Like many of my generation, I have grown up expecting the rich benefits, and accepting the unique risks, an open and free internet presents.

I do not pretend that this medium for open exchange does not, at times, facilitate truly terrible things. I do not deny that the lives and security of millions of people are, at times, put at risk by this platform.

Behind the Black Boxes

I seek to urge balance — balance between the competing demands of liberty and security. A balance of the risk of crime that is faciliated by free communications with installing tools and technology that could so easily be abused by those charged with protecting our safety.

The UK government, like many others at this point in time, is planning to introduce widespread surveillance of internet communications, in the form of the Communications Data Bill.

They will collect the ‘communications data᾿, the metadata of with whom we communicate, through traditional channels like email, but also through any number of third-party services. This will require them to employ deep packet inspection on all our internet traffic to extract the data that they would, under the Bill, be lawfully allowed to store.

But:

• Who will make the ‘black boxes᾿ that will be doing all the collecting?
• If the ‘black boxes᾿ are necessarily hunting through the whole communication for the communications metadata, how can we be sure that content will not also be collected?
• Who will have access to these machines?
• Are their access controls going to be subject to penetration testing by well-respected security researchers, so we can be confident that our data will remain under the control of the designated officials?
• How do we know that the boxes have not been, and will not be, altered to do more than their original lawful task?

Our Patterns are Private

… unless there is good reason to suspect us of committing an offence.

One of the things that troubles me greatly is the proposal of storing the address of every website we visit. We are promised that the addresses of individual pages will not form part of this data, but nevertheless, an extraordinary amount of information can be inferred from a list of websites that an individual has visited.

Sensitive political information, medical details we have a right not to disclose, valuable commercial intelligence…

The more data that is accumulated, the more an abusive or corrupt agent can infer, and the more damage they could do. The information about where we go online also has a very high commercial value (as many internet companies are already well aware), making the likelihood of illicit commercial exploitation of this government-held data by rogue officials vastly higher.¹

Unless there is reason to believe we have done something wrong, we have a right to withhold this information.

We should resist routine collection and storage of this information where there is no suspicion of wrongdoing.

The Balance of Power

Protecting citizens against risks to their safety is obviously a priority, and clearly a huge challenge. Many people devote their lives to doing so, and many people have made significant sacrifices in pursuit of security. I deeply respect these people, and the need for this work.

We must, however, limit the power we entrust to those who protect us. There will always be some who are liable to corruption, and some intent on harming us whilst purporting to do the opposite.

We have to balance the risk posed by ‘others᾿ — criminals, terrorists, rogue states, with the risk posed by those inside the system who may exploit us with it.

Unfortunately, the abuse of power is made much more efficient where technology is involved.

The wide, sweeping powers of surveillance that the Bill mandates afford dangerous levels of power that are all too easily turned against us. We might trust this government and the software they put on the black boxes that watch all our traffic. What about the next one, and the software they load onto these machines? What if a group much less trustworthy are able to seize these powers in the future? What if the collection and storage technology itself is fundamentally insecure?

It is much easier to resist these overbroad powers now, than to try and re-balance rights and risks later.

Think

I ask that if you do nothing else, spend a little time thinking about these balances of power, and balances of risk.

If, like me, you read between the lines of the Bill and find these balances troublingly one-sided, then write to your MP and write about this issue. Make your voice heard.

Rightful liberty is unobstructed action according to our will within limits drawn around us by the equal rights of others. I do not add ‘within the limits of the law’ because law is often but the tyrant’s will, and always so when it violates the rights of the individual.

— Thomas Jefferson.

1: The UK᾿s recent huge press scandal has highlighted the issue of corrupt law enforcement officials giving privileged access and preferential treatment to private media companies. It is naïve to believe that this risk will not present itself again. The best way to protect against this kind of corruption and exploitation is to limit the collection of and access to our private data.

I just came across an interesting post on the ESET Threat Blog (ESET being the antivirus vendor who are responsible for NOD32) about smartphone apps and the risk they potentially pose in a world when we install all sorts of applications, including those that deal with important and sensitive information, on the same device.

In particular, General Hayden remarks that ‘In the popular culture, the availability of 10,000 applications for my smart phone is viewed as an unalloyed good. It is not — since each represents a potential vulnerability. But if we want to shift the popular culture, we need a broader flow of information to corporations and individuals to educate them on the threat. To do that we need to recalibrate what is truly secret.’

Yes, each app that you install on your smartphone is a potential vulnerability. It is precisely for that reason you should be making decisions about what you installed based upon rational thought processes. There are some things that the reward is not great enough to warrant the amount of risk taken. For example, you might choose not to drive 120 MPH (193 KPH) because the cost of potentially getting isn’t worth the benefit of arriving sooner, or perhaps even the benefit of the fun of driving so fast. If you do choose to drive that fast where it is not permitted, and you do get caught, you may discover that the consequences are so extreme you wish you hadn’t have taken the chance.

When it comes to installing software on your smartphone, take a good look at what you may be risking. Do you do online banking or shopping with your smartphone? Do you have business contacts? Contact for friends? How about access to an email account with private emails? All of the information may be compromised if the wrong app is installed. After you identify what assets you have and their value, then consider the app you are installing. What is the benefit it poses to you? Is it worth potentially risking your information for a funny picture or a game you might play a couple of times a year and can probably play online, rather than installing it on your smartphone?

It’s an interesting read — and should remind everyone using an app-capable mobile device that it is a powerful computer, and with that comes a certain degree of risk. While the major smartphone software platforms have a higher level of technical separation between apps running on the same device than you typically get with a desktop PC, we should still be thinking about what apps are sharing ‘the floor’ with others, especially those which deal with more sensitive information, like mobile banking.

I have actually been meaning to announce this here on my blog for quite some time, but just had never got around to it! Oops…

Anyway, I’m pleased to announce that I am now blogging for esteemed podcast For Mac Eyes Only‘s new Articles section. This is a great opportunity for me to get back into more regular blogging (I hope! 😉 ), which is something I love doing — and it’s a great opportunity to share some of my Mac knowledge with others.

I’ve already posted my initial thoughts on the Mac App Store as well as begun a Mac security series — and there should be much more arriving in the coming weeks.

I’ll be writing in the Articles section alongside fellow Mac-head Eric Erickson.

If you’re interested, please do go ahead and take a look!

The first worm to infect the Apple iPhone has been discovered spreading ‘in the wild’ in Australia.
The self-propagating program changes the phone’s wallpaper to a picture of 80s singer Rick Astley with the message ‘ikee is never going to give you up’.
The worm, known as ikee, only affects ‘jail-broken’ phones, where a user has removed Apple’s protection mechanisms to allow the phone to run any software.

The news of this worm is likely to attract the attention of some anti-Apple and anti-iPhone crowds and used as an argument as to why the iPhone isn’t secure, and Apple people should no longer feel safe and so on and so on.

To those who would seek to lose a sense of perspective on this story:

This worm works only on jailbroken iPhones (an unsupported procedure), where the user did not change the default root password and left the remote login SSH service running.

This attack says nothing about the security of the iPhone software — it exploits little more than very poor configuration on the user’s part. If you choose to jailbreak your device, you have a responsibility to understand the implications that has. Which means, change the damn root password to something other than ‘alpine’. While you’re at it, also change the password for the user mobile too.

Despite having defended the iPhone thus far, I’m not in the business of assuming Apple get every aspect of security right all the time and I’m not in the business of declaring the Mac or the iPhone to be ιsecure’, or more secure than anything else. As hope I made clear in my previous post, a simplistic black-and-white approach to looking at computer security doesn’t make any sense or do anyone any favours.

I’m not complacent about security because I use a Mac*. I am confident because I feel I have grasped a good understanding of the risks and of trust.

* or Linux, or anything that I perceive as being more secure.

Secure. by Wysz on Flickr

I can’t stand the attitude of “there’s nothing important on my computer, so I don’t care about whether it is secure or not”. The simple fact of the matter is that any infected computer connected to the internet is probably at the mercy of a malicious third party. Even if you don’t care about the impact of your computer being infected, your lazy attitude is affecting innocent other people’s computers, potentially in the form of sending mass spam and attacking unwitting websites.

Computer security is hard and very complex.

How we explain computer security and insecurity to average computer users, non-geeks if you will, is really important. And I really think that we are taking the wrong approach at the moment.

We teach computer users that in order to keep their computer secure and clean, they must have:

• An anti-virus program
• A firewall
• Up-to-date software
• … and other practical, simple steps

While these are all very important steps to encourage (especially keeping software up-to-date, in my mind), I think that we are making this advice a bit too practical. We’re ignoring complexity and only ever offering the most basic practical steps.

In my mind, a lot of computer security comes down to a model of trust. For example, I feel confident that a conversation with my internet bank is secure because:

• I trust the integrity of the SSL connection for the purposes of keeping my information private and untampered with as it goes across the internet
• I trust my local machine to be ‘clean’
• I trust the remote machine at the bank is genuine and set up properly

All three of those things must be in place for me to have that ‘safe’ feeling. A safe SSL connection to your bank is meaningless if there’s nasty software on your local machine sending your keystrokes to a third party.

I’d like to see this model of trust be encouraged amongst all computer users. It maybe does take a little bit more time and effort to understand the basic principles of what is going on, but looking at security this way round, rather than from an entirely practical viewpoint, allows people to make informed security decisions, rather than blindly trusting some ‘security’ software to do everything.

Social engineering is a very easy way to get some nasty inside someone’s computer. It’s disappointing, but oftentimes you can trick the human into deliberately giving permission to something more easily than you can find a hole in software to do the same thing. Instead of relying on ‘last resort’ antivirus programs to catch known malicious programs running at the last minute, we should encourage people to ask questions:

• Why am I being asked to run this software?
• Where did it come from? Do I trust the group of people that wrote this program?
• Is there anything suspicious or unusual about this? Is it really coming from who it says it is?

Obviously, you need to combine this with practical advice and some knowledge to enable people to spot things that are ‘out of place’. But I think if we did, people would be in a much better position to make sensible informed decisions and to understand better what is actually going on.

This rant only really covers one aspect of computer security. As I said at the start, computer security is really complex and really hard to get right. So this approach isn’t necessarily the answer and it isn’t going to be applicable everywhere. There are going to be groups of people for whom this will be too complex, and groups of people that ‘won’t care’. But I’d like to see it done more often.

Photo is Secure. by Wysz from Flickr. Licensed under Creative Commons BY-NC.