Since the NSA debacle I’ve been pondering the current state of affairs regarding privacy and “How most people think the Internet works” vs “How the Internet actually works”. So here are my thoughts on the three subjects:
You have none. There are groups of people and multiple individual entities that can access data you do not want them to access without your approval and most times without you knowing. This additionally is not a static list, but an ever-changing number and user base. I will expound on this in the “How the Internet Works” section, but suffice to say if you are educated about the Internet, you should have no reasonable expectation of privacy, at any time. This is partly by design, but also partly for ease of administration. If you have no idea of what kind of traffic your network is routing, how can you effectively shape it for best performance of all users? Or, why would you remove administrator access to a terminated user’s account if they may have saved those files they were working on before they left the company?
It comes down to the simple fact that we take the shortest route to achieve our goals and when those goals are closer to “make it work” than “make it work correctly”, it shouldn’t surprise you to see what we see here. Is it necessary to improve security for the sake of privacy? Instead of answering, consider the fact that with only your name, date of birth and the hospital you were born in, researchers found they could predict your social security number correctly for 8.5% of the population with fewer than 1,000 attempts. The system was originally designed with one scope in mind and neglecting possible attacks of this nature erroneously. What SSNs have now become is authenticators instead of identifiers, which means more people can get more access to more of your data.
How most people think the Internet works
Through conversations with people about the Internet, it seems people believe the Internet works like a literal web, with direct 1-to-1 connections to all of your favorite services, like a super-long Ethernet cable for each website to everyone’s computer. It seems people also think a firewall will actively block attacks and unauthorized persons, like a 24/7 systems administrator that “knows” when the network is under attack. They think their traffic is mostly unreadable in-transit, and trust online services with their livelihoods.
How the Internet actually works
There are millions of miles of cable, built into walls, floors, under roads, underwater, in ditches that connect routers over which Internet traffic flows. Sometimes, it bounces off a satellite for good measure. The owners of these devices are countless; for example just to get to Google you need to talk to your local cable pool’s router, then to your cable company’s core router, then their upstream provider’s router, then any number of intermediary datacenter’s router, then to Google’s datacenter’s router, then to Google’s router, then it gets sent to the relevant server, passing through additional routers on the way. At any time, the operators and many of their employees can see your raw (usually unencrypted) traffic. This is using cable that can be decades old, protocols that sometimes were intended for an entirely different purpose, software hacked together (sometimes actually designed) by disgruntled, happy, hardworking or lazy employees (or freelancers) sometime in the last half-century. Also on this global (read: unregulated) network are pieces of software with the specific intent on doing things they are not supposed to, and you’re directly connected to them, as is your data. Also connected to this network are HVAC systems, security cameras, industrial machinery, telephones/fax machines, medical devices etc that have not been (or cannot be) updated. On top of all of this, we now have definitive proof that this network can be manipulated and studied as a result of one or many governments to glean data and perform offensive cyber operations.
It’s not a surprise that there are so many breaches of security when security hadn’t even crossed the mind of many of the designers of integral parts of the Internet.
How do we cope with this, and how do we fix it?
The first step on any successful project is to determine the scope, and unfortunately ours is gigantic here. We would need to built authentication and privilege mechanisms (ones more advanced and robust than current offerings) down to the silicon level of every device, which of course would necessarily render older equipment incompatible. Using authentication schemes yet unknown, we must construct a suite of software and hardware that enforces abstract security concepts in a concrete and consistent way, globally and with as much compatibility as possible with current infrastructure. This system would need to place absolute power in the owner of data, and recognize complicated ownership processes like loaning/leasing data and limited access. All of this in a way that is easy-to-use and transparent, using powerful, proven cryptography that can be upgraded and changed as technology progresses with interoperability and guaranteed security. This needs to, at a bare minimum, provide Identification Authentication and Authorization for any given piece of data and on the human/company/device/entity level. Then, once everything is in place we would still need to configure it for explicit permissions, ones which are the minimum needed for full function at every level. This is only after first deciding the entire organizational structure of electronic devices and planning out what devices’ function and level of permissions need to be.
Sounds easy, right?