdoors might exist where key components slip out.

The fake electronics market has grown significantly in China and across Asia as a whole in the last few years. Shanzhai [山寨] products as they are known in China, are very easily available and some are so well made there is often concern amongst consumers who opt to purchasing the real thing.

In fact of the 1.15 billion cell phones sold worldwide in 2007, according to data provided by the Chinese government, 150 million "Shanzhai" cell phones were sold in the same year, accounting for more than one tenth of global sales.

With China now the largest smartphone market, the number of Shanzhai phones is likely to rise [Mashable]. At Zhongguancun, a technology market in Beijing, retailers are far from shy in offering customers counterfeit products. On enquiring about the price of a Samsung Galaxy tablet one retailer gave tvnewswatch two prices. "What one do you want, the real or the fake?" he asked. The real Samsung Galaxy Tablet retailed at 3,750 RMB [£350 / $577] the fake at 2,750 RMB [£257 / $423]. In the UK the device retails at £399, though it can be obtained for free on a 24 month contract [giving 2GB data p/m] of £32 with some mobile carriers. 

With the very real prospect that company data is less secure, the theft of intellectual property is likely to rise and with it the manufacture of more counterfeit products.

Personal privacy

The risks to personal privacy may also concern some individuals too. Criminal networks are just as likely to be interested in building up a database of individuals as states and governments.

Such a data base of information can be used for identity theft, which may lead in turn to financial implications for the individuals concerned.

But it isn't just hackers and unscrupulous organisation that are responsible for delving into people's data and passing it on. This week Facebook was once again in the news for breaking promises over privacy.

The world's largest social network this week settled a complaint with the US Federal Trade Commission over its privacy policies. Facebook, which has more than 800 million users, agreed to change the way it uses and shares personal information with the public and advertisers.

Facebook failed users

A change in privacy settings in 2009 allowed the company to publicize user data such as age, gender, picture and location. This caused a wave of complaints that resulted in the FTC settlement claiming that Facebook failed to keep its privacy promises.

Facebook had also claimed that once an account was deactivated the content, information, pictures and video within it would not be accessible when in fact it was. It also claimed to have a "verified apps" policy to ensure third-party applications were secure when it did not, and it told users that their data would not be shared with advertisers when that too was false. In fact it is claimed such information was usually shared without the consent of the customer.

Under the proposed settlement, Facebook would not be allowed to make changes to its policies regarding the use of personal data without seeking approval from its members, something it promised to do from the start. The company must also obtain periodic reviews of its privacy policies by independent auditors for the next 20 years.

This week's settlement is part of a broader US government push to hold companies more accountable and increase transparency over the collection of personal information [FT].

For Facebook it is part of an effort to resolve legal issues before its long-awaited initial public offering in the first half of 2012. The company is considering valuing itself at $100 billion and raising $10 billion from the IPO. The public offering would be the largest by any technology or Internet company. Google's 2004 IPO of $1.9 billion valued the company at $23 billion when it passed 500 shareholders [FT].

Google also criticized

Google too has worried privacy advocates. When it launched Google Buzz in February 2010 the company faced much criticism over its failure to address certain privacy concerns. Buzz enabled users to choose to share links, photos, videos, status messages and comments publicly with the world or privately to a group of friends, The posts would be displayed in a timeline accessible via a users Gmail account.

One feature in particular that was widely criticized as a severe privacy flaw was that by default Google Buzz publicly disclosed, on a user's Google profile, a list of the names of Gmail contacts that the user had most frequently emailed or chatted with. Users who failed to disable this feature, or failed to realize that they had to, could have revealed sensitive information about themselves and their contacts. This was later adjusted so that users had to explicitly add information that they wanted to be public. But a little over 18 months later Google Buzz was retired as the search giant attempted to entice people into its new social media venture, Google+.

Risks of sharing

While all these social media tools are undoubtedly fun to use, and bring many benefits, there are growing concerns over how much people are revealing about themselves.

And while a user may reveal only a little about themselves on one social network such as Twitter, they may divulge much more in Facebook or LinkedIn which are seen as more private, secure or selective, in terms of whom data is shared.

As people use the Internet increasing to search for employment the amount of data which a job seeker might post online could be extensive. Of course data can be secured and hidden from public search, but in so doing it may also be hidden from potential employers. A LinkedIn profile can be reduced to just a few lines in a public search if desired, making only the full profile available to linked users. But in so doing, an employer may simply browse past the otherwise qualified candidate.

'Friends' or not

Facebook is of course a different type of network, which may contain information which one would likely only share with friends rather than potential or actual employers. But casual accepting of so-called friends on Facebook can lead to awkward issues concerning privacy. After all some 'Friends' are indeed real friends, perhaps people one has known for many years. There are others who are merely acquaintances, people one may have just met in the past or even via other social networking sites.

Accepting a certain 'Friend request' can be a difficult choice sometimes. Twitter is relatively anonymous, the only data given away is perhaps the profiling which might be gleaned through what is posted. But accepting someone as a friend in LinkedIn, Facebook or Foursquare could open the door to many problems.

Facebook has recently rolled out a way of sharing data with only certain friends, a response to the way in which Google+ works through its organising of contacts as Circles. Diaspora which recently launched by invitation only, also follows a similar framework as Google+, though due to its late arrival on the social networking scene it may fade away as the Google and Facebook do battle.

Users also to blame

It is a minefield for the average Internet user however, and many users get it wrong. While Facebook has admitted it has it has "made a bunch of mistakes", so too have its customers.

It may be a statement of the obvious, but Facebook is on the Internet, and the Internet's main function is to distribute information, and as such Facebook, nor anything else on the Internet can be considered truly private. Secure vaults of data in the cloud are private, though even those could be hacked.

Sharing on Facebook amongst friends, can go much further. A photo shared with "friends only" is stored on dozens of Facebook servers around the globe, and may also lodged itself into each of those friends' browser caches. Furthermore, any of those "friends" is able to grab a screenshot of that image and spread it to the wider world, should they so choose. At best, the "privacy controls" on Facebook, or even Google+, should be regarded as aspirational, the most optimistic scenario for shared data [Slate]. 

With or without Facebook...

There are some who do not use Facebook, Twitter, Foursquare, Google+, MySpace and the dozens of other social networking platforms. For the millions that don't blog or tweet there are millions of others that do. It is relatively easy to cut off the shackles of Facebook and other such tools, but for some it is a lifeline and a connection between friends.

As with so many other things, data, like house keys, passport and money, need to be kept safe. Some things might be shared, relatively safely, though it amounts to trust. A shared photo may not be passed on, as might be the case of a car shared with a good friend. But there is the risk it may be shared with a great many more people than was intended.

In fact some sharing may even land a person in jail. This year saw two people imprisoned after they attempted to encourage people to riot in England by setting up a Facebook page. And in Thailand simply hitting the 'Like' button may bring down the full force of the law. Minister of Information and Communication Technology Anudith Nakornthap said Tuesday that  Facebook users who "share" or "like" content that insults the Thai monarchy are committing a crime, and could face up to 15 years behind bars [Washington Post].

Different countries apply different restrictions on what individuals may post online and even what social networks may be accessed. China has some of the tightest regulations with many of the familiar networks like Twitter, Facebook and Google+ blocked, though it does have a growing number of its own homegrown sites which are heavily censored.

But the trend to censor content is going beyond the borders of totalitarian states. In Europe, lawmakers are also looking as setting the rules on how social networks are governed across the 27 member states [NYT].

There was irony too as Wikileaks revealed security risks in cyberspace and social networks were criticized over privacy. This week saw Britain's security agency use social networks to attract new talent. The GCHQ used Twitter and other platforms to launch a recruitment campaign by way of a special test [BBC].

Social networking and cyber security is about to become more complicated than ever before.

tvnewswatch, London, UK

No comments: