As someone who has embraced the power of the digital information revolution since its inception (8086 with 8087 maths coprocessor option running MSDOS with a whopping 1MB ram) I can appreciate the perspectives derived from data analysis. The limit of my exposure to date has been small to very large organisations and personally compiled global economic data. So data matters. Dissecting the games, agencies and agents involved in the Snowden affair is a fascinating exploration with international intrigue.
For one, even a cursory exploration into the microstructure of the internet, internet security and the various protocols and transfer layers, you wonder how on earth they manage to transmit thousands of gigabytes of 1’s and 0’s at near the speed of light across the world so consistently and accurately. Simple plebiscites like me think most internet interaction is via point to point connections (or peer to peer). But there are a multitude of intermediaries (servers and networks switches) along the way. A IP traceroute will give you an example. Broadly speaking, the internet world is broken into 5 main regions (RIR’s) that track and register IP addresses using the IPv4 or IPv6 address spaces –
The simple peer to peer concept above of establishing a link (session) between a user and provider for browsing/conversation/file transfer can hop between up to 20-30 (sometimes more) intermediary devices and easily involve up to a dozen unique end devices (servers) in providing the sessions information/data/charts/point of sale. Each device parses each packet of data representing part of the message between the 2 end devices (being a PC/iPad/phone etc). Importantly, the world wide web must be thought of as a public network. In doing so, it is easy to gloss over the fact that connections are by not means dedicated, nor should they be considered private. The function of the internet is implicitly reliant on unrelated multijurisdictional connections, hence it cannot be thought of as secure. Cut a cable somewhere west of Hawaii and your connection to the shoe shop in Virginia is rerouted with minimal interruption via an alternative jurisdiction.
So on the question of “Why would users think they are entitled to secrecy and protection of the information they post on these public and commercial platforms?” comes down to promotional brilliance and/or outright misrepresentation. Your data packets that are sent as a function of ANY software sent by your device using the internet can be captured/split/mirrored/duplicated and even re-routed by anyone of the devices that parse them along the way. In short, any communication (messages/data/emails/files) requiring use of the internet to transfer packets of data is not secure, and should not be considered as such. Yes, you can encrypt the data to make life difficult, however the fact that duplication/redirection and/or storage of ANYTHING transmitted on the internet remains omnipreesent – it comes down to means, motive and opportunity.
Do you know implicitly where your connection for your Microsoft automatic updates is? No
Do you know anything about the files Microsoft selects for updating or modifies during the update? No.
Do you know where the Mozilla Firefox software you are installing via the stub downloader is connecting to? Or what it is downloading? Or what it is installing? No.
Do you know what Google does when it executes your search? No.
Do you know anything about any of the 361,000,000 results (links) Google retrieved on “dog names” in 0.14 seconds? No. Ok, maybe 1 or 2.
Do you have implicit trust that these programs are doing you no harm? Yes, absolutely.
Are you entitled to that trust? No. Do you have any recourse on any breach of that trust? No.
Will you stop using the internet and will you stop accessing free providers of seeming innocuous software? No.
Are you now entrapped into using these products? No.
…….. BUT …….. (here is the kicker)
Does your ongoing existence depend in the integrity of the internet? YES, IT DOES.
Why? Because virtually every organization that requires your proof of identity from hospital/medical to finance (banks) to credit card transactions to local councils to vehicle registration to utilities to employment all maintain permanent presence (connection) to the internet. It does not have to be you who is exposed to exploitation (hacked). Yet your identity can be extracted by a hacker exploiting a weakness of any one device involved in parsing your information. Identity theft and financial hacking is VERY BIG BUSINESS!
Integrity and security are not one and the same. The integrity of the internet is very high, the security? Not at all.
Take for instance the web browser Mozilla Firefox. It has an addon utility called “Collusion” to discover who is tracking you online. When you install a fresh up to date Firefox, and connect to the Mozilla website, to install “Collusion” a program made and marketed by Mozilla, a warning pops up –
“Install add-ons only from authors whom you trust.
Malicious software can damage your computer or violate your privacy
Collusion (Author not verified)”
Do you continue? Did you even read it? Of course you continue, you’ve already clicked “Install”.
So, a quick summary of our progress so far:
We’ve just downloaded and given permission to install free software (the web browser) from a seemingly trustworthy source (based only on hearsay and anecdotal evidence) using an open internet connection that is part of a paid subscriber service (ISP). We then installed a third party add-on promoted from the same source that came with an explicit warning which we acknowledged and approved before proceeding. Are we getting any closer to discovering who the bigger dickhead is yet?
Integrity and security are NOT one and the same, you dickhead …. and we haven’t even begun to talk about security.