I currently am doing some work for a company where the data is very valuable, most of our data is encrypted when it goes out onto the cloud. It’s encrypted in house before we send it, well as I said for the most part it is. But I recently had an issue in house that was chased down to a drop box account, just what you wanted to see in a supposedly secure environment.
The user in question had been uploading data to this account so as he could pick it up from home, it proved to be a fairly good medium for him until his local passwords had to be changed and then the drop box application locked him out by repeatedly using his old credentials, is anybody seeing a problem here? Still no matter what security you implement, there is always a way around it, eventually this all comes down to the type of Muppet that the company hires.
On an other note one thing that has come into view of late is obviously the quantities of meta data that is visible to certain people, in particular the security agencies of certain countries. Not to say that these persons didn’t do this all before, but we now have a slightly different situation. Where before the spooks spied on the spooks, the new technologies that are available give much more scope to track individuals. Those of you who use firefox should get the lightbeam plugin, then have a look at what other websites are collecting information on you. In the main people tend to be unconcerned about this data capture, but it is obvious if you look. In it’s most simple form it’s how targeted adverts work, so if you go to google and search for solar panels – 15 minutes later when you’re on facebook you get the adverts for solar panels whether you want them or not.
In the guise of selling advertising the technology is mainly benign, annoying but in the main benign. However when this is combined with advanced software suits and there have been a few of these mentioned, such as Echelon, Prism used supposedly by the government agencies. I’m not picking on anyone here, most national security services had similar systems, the Swiss had or have the Onyx system and there were obviously other systems out there. However along with the commercial products, some of which are probably even slicker that the government products. You have to wonder where this is all leading, a number of years ago I saw a presentation on a product called “Green Plum” – and I know that this was a sales pitch but it was pretty impressive. Based on a single tweet it had constructed a full demographic model of the “tweeter” and had constructed a full demographic of his “online family and friends”, this information had been gleaned from several social networking sites this happened in a few seconds. And in response to a none too complementary comment on social media a major international company was able to look at data about the originator of the comment and all his digital acquaintances, to me was pretty scary stuff – especially in commercial hands.
People don’t really understand the digital foot print that they leave behind, in general the government aren’t that interested in the individual – we’re for the most part pretty insignificant. But take a look at the example above, someone made a comment like “Don’t deal with XYZZY, I just had the crappiest service – they are just a bunch of plonkers.”, on the face of it this is pretty innocuous and quite possibly true. However if within a few minutes all your “online family and friends” are contacted by XYZZY with a special offer, it kind of makes you look like the plonker for raising the issue. This was pretty much what happened in the example that I saw, the tweeter an individual and the company an international mobile phone company. The software provided information from social media and other sources, enough to identify individuals and text them. It also collated sufficient information probably from many sources to allow the prediction of uptake rates and therefore projected costs, to me this is so much more of a concern than what the government does.
On a more upbeat note, there have now been in excess of 150,000 hits on the blog. The view rate has been extremely variable over the last few years, from just a few a day to a few hundred.