Thursday, November 13, 2014

SecuriTea Leaves (Part Three): Future 2

The new Internet is one of openness and perpetual unfiltered documentation, not privacy and selective sharing. What impact will that have on the future of security, when the need for privacy lessens? If our dying generation is the last one concerned over privacy, what motivation is there for security enhancements?

In this series of posts I describe the possible futures of the privacy plate shift we're riding right now and how it relates to the landscape of security.  See SecuriTea Leaves Part One for more detail.

Future 2. No privacy. Strong persistent security. Teleportation a maybe.

This future shares much with future 1 and is possibly just a stepping stone on the same trail. Like future 1 this world has voluntarily given away its privacy, leaving little of ones life out of public view. What differs here is that individuality is still very important.

People won't mind if their emails are made public. They just won't want someone speaking for them using their identity without permission. A person won't mind being one voice amongst millions, but they will still desire the likes, the lols, the smiles, follows, ratings, and promotion. In this future every picture you take is immediately uploaded to the cloud, (now a shared international database), using facial recognition to automatically tag you and all your friends. Every step you take is logged, every purchase you make is known, each entertainment choice is tracked and it has your name on all over it, but the phrase invasion of privacy never crosses your mind.

This future requires significant security to maintain. To protect the integrity of the data for the individual, identification verification security and general information security becomes very important.

For security of identification there will have to be multiple checks, a verbal password with constant retinal presence. A perpetual presence indicator (PPI) is what maintains validity of the person to the action. If you're not looking at what you're creating, or if the eye isn't yours, then the access is cut off. Security of the information itself will be difficult, keeping it both open but safe from alteration. Security priority here is not to keep it from public view but to keep the relationship of author to text or action valid.

This trust of the person-to-action relationship is most impactful and relevant with banking transactions, and that's where both the consumer and industry will want to position a mutual fulcrum and where this future has its genesis.

At some point, in the not too distant future, banks will no longer foot the bill for every purchase on a stolen credit card or money transfer made with stolen login credentials. They will turn the responsibility back to the consumer.

"Protect yourself, because we won't."

People might then be a little more cautious when using their cc online or they might embrace encryption or additional personal security options, but it is more likely people won’t voluntarily change their habits at all. Security changes will have to be forced on them.

Banks will effectively pass the buck, requiring a user of their online services pass several security requirements in addition to the PPI (AV, non public wifi use) before being allowed access to their own accounts. If you don’t qualify, you don’t get in. Retailers won’t rush to join this security revolution but it will be forced on them as well. The banks will require new security regulations of payment processing groups to guarantee the validity of the end user which will then trickle changes into the entire online shopping experience.

With so much awareness of you and your actions, this future world is incredibly personalized. What lives now as targeted ads and improved directions to your home will be mood based music selection, automatic grocery list creation, calendar planning (including television viewing, exercise schedule, and party attendance responses). Decisions will be made for you and they’ll be the same ones that you would have made. Doctors send prescribed medicine to you without you visiting them or even knowing you have a problem. Spending habits are so guided that budgets don’t factor into the purchases. Each day is laid out before you. Life becomes a big to do list.

Do you think this is a possible future? Thinking about this future as a complete world, what doesn't fit or what did I miss? Could this idea of a PPI provide enough assurance that an action or data transfer/creation was made by a certain user? Can data sharing ever be really secure, especially when databases are linked? Does taking away choice make life easier or happier, or do we need the chaos and uncertainty to be people of substance?

Other posts in this series: SecuriTea Leaves

Part One: The introduction
Part Two: Possible Future 1



Wednesday, October 22, 2014

SecuriTea Leaves (Part Two): Privacy, Security, and Their Possible Futures


The new Internet is one of openness and perpetual unfiltered documentation, not privacy and selective sharing. What impact will that have on the future of security, when the need for privacy lessens? If our dying generation is the last one concerned over privacy, what motivation is there for security enhancements?

In this series of posts I will describe the possible futures of the privacy plate shift we're riding right now and how it relates to the landscape of security. (I will post each future separately so there may be comments on each.)

See SecuriTea Leaves Part One for more detail.

Future 1. No privacy. No security. Flying cars optional. (This future feels far away, but just how far I don't know.)


 We have spent years sharing everything and voluntarily broadcasting our lives to the point where nothing is private. Who we know, how we feel, what we eat, our daily routine, are all available to the public. And if privacy is only a concern for the singular person, then a collective needs no privacy. Individuality is practically gone, lost amongst the vastness of so many people with so much data.

  Twitter (whatever repackaged variant it comes as) wouldn't have a login. You would just tweet as a generic entry, possibly with demographic info tied to it, all performed automatically as you live. Whatever listening device you carry or is nearby, which is always on, will post your statement and question streams to join the river of worldwide conversation. Email won't exist because there are only public forums for communication. Facebook and Linkedin (whatever face they wear) will auto update with every action and career move, complete with pictures you didn't even initiate. 

 All data about you, including financial, medical, and family details are accessible by anyone, and you're fine with that because community and government services to support needs or problems with any of these categories proactively extend their reach to your doorstep. You won't care that every mistake you made or slur you've spoken is accessible as both an audio file and in transcript, or that everyone knows where you are at all times, because that is the way it is. 

 The upside of so much exposure is that it may provide more security. It will be more difficult to pull off financial fraud when every purchase by every person is documented publicly in multiple ways, matching shopping habits, visually recording the transaction, tracking an item in its full life cycle, not just shipment. Even clothes may require some ultimate biometric union with its intended owner, where no other person could successfully wear them. Financial spending could be restricted anyway, every dollar of yours so heavily tracked and tied to you personally that the initial fraudulent purchase could never happen. 

 In this future your health is constantly monitored, and with no delay in medical history or current condition, medical response and effectiveness could be vastly improved. Small changes in your health can inform your doctor while immediate changes can alert the hospitals. The likelihood of one person to harm another may be much lower when the whereabouts of every person, especially in proximity to everyone else, is well known.

 Sure, like any sci-fi movie tells us about dystopian totalitarian worlds, there will be a resistance. However, with everything public there is no need for login credentials. Everything and everyone knows who you are at all times so access is wide open. With little privacy and little security needed for that privacy, the ability of that resistance to be disruptive to the status quo may be incredibly easy, but ultimately pointless.

 Apart from a destructive "reset" of civilization, even a disruption of the system won't change it. It only sounds like a dystopia from our current point of view. The people are happy to live in the world they've helped create. It wasn't forced on them by the government or even put to a vote, other than the tiny "allow" vote made every time you accept the terms and conditions of the services and software you use. A building wave of "allows" created this new shoreline and the seaside residents moved closer together preventing any possible outliers. They even take comfort in the lack of privacy. Like confessing your sins, there is a cleansing effect to revealing your secrets, and in this future you'll never have any.

 Do you think this is a possible future? Thinking about this future as a complete world, what doesn't fit or what did I miss? Could complete lack of privacy provide total security?

Posts in this series will continue with other possible futures. See SecuriTea Leaves Part One: The Introduction.

-Matt Sully

Thursday, October 16, 2014

SecuriTea Leaves : A Series on Privacy, Security, and Their Possible Futures

Privacy and security are intertwined elements, each fuel for the other's fire. What you want kept to yourself isn't always a dirty secret but is sometimes best left hidden away from others. My grandmother kept every personal document and bill under lock and key.  She wouldn't give anyone her SSN or even her middle name unless they showed her a government ID, and even then it was after much resistance. When I see these companies providing identity theft protection services, I think of my grandmother. It is her generation that maintains that level of commitment to privacy, not ours.

Our generation still respects the idea of privacy. We're just not as steadfast. We invest in curtains and aren't too gabby with our neighbors. We still have a few secrets, but we have become more than comfortable putting most details of our lives online. We email, share pics and status updates, file our taxes, fill out government forms, enter our email address everywhere, and blindly agree to dozens of contracts each year (SLAs). We look through the details of what the new app we downloaded will access, huff and puff for a bit about why it needs what it needs, and then reluctantly agree to its demands because desire wins over caution.

When we read about breaches that result in thousands of emails and passwords being stolen, we still care, but we don't rush to change our passwords. Our online behavior goes unchanged. Our level of sharing goes unaltered. We might not shop at Target for a few months, but we will return again, with our credit cards in hand. It is this awareness of risk with little personal effort to combat it that proves the fight for privacy and security is dying. We are connected. We are plugged in. There is no turning back. The idea of reverting to offline banking and consumerism is laughable. A want for knowledge and access combined with forfeiture of privacy is diluting security.

Interest in data breaches will wane, to the point where they are no longer big news, and what seemed of upmost importance will be forgotten history. Now when we see data breach stories we feel saddened by the state of data security but assume things will get better. We think, "New security measures will surely be put in place. Existing ones will be made stronger. It will get better."  But, like generations before us, our generation is giving way to new thinking and new ideas of privacy. The new Internet is one of openness and perpetual unfiltered documentation, not privacy and selective sharing. What impact will that have on the future of security, when the need for privacy lessens? If our dying generation is the last one concerned over privacy, what motivation is there for these security enhancements?

In this series of posts I will describe the possible futures of the privacy plate shift we're riding right now and how it relates to the landscape of security. (I will post each future separately so there may be comments on each.)

Next post: Future 1. Individuality is practically gone. If privacy is only a concern for the singular person then a collective needs no privacy.

Do you have examples of privacy perspective changes you've made over time? Have you resisted personal data sharing or online activities out of concern for security or privacy?