Privacy and Transparency in 20 years

There is inherent tension between privacy and transparency.  For a democracy to function properly some argue that transparency (not privacy) is necessary for public institutions, but that privacy (not transparency) is necessary for individuals. And, yet governments and corporations have legitimate needs to keep certain secrets (think national defense and trade secrets) and certain individuals such as terrorists and criminals use privacy as a means of accomplishing their hostile and illegal acts (think encryption and ephemeral messaging).

How will the tensions between privacy and transparency be reconciled over the next 20 years?  Will one value prevail over the other or will they both be harmonized?  Will personal privacy be a thing of the past? Gaze into your crystal ball and describe our nation in 20 years in terms of privacy and transparency.

Takeaways for Week 15

This week was all about reclaiming one's privacy.

On Monday, a discussion on ephemeral messaging took place, where several benefits of this type of service were brought to attention, which included the following:

• Gives a sender greater control over who sees a message
• Increases the level of privacy
• Increases security of information
• Greater convenience
• Provides for spontaneity

However, it was noted that these apps are not created equal in terms of privacy.

Wednesday's class was all about detailing levels of privacy protection.  There were three types of protections:  strong, for normal people; stronger, for geeks; and super strong, for tin foil hat types.

The strong protections included:

• Password hygiene:  Password-protecting all of one's devices with complex, 8-12-character passwords, using separate passwords for each online account, and not settling for default security questions.
• Authentication:  Using two-factor authentication and biometric ID for accounts and devices
• Self-censorship and Restraint:  Using cash to pay for embarrassing items, using the delete button liberally, "liking" fewer things on social media to make one's online profile less complete, and decreasing one's digital footprint
• Caution with Social Media and Apps:  Turning off geotagging when posting photos and status updates, remembering that some personal details simply should not be shared on Facebook, using sound judgement when posting photos, signing out when through viewing or posting, changing Facebook privacy settings to "friends only," checking permissions when downloading an app, possibly skipping or monitoring automatic replies, and periodically reviewing apps and deleting those that are not used

Stronger included:

• Encrypting hard drives
• No use of unencrypted cloud services
• Keeping malware and virus protection software up-to-date
• Using a VPN
• Properly wiping phones and computers when disposing
• Confidential Communications:  Encrypting phone communications, using ephemeral messaging apps, and avoiding free public networks or wi-fi
• Web Browsing:  Clearing browser history and cookies on a regular basis, using a browser that does not track, using an IP tracker, installing plugins to avoid tracking, and using a disposable/temporary e-mail address

The Super Strong category consisted of some fairly wacky ideas, including:

• Keeping one's phone in a Faraday Cage when not making calls
• Covering all inner-facing cameras on any Internet-connected devices
• Plugging headphones when not listening to music
• Wearing "unhackable" fashion, such as a drone cloak or plane laptop sock

With all of these possible protections, one can therefore come to the conclusion that privacy cannot be completely dead.  It will just take a little bit of extra effort to maintain.

Takeaways for Week No. 15

Recent Developments for 4/17/17

• Burger King Ad hacked the Google Home Assistant (when the commercial was listened to, it triggered the Home Assistant to read off the ingredients in a Whopper Burger); Helped reinforce the issue that smart devices can be hacked

Ephemeral Messaging

• Messages that don't persist, kind of like how a face-to-face conversation where no hard copy of communications is kept
• More and more ephemeral messaging platforms are being developed, like Instagram Direct and Facebook Messenger's Secret Messages.
• Benefits: sender has greater control over who sees the message, there is an increased level of privacy, there is increased security of information, there is greater control over distribution and life-time of messages, etc.
• As ephemeral messaging becomes more popular, what are some concerns about people using this technology?
• Drawbacks of ephemeral messaging: people can be less civil/ethical (in a sense, there is less accountability), there is no backup history of what was messaged/nothing to look back on
• Concerns from a business perspective: there are often reasons/laws where a company will need a permanent copy of messaging/communications, there are concerns of messaging being used for sexual harassment or discrimination
• Concerns from a government use perspective: there is a need for transparency/accountability

Ways to Protect Personal Privacy

• Practice Good Password hygiene, practice self-censorship and restraint, be careful with social networks and apps, use confidential communications, practice good data security, etc.
• What is the right amount of caution for a person to take?
• It honestly probably depends on the person, although certain, basic measures should be taken by everyone.

Takeaways for Week 15

1.    Ephemeral messaging apps are becoming increasingly available and easy to use.  The contents of messages sent on these apps are encrypted and vanish from all devices/servers after a certain amount of time.  Many of them also have features that make it more difficult to screenshot the contents of the message.  Confide, for example, is an app that requires the user to decode a message one line at a time by dragging their finger down the screen.

2.  Ephemeral messaging ensures much safer and more secure messaging than other electronic forms of messaging.  This can be helpful for companies conveying private information or individuals involved in a very personal conversation. 

3.  On the down side, ephemeral messaging may enable illegal or inappropriate exchanges, such as child pornography, cyberbullying, or drug transactions.

4.   Users should investigate a few questions before using ephemeral messaging.  These questions might include:

-       Where will the message be stored, and for how long?

-       How easy is it to screenshot or copy the message?

-       How secure is the encryption?

           5.  There are three basic levels of privacy protection we can implement: strong          (normal person level), stronger (geek level), and super strong (tin foil hat-wearer level).  Some of the simplest but most effective suggestions include using password hygiene, using good judgment on what information and pictures we share on social media, and limiting geolocation.

QUESTION OF THE WEEK NO. 13

Do you agree with the following statement?:

 Privacy as we know it is essentially dead and we must learn to live in a totally transparent world where every aspect of our lives, except for our unexpressed thoughts, are an open book.

A Less Permanent Internet: Ephemeral Messaging

What is it? Ephemeral messaging, or self-destructive messaging, is a system where messages are deleted after a certain period of time after being read. Messages can be text, images, videos or emails. The process usually involves encryption during transfer and strong password walls to verify users before messages are viewed. A certain period of time after the message is viewed it is deleted on both the sender’s and receiver’s devices, as well as the system servers. Examples of platforms that use ephemeral messaging are Snapchat, Wickr, Mirage, Dust, Confide and Facebook Messenger.

Purpose. Internet users have limited control over their online content, ephemeral messaging offers an increased level of privacy. It provides protection against a widespread distribution of the content you send and keeps conversations private from others. Since no record is maintained, someone with your device is unable to read those messages. Ephemeral messaging helps those who are hiding activities, which could be for privacy in everyday life up to hiding illegal activity or threatening messages that could otherwise be used in court. Generally, ephemeral messaging is for users to communicate without leaving a copy of everything they send to be permanently recorded. See this video (start at 2:45) for more information on benefits of ephemeral messaging.

How secure is it? It is impossible for ephemeral messaging to be perfectly secure. Some platforms have tools to prevent screenshots of messages, or require a finger to be on the screen to make it more difficult. However, this doesn’t prevent a user from having an external camera to take a picture of the content while viewing the message. There is also the possibility that the service provider doesn’t destroy their copy of the message. The apps’ companies may also collect some information for analysis or to sell to advertisers, or be forced to surrender that information when asked by the NSA or through the legal process for an employer or school. For more information see this website discussing potential security issues in ephemeral messaging. Despite the lack of perfect security, ephemeral messaging is more secure than regular messaging. The chances of the message content being released much lower, providing a more private means of communication.

Apps. The most popular app for ephemeral messaging is Snapchat. It has had some issues, such as getting hacked and potentially not deleting photos off their servers. Confide is another app, which has a feature requiring the user to drag their finger to reveal each line of the message, making it more difficult to copy the message. Facebook Messenger has a new feature, Secret Conversation, which includes encryption. Wickr allows its users to set the duration of auto-destruction on their messages. See this website for more information on popular ephemeral messaging apps.

Use in Business. Ephemeral messaging has begun to spread into business use. These apps could be useful in the communication of private and sensitive information. It can be essentially used as a digital version of in-person meetings or phone calls, in lieu of emails which maintain the information sent. Ephemeral messaging could protect businesses in the case of hacking, where their conversations would be vulnerable if stored. Sensitive information won’t be stored, where it has the potential to be found. Though ephemeral may not be for all communication, it may be used for information the company/entity wishes to keep private. This type of communication could be useful in government, hospitals, senior-citizen care, law enforcement, fire departments and financial institutions. Some regulation may be necessary to incorporate ephemeral messaging in business, this website outlines some possible regulations.

I cannot say if ephemeral messaging will be widely used, but it has benefits which gives it the potential to become commonplace. It offers a step towards making information on the Internet less permanent.

Works Cited

https://ssd.eff.org/en

http://www.techspot.com/guides/1292-web-security-anonymizer-primer/

https://www.lifewire.com/self-destructing-messaging-4102193

http://www.businessinsider.com/republicans-encrypted-ephemeral-messaging-app-confide-hacking-fears-gop-report-2017-2

https://iapp.org/news/a/new-wickr-ceo-looks-to-build-on-ephemeral-messaging/

https://www.forbes.com/sites/parmyolson/2013/11/22/delete-by-default-why-more-snapchat-like-messaging-is-on-its-way/#59691cd36f31

https://www.linkedin.com/pulse/ephemeral-messaging-need-self-destruct-apps-radhika-ramachandran

https://www.linkedin.com/pulse/part-2-best-practices-corporate-ephemeral-messaging-barsocchini

https://www.schneier.com/blog/archives/2014/04/ephemeral_apps.html

(2:45) https://www.youtube.com/watch?v=0ahNBwcqjaw

http://iphone.qualityindex.com/charts/19789/top-5-ephemeral-messaging-apps-on-iphone

Weekly Takeaways #14

Weekly Takeaways #14

1. Deep and Dark Web: websites which are not able to be indexed, cannot be accessed without a certain browser and URL.
1. Guarded with encryption
2. Anonymous use
3. Also holds databases requiring login to access (restricted access)
2. Dark Web: same type as Deep Web, but generally associated with ‘dark’ or illegal activities
1. Deep web is broader, includes all content not accessible to search engines
3. Tor: allows you to browse anonymously, difficult to track
4. Virtual Currency: not regulated
1. Peer-to-peer transactions
2. Doesn’t protect against fraud or ability to get money back
3. Subject to taxes
5. Bitcoin: most popular form of virtual currency
1. Not linked to identity
2. Can only be accessed with password and two-factor authentication
3. Used for illicit purposes as well as by regular businesses or investment
6. Questions to consider:
1. Should virtual currency such as Bitcoin be regulated?
1. How would it be regulated?
2. Should accessing/using the Dark Web be illegal?
1. Line between intention and attempt. At what point should Dark Web use be criminalized?

QUESTION OF THE WEEK NO.12

Should accessing and using the Dark Web be criminalized?

Bitcoin: Do virtual currencies need regulation?

Bitcoin was the first decentralized virtual currency, a type of “unregulated, digital money, … used and accepted among members of a specific virtual community” (European Central Bank). Bitcoin was created by Satoshi Nakamoto on October 31, 2008, when Nakamoto published a research paper titled “Bitcoin: A Peer-to-Peer Electronic Cash System.” You can send and receive Bitcoins online, without having to go through a bank or other intermediary like PayPal. That means much lower transaction fees (around 0.0005 Bitcoin, or $0.60). And because there’s no central bank or mint to manage everything, there are no terms, limits, or conditions. Check out this video [1:36] on Bitcoin for more. But how can Bitcoin work without a central authority? If you receive a Bitcoin, how do you know it’s really yours to spend, with no third-party guaranteeing each transaction? Bitcoin’s answer is peer-to-peer data processing, also known as mining. Bitcoin mining is the process of making computer hardware do calculations for the Bitcoin network to confirm transactions. As a reward for their services, Bitcoin miners collect transaction fees.

Each user has a digital wallet, containing your Bitcoins, as well as a private key, like a unique digital fingerprint. When you buy a cup of coffee, you use your Bitcoin wallet to make the transaction, which is digitally signed by your private key. The “signature” is then checked by Bitcoin miners before being published on a transparent public ledger. The miners do mathematical calculations to check that it was really you that signed the transaction, and that you didn’t spend the same Bitcoin twice. If you want to learn more about the cryptography involved, the Bitcoin Wiki has a good explanation. The Bitcoin network works like most peer-to-peer software: users, also called nodes, can join and leave at will, and the “official” record is just the order of transactions that most nodes agree on. This does create the possibility of an attack on the Bitcoin network if a group of nodes made a concentrated effort to log inaccurate transactions. As Nakamoto says in his research paper, “The system is secure as long as honest nodes collectively control more CPU power than any cooperating group of attacker nodes.”

With Bitcoin worth $1190, new potential Bitcoin users might be wary of the peer-to-peer structure. Without a trusted third-party to oversee and mediate, there’s no money-back guarantee. And users have a high degree of anonymity, which provides opportunities for criminal activity, including black markets, money laundering, and tax evasion. Should Bitcoin be regulated? If so, who should step in? New York state created BitLicense, which requires that businesses obtain a license to deal in Bitcoin or other virtual currencies. This and other rules have been heavily criticized for imposing onerous conditions on Bitcoin operators, and making it difficult for small companies or startups to operate. You can read more about BitLicense here.

The IRS treats virtual currencies as property, so every Bitcoin user must track the gains or losses of each transaction to stay in compliance with IRS regulations. Tax Foundation, a tax policy research organization, claims that virtual currency should not be categorized as property. They say that the IRS ignores how virtual currency is used and treat them as something that people hold for an investment. The Federal Reserve does not currently have the jurisdiction to supervise or regulate virtual currency, but said in 2014 that “Bitcoin does not present a threat to economic activity by disrupting traditional channels of commerce; rather, it could serve as a boon. Its global transferability opens new markets to merchants and service providers” (Board of Governors meeting transcript).

I believe that regulating Bitcoin is a fruitless effort. It’s nearly impossible to stop someone downloading a Bitcoin wallet and connecting to the network. That’s because the Bitcoin network is completely decentralized. There’s no server to shut down and no one node that knows all. Even in areas where Bitcoin isn’t considered illegal, any regulations will inevitably restrict innovation. For a great overview of this debate, read this CoinDesk article.

QUESTION OF THE WEEK NO. 11

Healthcare providers are moving to a system of electronic health records where an individual’s entire medical history, diagnoses, treatments, medications and other health information are maintained in a digital form.  In order to provide better and more timely health care to individuals, should physicians and other healthcare providers be able to freely access and share this information with each other without a patient’s consent?