Social impact of the privacy crisis in the post snowden era. What we thought was secure has been compromised. We think we want anonymity, but that promotes bad activity.

1. Reining InThe Data
The Social Impacts of the Privacy
Crisis In the Post-Snowden Era
ITAG 2015 Andrew Schwabe

2. A Copy of this Presentation
• Will be shared via twitter:
– Follow me at @aschwabe
• Posted on my blog: PainInTheApps.com

3. Background
• Hacker Entrepreneur
• 20 yrs in Encryption + Data Security
• Big Data, Mobile, Privacy focus now
• Assisted FBI for online predator hunts
• Founder of Point.io
• Founder + CEO of Formatic.ly
• Privacy + OSS Advocate

4. • Just Launched in 2015!
• BehavioralAnalytics + Smarter Engagement
for web and mobile forms!
• See us at ‘Innovation in the Region’ @ 3:30
• http://formatic.ly

5. Ahhhhh the Internet!

6. • Back in my day…

7. Ignorance *was* bliss
• A smartphone was just a phone with
email and junk and stuff
• We didn’t care if our kids uploaded pictures and shared
where they were during the day (every day?)
• We didn’t think twice about emailing sensitive or
private stuff to ourselves or friends, even in gmail…

8. Then…

9. 1.2 Billion Usernames and passwords compromised

12. Welcome to a new Era!

13. Used to be…
…the government would protect your privacy

15. and stealing your secrets…
…took effort and some paper moon trickery…
<Cthon98> hey, if you type in your pw, it will
show as stars
<Cthon98> ********* see!
<AzureDiamond> hunter2
<AzureDiamond> doesnt look like stars to me
<Cthon98> <AzureDiamond> *******
<Cthon98> thats what I see
<AzureDiamond> oh, really?
<Cthon98> Absolutely
…
<AzureDiamond> oh, ok.

16. SoWhat Happened???
• Mobile devices got powerful and complex
• Social media exploded onto the scene
• Consumerization of IT
• … and we didn’t know what was going on…

18. The Privacy Crisis
• We can at least be concerned that the NSA
have cracked and monitor:
– SSL (HTTPS) website activity
– RSA encryption certificates (public/private keys)
– 4G mobile networks (voice and data)
– VoIP voice services
– And any websites/etc. that use the above

19. NSA has been outed…

20. NSA security coverage
• Means that they *can* (not will)
hack/monitor most of the services we rely on
daily
• These all use the same core security tech

21. Anonymous Networks
Compromised
• Kremlin put out a bounty for info
to hackTOR
• Gov’t / law enforcement compromised
portions of theTOR network late 2014.

22. Google, Microsoft, other
email scans
What is next ?

23. And most recently…
Oh, great... The government
that has been spying on
citizens just got hacked…

24. And most recently…
… and hackers in
Asia know more
about you than
your siblings

25. Facts:
• Hacking incidents are here to stay.
• You are never truly anonymous.
• Adapt or be a continual victim.

26. Some companies are Desperate

27. Data creation explosion
We are creating huge
amounts of digital
content, much of
which lives longer in
the cloud than we
intended or have use
for.

28. Data creation
• A large portion of what we create will live on
disk somewhere beyond our use for it

29. People know enough to be
concerned

31. Google’s Right to be Forgotten

32. Apps that are helping
• Snapchat
• Wickr
• Spideroak
• All focused on being a “place” where your
stuff is secure
, sort of
, sort of

33. Apps that are NOT helping
• Snapchat
• Tinder
• Facebook
• Burner
• etc

34. We SHOULD…
• Be concerned about
– what gets shared
– with whom
– And how long it lasts

35. Ephemeral
• What does it mean?
• Origin: greek word “ephĕmeros”
• “lasting for a very short time”
• The new “bucket” for technology that
manages the life of digital content

36. How does it help
• Personal privacy
• Corporate Risk
• Facebook vs snapchat models
• The opposite of Big Data ?

37. Is it enough?
• The concept is still new
• People are building “apps” more than broad
sweeping “solutions”
• It doesn’t address the issue of being
monitored/collected by NSA/Others

38. Is AnonymityThe Answer?
• Can communication really be anonymous ?
• Only available for *some* activity online
• Whistleblowers – do we want to enable
WikiLeaks and Snowdens ?
• But isn’t true anonymity the….

39. Dark Side of the Internet

40. Tools exist for anonymity
• “Leak” website lets you send untrackable anonymous emails.
– Inappropriate emails anybody ?
– Harrassment, abuse ?
• Tor lets you encrypt your web traffic and make you difficult to track
– Porn and pirated content
• Bitcoin exists to keep the banks out of your financial dealings
– Silk Road. BUSTED.
• Wickr has been spotted being used to sell/traffic illegal drugs

41. But Still Enable Naughty Activity
• Gov’ts around the world cracking down on
porn and sex trafficking
• FBI InfectingTor users with Malware
• Google and Microsoft scan emails, etc. and
report questionable content to authorities
• Evil begets evil

42. But Still Enable Naughty Activity

43. InformantsTargeted

44. Accountability
• There is no way to make everybody behave
• As a global society we need new ways to
encourage law abiding netizens

45. OMG I’m Scared
• What should I do?
– Know the risks
– Use technologies to
protect yourself
– Don’t associate with those who don’t behave

46. Parents:
• Do you know what your kids are doing ?
– Multiple email addresses / facebook profiles ?
– Ephemeral and anonymous mobile apps
– Its too easy to share pictures and photos

47. What we need (the Future?)
• Smarter users, and smarter parents
• Anonymous peer validation for data integrity
• Anonymous submissions to known entities
only for whistleblowing
• Social content stays social and never collected
for “Big Data”

48. In Summary
• We are in a new era
• Keep Calm
• Stay Educated
• Don’t Share unless you know the risks
• Use the right tech for your security/privacy needs

49. For Some Fun Reading
• “Cryptonomicon” by Neal Stephenson
– A futuristic take on:
– Underground Data Haven
– Anonymous Internet Banking
– Digital Gold Currency

50. Q&A

51. Thank you for coming!
• Presentation will be shared via twitter:
• Follow me at @aschwabe
• AND Posted on my blog: PainInTheApps.com