The Future and Its Impact on Your Privacy
No one can predict the future, especially when it comes to computing technology. It is still the fastest-growing field among all industries, with radical changes continually shifting future trends in different directions.
In 1965, Intel cofounder Gordon Moore made a prediction that is still considered the rule of thumb for measuring advances in computer processing speed. Moore’s law says that computer processing speed will double every year in the foreseeable future; he revisited his prediction in 1975 to say it will double every two years (Intel’s predication was that chip performance would double every 18 months). Many experts say that Moore’s law will be in effect until 2020, when it will be impossible for integrated processor circuits to get any smaller.
The impact of Moore’s law seems obvious in our daily lives. The smartphone that fits into your pocket is faster than the supercomputer that filled an entire room in 1982. This rapid development of computing technology makes computing devices more affordable for all end users, and it drives explosive growth for industries that use computing devices to increase productivity and improve client service. In the future, a large portion of computing devices will be Internet of Things (IoT) devices as such devices become more widely used by both individuals and companies. Gartner forecasts that 20.4 billion connected computing devices will be in use worldwide in 2020.
The ultimate purpose of any computing device is to process data and act upon it. Obviously, each of these devices will eventually process and store some sort of data related to its owner. Personal identifying information (PII) and non-PII will need to be transferred across insecure networks such as the Internet and be stored somewhere on an Internet-connected resource. The transferred data will contain different types of information about users, who are being profiled by third parties such as governments, Internet service providers, hackers, and identity thieves. With all this information available and with the advancement of artificial intelligence systems that can process vast volumes of data daily, it will be easy to categorize people according to a set of criteria settled by the entities conducting information gathering online. In short, this is how the digital age we live in is having a radical impact on both our security and our privacy.
This is the last chapter of this book, and obviously a book about digital privacy cannot end without talking about future trends in computing technology and how they will impact our digital lives. In these pages, we will try to foresee the future and explain how emerging technologies will impact the future of security and privacy.
The Future of Computing Technology
Traditional forms of computing devices and stand-alone devices are vanishing slowly; we are moving toward a more cloud-centralized scheme. In this scheme, a user can use a computer with low hardware specifications to remotely access another cloud computer with premium hardware specifications to run programs that require intensive computing resources such as games and digital editing tools.
Originally, the main model of a cloud service was for users to store data on a remote server somewhere on the Internet (cloud storage). However, more models were developed to exploit the benefits of cloud services, mainly by adopting it to reduce IT hardware costs in organizations. For instance, more and more companies are using different cloud service models to reduce IT infrastructure costs and management efforts.
Infrastructure as a service ( IaaS ): In this model, a company uses remote computing resources to perform local work without needing to purchase costly hardware or to worry about backups or the physical/logical security of data.
Platform as a service ( PaaS ): In this model, users access a remote computer where they can find everything to develop applications or to perform their regular IT work. The cloud provider sets the stage for the development by installing the appropriate operating system (OS), programming language, web server, and anything needed to perform the required tasks. Good examples are Windows Azure, Google App Engine, and Apache Stratos.
Software as a service ( SaaS ): In this model, a user will get access to a specific application he or she needs to run in the cloud. For example, a user can have access to the Microsoft Office suite hosted remotely on the cloud to create and edit Office files without needing to install anything locally. Good examples are Google Apps and Microsoft Office 365.
Note
The previous three cloud service models belong to what is called cloud computing.
Many individuals already use cloud storage to back up and store private smartphone data (Android users uses Google Drive, and iPhone users use iCloud), and as Internet speed becomes faster, we can expect to see more users opting to use cloud computing services. Currently, there are many companies that offer paid monthly subscriptions for their users to play games that require intensive computing resources. For example, a gaming laptop with 4GB and a dedicated graphics card and compatible hardware costs at least $1,500, while players can pay $30 a month to use a gaming cloud service and play games on a remote server, with 8GB of a dedicated graphics card. We are seeing more companies shifting their products to the cloud by offering a lightweight interface to their programs to run on end-user machines, while transferring the heavy tasks that require intensive computing resources to run on a remote server; the companies charge users a monthly subscription fee.
The use of cloud services is expected to grow explosively for both end users and companies in the next five years. Gartner forecasts that more than $1 trillion in IT spending will be directly or indirectly affected by a shift to the cloud in the next five years. 1 This widespread adoption will increase the security risks associated with moving sensitive data across the Internet and will raise legal issues about which jurisdiction has the right to request access to this data if your account becomes part of a law enforcement investigation.
We already covered the Internet of Things in Chapter 2. In the future, more computing devices are moving into the fabrics in our clothing and body. In addition, healthcare providers are moving steadily to digitize all their services, so we can expect a tremendous growth in health- and fitness-oriented wearable devices. These devices can collect biometric data about their users, such as heart rate, body temperature, perspiration, oxygen, and even alcohol levels in the bloodstream. Sensitive health data will need to be sent across the Internet using your smartphone or device’s direct connection to a healthcare provider. During the transmission, this data will be susceptible to all types of online threats.
The danger of wearable devices is not limited only to user-specific personal data. For instance, many wearable devices can be configured to connect to other home appliances such as lighting, cooling, and security access control systems to adjust/control it automatically according to a predefined user preference set on the wearable device. If a security breach occurs to such a connected system (usually called an intelligent house), a lot of confidential information could be exposed.
Note
Healthcare cybersecurity spending is expected to exceed $65 billion from 2017 to 2021. 2
The Future of Cryptographic Algorithms
Cyber-attacks are continually evolving and using more sophisticated techniques to crack the most secure systems. In the previous chapter, we discussed popular attacks against classical cryptographic systems. We called them “classical” because they depend on math to achieve their encryption work. As you already know, the main concern when using cryptography systems is to protect the decryption key that is used to decrypt the data to its original state.
There are different countermeasures used to prevent the compromise of the decryption key. However, one particular style of attack you cannot do anything to stop is the harvest-then-decrypt attack. In this type of attack, an attacker will capture encrypted data and then wait until technology advances in the future to decrypt it.
To deter such future attacks, you need to use future cryptography techniques. Quantum cryptography offers a confidential method to exchange secret data between parties communicating through public networks like the Internet. Quantum cryptography is considered the answer to mitigating all attacks against data in transit.
Quantum cryptography uses photons (light particles) to transmit secret data (such as cryptography keys) using suitable medium channels like fiber-optic cables over long distances. The process of exchanging cryptographic keys between communicating entities using this method is called quantum key distribution (QKD) . If an eavesdropper tries to intercept the transmitted information, both the sender and the receiver will detect this action and thus stop using the compromised key to encrypt/decrypt data. In addition, the attacker cannot copy the traffic and save it for later analysis. This effectively makes QKD able to mitigate both risks: detecting any attempt to tap the wire to capture secret information and preventing attackers from capturing transmitted data for future analysis.
Currently, the adoption of QKD technology is still in its early stages. It is used on a limited basis in Europe (especially Switzerland) and the United States. However, once matured, it is expected to be the main method used to secure the transmission of high-value data.
In this section, we covered the quantum cryptographic technique as a primer in the field, but it is worth mentioning another encryption technique that is based on math that can bring additional security to current cryptographic systems. Honey encryption is a type of encryption in which the cryptographic algorithm produces fake data to mislead attackers. For instance, when attackers capture sensitive data, they usually use brute-force software to guess the decryption key or password used to protect the data, so whenever an incorrect key is tried, fake data will be presented to them instead of showing no data or any other indicators that the entered key was wrong. This will effectively mislead attackers by presenting plausible-looking plaintext data.
Innovations continue to create more secure techniques that can offer unhackable data security. Until then, QKD is considered the most secure technique to protect high-value data .
Legal Issues
As you saw, cloud-based solutions are expected to form a large percentage of IT operations in the coming years. Many giant cloud service providers store users’ data in different data centers around the globe. This spread of personal and business data outside a user’s national borders will have a deep impact on user security and privacy.
The main question when you have a cloud account is, whose laws will apply? For example, if a German company is using a cloud computing service based in the United Kingdom, what rules govern the access to this data? Do the UK authorities have the right to access the German company’s data because it is in the United Kingdom? Does the German law protect this company’s data because it is registered in Germany and contains data belonging to German users?
The same question applies to individual users; for example, if a user has a cloud storage account (or e-mail account) with a Swiss company, can the U.S. authorities request his or her data from the Swiss provider?
Another concern when using cloud services is the management of private data. Cloud providers may replicate users’ data on different servers (sometimes for backup and disaster recovery), and some of them offer fault tolerance so that your data is always available in case one server goes down. The problem here ensuring that your data is getting deleted from all those locations. Can you ensure that your cloud provider uses the proper secure data destruction techniques to erase your data when it is no longer needed?
Legal boundaries are vanishing because technical boundaries are vanishing. Data stored and transferred to the cloud can fall under different national regulations. As you already saw in Chapter 1, the Data Protection Directive in the European Union and the regulations issued by the Federal Trade Commission (FTC) in the United States govern how private consumer data will be handled. A cloud service falls under these regulations, and these regulations are continually being updated to keep up with the technical advancements in the computing technology, especially the storage of personal information outside national borders.
Developed countries are working to harmonize their data protection regulations so each country can better secure its citizens’ digital data by making cooperation agreements with foreign countries that regulate access of such data when it is stored outside a user’s own country.
Note
Encrypting data locally before uploading it to the cloud is still a great countermeasure against all cloud threats.
Social Networking Sites and Users’ Privacy
Giant tech companies such as Facebook, Google, Microsoft, and Apple are expected to continue to grow in coming years. Nowadays, it is unlikely to find an Internet user who doesn’t use a service from one of these providers.
Social networking sites in particular collect vast volumes of information about their users to simplify bombarding them with targeted ads; they also get other commercial value from their users’ personal information and browsing habits. Unfortunately, there is no indication that this action will stop soon. Moreover, the continual revelations of mass surveillance programs boost the debates among the public about the importance of protecting users’ civil rights of privacy. Giant tech providers should consider updating their privacy terms to stop recording users’ online habits and then linking the data to each user’s real identity. This practice will remain the greatest danger to user privacy in the foreseeing future. We think social sites can do more to protect user privacy. For example, anonymous data should be gathered wisely and maintained for a limited period. Social sites should declare clearly what data they are collecting and how they are going to use it. It is preferable to give the user an option to opt out from offering additional information that is not related to the service being used. Letting users handle their data in a trusted way will make them more willing to use social sites that most respect their rights of privacy.
Regardless of what companies do, people should get educated about both security and privacy. Children should understand that posting personal information and photos online is a bad habit and can pose real risks for them and their families. Social sites should also consider monitoring users’ posts and deleting inappropriate content instantly, possibly using artificial intelligence techniques, to avoid becoming exploited to promote criminal acts.
We are still at the beginning of the information technology age; people soon will be more IT literate. They will thus be more willing to pressure their governments to legislate the act of harvesting public digital data on a large scale for surveillance purposes. IT equipment vendors can play a crucial role in developing IT infrastructure that promotes privacy by design. On the political side, U.S. tech companies such as Facebook, Google, Microsoft, Apple, and Twitter will continue to dominate the global market share. To increase this share, more services will be offered and tailored specifically to each user’s needs. This will result in acquiring more sensitive data about each user to customize these services.
Policymakers are a long way from understanding future IT trends and their overall impact on society. They will continue to focus on the short-term and on exploiting IT services to acquire more intelligence.
It is unlikely that the United States voluntarily will give up its control of the main Internet backbone (do not forget that most mass surveillance programs deployed globally are operated by the United States). In other words, the fight to maintain Internet users’ security and privacy on a global level is still far from a real implementation despite all the new U.S. and international regulations.
The War on Terror
We live in an unstable world. Today many countries are vanishing slowly (Syria is an example), and the destabilization in many Middle Eastern countries is leading to a vast uncontrolled area that can be exploited to conduct all kinds of criminal activities on a global level. Terrorist organizations are using the Internet to acquire resources (detonations), coordinate attacks, recruit fighters, communicate efficiently with each other, and promote/broadcast their propaganda to the entire world.
Terrorist web sites are also used as a virtual training field, offering tutorials to manufacture bombs, use guns, learn attack tactics, and draw virtual maps of the places they are aiming to attack.
In the future people will find it difficult to balance the trade-off between security needs and personal privacy. Security services will continue to intensify their surveillance activities to harvest more online data to protect national security. Users tend to blame IT companies (such as social sites and other e-mail providers) when they hand over a user’s sensitive data upon request to security services. However, regular folks do not know the hidden battle taking place underground to counter terrorism and protect the prosperity of society.
Terrorist attacks generate increased anxiety among the public. For instance, many surveys conducted after certain terror attacks in the United States and Europe demonstrate that people think the government’s anti-terror policies are not enough to stop such attacks. Public attitudes in relation to privacy and societal security are largely dependent on current context in terms of current threats and attacks. Governments will use this public fear to increase their surveillance activities on both local and foreign citizens.
Summary
A lot of ideas were covered in this book, and the topics of security and privacy are strongly interconnected. In today’s world, the transformation of business from traditional models to a digital one is still in its beginnings. Gartner estimates that by 2018 digitizing business processes will require 50 fewer workers 3 as businesses move steadily to using computerized systems to do their work.
The rapid development of mobile technologies (primarily smartphones and wearable devices) will drive people’s behavior in the future. More people will use mobile computing to access Internet resources, make purchases, and use social networking web sites. Acquiring a suitable education and hands-on training of digital skills is of extreme importance for people and organizations to better utilize technological developments and to mitigate different threats raised by them.
We began this book by talking about government mass surveillance programs. No one is happy to find out that his or her personal information and behaviors have been revealed. However, this should not make you forget the benefits of surveillance in today’s digital age. There is a legitimate reason to conduct surveillance activities. No society can live and prosper without protecting its people and public safety from criminal and terrorist activities. The problem arises when surveillance activities are exploited in the wrong direction. For example, some countries with less freedom like China monitor people’s online activities for political reasons. This kind of surveillance is against basic human rights and cannot be done in developed countries involved in global mass surveillance. In developed countries, the greatest danger to user privacy is from giant companies trying to acquire personal and nonpersonal data of their users to sell for commercial pursuits. It is highly unlikely that government security services will sell, for example, users’ browsing history to advertising companies. Government surveillance is conducted in secret. Without the recent revelations about government mass surveillance programs, few people would be concerned about it at all. As we already said, government surveillance will continue to intensify in the future, and legalizing these activities is still the best countermeasure to avoid taking surveillance in the wrong direction.
From the start, you’ve seen the folly and dangers of cyber-attacks against computing systems. This book provided you with a way to stay private in today’s digital age. We covered a range of techniques and demonstrated how to use reputable tools to enhance your security and privacy and protect your data at rest and in transit. Armed with this knowledge, you should feel confident when going online.
In the ever-changing online world, no one can predict the future. In this book, you learned about common security misconceptions and discovered methods that attackers use to steal your private data. We tried to present this information in plain English so users with varying IT skills can benefit from this book. We showed you who is collecting your personal data and for what reasons, and then we covered everything you need to know to stop this invasion into your privacy. This book offered a practical approach to understanding and mitigating current and future cyber-security threats. No writer can assume that his or her book is the best in the field, but the book in your hands is unique considering all books published about the digital privacy topic to date.
Notes
Gartner, Inc., “Gartner Says by 2020 ‘Cloud Shift’ Will Affect More Than $1 Trillion in IT Spending.” July 20, 2016. https://www.gartner.com/newsroom/id/3384720 .
Maciej Heyman, “Healthcare cybersecurity spending $65 billion, 2017 to 2021.” Cybersecurity Ventures, May 4, 2017. www.military-technologies.net/2017/05/04/healthcare-cybersecurity-spending-65-billion-2017-to-2021/ .
Gartner, Inc., “Gartner Reveals Top Predictions for IT Organizations and Users for 2015 and Beyond.” October 7, 2014. https://www.gartner.com/newsroom/id/2866617 .