You are here

Online Safety

Privacy prevailed in Facebook's privacy-publicacy earthquake -- Privacy-Publicacy Part V

My prediction on World Privacy Day -- that it was "only a matter of time before there is a public earthquake over" the "Growing Privacy-Publicacy Fault-line" -- came true in less than a month. 

  • Facebook's recent publicacy changes to their terms of service led to a quick consumer "earthquake" over who owns their private information online -- an earthquake that was triggered by a strategic blast from the Consumerist blog.
  • In a matter of days, Facebook reversed its publicacy changes to its terms of service, restoring them to their previous state. 

Anyone that thinks this is an isolated incident, simply does not understand the powerful underlying tectonic dynamic here -- that there is growing tension on the privacy-publicacy fault-line.

"Do we need a new Internet?" Eventually of course! Until then we need smart network innovation

In asking the important question: "Do we need a new Internet?," John Markoff's article in the New York Times has helped focus the overall Internet debate on the importance of encouraging innovation to better protect Internet users.

  • Mr. Markoff's important article spotlights efforts by mainstream researchers like Stanford's Clean Slate project to "re-invent the Internet" to address its security deficiencies. It also provided an outlet for those concerned about the Internet's increasingly serious security vulnerabilities.  

It should not be surprising that researchers would be trying to innovate to create a better Internet that is safer and more secure; given that the:

The Open Internet's Growing Security Problem -- Part III

Evidence continues to mount that the real problem on the Internet is that it is not as safe/secure as it needs to be -- not the popular myth that it is not open/neutral enough. (See previous posts in this ongoing series here: Part I, Part II)

  • It is a sad state of affairs when there is more media and public policy attention paid to addressing potential "open" Internet problems, than to the very real and increasing Internet safety/security problems.

 

More evidence on the seriousness of the Internet's growing security problem:

"The Online Shadow Economy: a billion dollar market for malware authors." MessageLabs White Paper

  • "The shadow Internet economy is worth over $105 billion. Online crime is bigger than the global drug trade."
  • "With little chance of being caught and so much money at stake, it is little wonder that "a huge number of people are involved""
  • "...malware is going to get more common and more virulent..."

 "Corporations Are Inadvertently Becoming the No. 1 Security Threat to Their Own Customers, According to New IBM X-Force(R) Annual Report"

Implications of User Location Tracking -- The Growing Privacy-Publicacy Faultline -- Part II

The 'publicacy' trend, where technology increasingly makes public what used to be private, has reached another noteworthy milestone -- the popularization of location tracking of people via smart-phones. 

  • Google just launched a new free app for smart phones, Google Latitude, that uses location-technology to track users' physical movements and to and share those movements or locations with others.  

    Lets look at how this new development increases tension underneath the growing "privacy-publicacy faultline" that I described in my post on World Privacy Day last month.

    • I have three takeaways.

    First, the obviousness of the "creepy" publicacy factor in this instance -- forced more respect for privacy concerns.

The Open Internet's Growing Security Problem -- Part II

Evidence mounts that the real problem on the Internet, is not that it is not open/neutral enough, but that it is not as safe/secure as it needs to be. (Part I)

  • Public policy priorities are really warped when there is so much discussion about addressing an unproven and potential net neutrality problem, and relatively little discussion about addressing the very real, serious and growing Internet safety/security problems.

Mounting evidence: 

"Cyber-Scams on the Uptick in downturn:" Wall Street Journal

  • "Experts and law enforcement officials who track Internet crime say scams have intensified in the past six months as fraudsters take advantage of economic confusion and anxiety to target both consumers and businesses." 
    • "Cyber-assaults on many banks have doubled in the past six months in the U.S."     

"70 of Top 100 Web Sites Spread Malware" Information Week

  • "That represents a 16% increase over the first half of 2008."

"Website infection rising, warns Websense" PortalIT News

The Growing Privacy-Publicacy Fault-line -- The Tension Underneath World Data Privacy Day

Given that January 28th is World Data Privacy Day, its instructive to examine why there is such increasing tension underneath the surface of the Internet over the issue of privacy. I believe there is a growing "faultline" between two opposing tectonic forces -- one that believes in online privacy and the other which believes in the opposite -- online publicacy.

  • (I coined the term "publicacy" in my July 2008 House testimony on online privacy because Internet technology has created the need for an antonym to describe the opposite of privacy.
  • Many in the Web 2.0 community believe in the "publicacy ethos" where if technology innovation can make information public, it should be public and that there should be no permission or payment required to access, use or remix this new 'public' information.)

    I.  Why are there opposing tectonic plates of privacy and publicacy?

    A.  The growing pressure for privacy is captured in a Consumer Reports Survey from 9-28-08: "Consumer Reports Poll: Americans Extremely Concerned About Internet Privacy: Most Consumers Want More Control Over How Their Online Information Is Collected & Used."

An 80-20 rule for cat herding at a dog parade -- or improving Internet security

Kudos to the group of Internet security experts who came up with the Top 25 coding flaws that lead to ~85% of all cyber-criminal activity on the Internet -- thanks for the heads up from Zero Day Threat and Byron Acohido's article in USA Today.

I look at this ~85-25 insight as the cyber-security community's version of the old 80-20 adage that 80% of effects come from 20% of the causes. 

  • While the numbers are slightly off in this instance -- the concept is dead on. 
  • If you want to get anything done in the real world, one has to use tried and true strategies like the 80-20 rule

To explain the rest of my mixed metaphor...

Ominous 2009 outlook for Internet security

Here's an ominous assessment of the state of the open Internet and the future of cloud computing -- "The web is under attack, as are corporations and consumers" per Mary Landesman a senior security researcher for Scansafe -- in an excellent ZDNet post I recommend: "Security lessons not learned will haunt us in 2009."

Landesman's Internet prognosis is sober and realistic:

  • "There was more web-distributed malware in July 2008 than in the whole of 2007."
  • "...2009 may prove a pivotal year for the future health and viability of the web."
  • "The power of distributed computing has brought malware to the masses via botnets. While systems administrators cling to desktop-security solutions, the attackers have clearly moved to the cloud."
  • "In terms of malware, 2008 was a very bad year. But 2009 will be far worse."

Bottom line: If this Internet security assessment is even remotely on mark, (and I think it is dead on), too many people are worried about the potential health of the bark on some trees and missing the fact that the Internet forest is on fire. 

In other words, the debate over net neutrality/open Internet, has many missing the security of the Internet forest for the net neutrality trees. 

FBI: cyber attacks are third greatest security threat

The threat of cyber-attacks pose the biggest risk "from a national security perspective, other than a weapon of mass destruction or a bomb in one of our major cities" said FBI official, Shawn Henry to a  New York conference Tuesday per a story in the Sydney Herald.

  • "US experts warn of "cybergeddon", in which an advanced economy - where almost everything of importance is linked to or controlled by computers - falls prey to hackers, with catastrophic results. Michael Balboni, deputy secretary for public safety in New York state, described "a huge threat out there" against everything from banking institutions to water systems and dams. Henry said terrorist groups aim for an online 9/11, "inflicting the same kind of damage on our country, on all our countries, on all our networks, as they did in 2001 by flying planes into buildings."

Rick Hodgin of TG Daily added in his coverage of the conference:

  • "Christopher Painter, an FBI "specialist," described the basic weakness in fighting for cyber security. He said the threat is largely invisible and people don't always take it seriously. "It's not like a fire. It's hard to get your head around the threat. We often discover a company has been attacked and we tell them that and they don't know."

Bottom line: 

Out of sight -- out of mind. 

The Open Internet's Growing Security Problem

Evidence mounts that the real problem on the Internet is not that the Internet is not open enough, but that it is not as safe/secure as it needs to be.

  • See the Washington Post article today: "Data breaches are up almost 50%, affecting records of 35.7 million people."
    • "...annual statistics mask the extent of the problem; many businesses fail to report data breaches."
  • See ZDNet's Dana Blankenhorn's article: "The Biggest Threat to Open source in 2009" -- which spotlights the dirty little secret that open source projects don't have an update process, the fundamental method to address, patch or fix new Internet/software security problems in a timely and effective manner.
    • As Mr. Blankenhorn highlights: "There is no longer any doubt that hackers and malware writers are going after open source projects as they once went after Windows. Vulnerabilities are being found, discovered, created, exchanged. The best protection against vulnerabilities is to keep software updated, but most open source lacks update services." 
  • Also see Mr. Blankenhorn's earlier piece: "Which open source projects are most secure?" where he notes that Yahoo had one project in the top ten, but Google had none of the most secure open source software projects.

Pages

Q&A One Pager Debunking Net Neutrality Myths