Setting the Scene
It was a cool, brisk Autumn evening. My contact had agreed to meet and discuss the subject of this article in a well-lit, public space. After purchasing some smoothies, we sat down outside to conduct the interview.
Cameron Banga is an app developer that works in both the iOS and Android platforms. Though he champions Apple's product line, Banga feels that both of the market-dominating mobile platforms are on equal ground when it comes to the data security of their customers.
With that said, the responsibility of data security and privacy starts with us as users. “Given the power with these mobile phones today we have an exponential conflict that’s occurring when it comes to keeping yourself private and secure versus the messaging abilities we have,” Banga noted before continuing, “the problem is we have a computer in our pocket that goes with us 24/7 and is always connected and knows everything we’re doing.”
One of the most important components in the relationship between tech companies and their customers or users is the concept of transparency. In order to maintain trust, companies must be open about not only what data they are recording but also how they are putting it to use. In the wake of the revelations the former CIA system administrator Edward Snowden revealed last year, the typical mobile device user is now more aware of the government's access to their devices as well.
“Users need to know, if you put something on a server that you don’t have control of and you didn’t encrypt yourself, if that ever ends up in the public access or domain, don’t be surprised,” Cameron remarked.
|HTTPS – Hypertext Transfer Protocol Secure adds an additional layer of protection with SSL/TLS to improve the security of browsing sites on the web. Also, this protocol encrypts communications between servers and clients communicating with them. So look to see if the sites you surf are using this standard.
|PGP – If securing data is a behavior you want to make second nature, then find an easy solution. Pretty Good Privacy (PGP) is a standard that has been around for 20+ years and allows users to encrypt their own data for storage or transmission purposes.
It is important to note that accountability extends beyond the consumer base of gadgets as well. Companies have a responsibility to make sure their databases as well as the security measures of third party contractors or B2B relationships are aware of how to keep things such as APIs secure. With all of the data security incidents that have occurred through the last year, extending back to the Target breach in late 2013, there is a sense that on a consumer-level, cyber insecurity awareness is reaching a boiling point.
“What is the scale of data breach that you think is going to make it hit that tipping point? If it’s not Target, if it’s not Home Depot…”, I asked him. “I think it’s a personal data breach. I really think what it’s going to be is a Snapchat having a whole database of photos leak. It would be huge”, Cameron replied. Soon after this declaration, we headed off in separate directions to attend to other commitments for the evening.
Then it happened…
Just a few days later it was announced online that a cache of Snapchat photos that had been backed up via the third-party service Snapsave had been compromised. The guilty party had revealed the hack bringing the debate regarding the concept of “ephemeral” media to the forefront. Within days thousands of “private” images flooded the Web.
Are We Ready to Turn the Corner?
It’s going to take a lot of continued efforts to create an improved understanding of the best practices that are necessary when it comes to protecting personal private data. The emergence of smartphones and mobile culture has generated an environment of lax personal identity security that is ripe for those with the skills to exploit it.
FireChat - An app that allows device users to communicate with one another via Bluetooth or Wi-Fi. It does not need to utilize any cellular network to work. Therefore, users can still communicate if cellular networks are down for whatever reason.
Protesters in Hong Kong used this messaging tool to stay off the overburdened grid and stay in touch with each other. The more concentrated the users, the stronger the network.
Cyber Dust - An app that seeks to give text message users more privacy. The app works similarly to regular texting or messaging app for sending text. However, messages that are sent are not saved by the sender, and deleted automatically soon after they are red by the receiver. The information is not stored on any local drive or server, and no previous conversation gets saved. Championed by Mark Cuban.
Screenshots are still possible, which has always been a contentious issue for and feasible with Snapchat as well. Like in the old mobster movies: if you want something to stay within the boundaries of the people involved (and perhaps the few people they whisper secrets to), do it in person.
However, there are measures that can be taken to improve our security posture at the personal level. Dawn Morrissey, Managing Partner of Data Connectors (a technology security event series), provided a few tips that she has picked up managing events on their event circuit.
“When you’re installing apps make sure they are coming from recognizable companies because there are a lot of apps that can infect your phone. Be aware of what permission you’re granting. For example if it is asking for GPS information or access to all your photos,” Morrissey noted. “[Smartphones] should be treated like a wallet and be password protected.”
Robert Johnson, President and CEO of Cimcorand producer of CimTrak (an IT security software suite), added the following thoughts, “Mobile devices contain your most personal data but in essence they are computers. They are extremely complex operating systems. Those operating systems, just like all others, need to be patched. They need to be at the latest version at all times. That’s a critical part of a person’s strategy for their personal mobile devices.”
The truth is that no matter whether it is a banking app, social media network or simply a messaging channel, we need to make sure that we take the steps that are necessary to keep ourselves and data safe. As it has always been, information in the wrong hands can be used against us.
Furthermore, it is not just on individuals to improve. Companies and organizations must commit their efforts to transparency and disclosure regarding how they are storing and using client or users data as well. Perhaps one of more important undertones regarding the “Snappening” and the iCloud celebrity photo leak is that there needs to be a better and louder dialog between service providers and the population they serve about protecting information together.
1 Extra Step
As consumers and creators of content that travels the Internet, it is in our best interest to take one extra step to safeguard our presence online. How this manifests itself will vary for each person. It might be strengthening passwords or encrypting sensitive data. It could be teaching our parents to recognize social engineering scams or illustrating to our children why it’s a bad idea to sext their friends. Whatever the measures, we all need to go a little further to secure the future.