Your Right to Privacy and How to Protect Yourself
We’re in the midst of an unprecedented battle for our privacy that's amplified by the rapid growth of the digital age of information. We are on our laptops, smartphones and devices a majority of our day, and technology criminals are well aware. We are subject to attacks that didn’t exist 5-10 years ago and quite frankly, we are very vulnerable.
Botnet DDoS (distributed denial-of-service) attacks, like the one that targeted the West Coast most recently, and the ever-powerful Mirai malware that infected Internet service providers, are examples of threats to our privacy. Beyond malicious attacks by technology criminals, some believe our very own government may be infringing upon our rights. Let’s take a deeper look at some of these privacy issues and identify ways that you can protect yourself on your smartphone.
There are two different kinds of malicious technologies that have ultimately lead to an expansion of the government’s powers to search our media. The first is the botnets as mentioned before. Botnets are multiple networked computers that become infected (sometimes called “zombie computers”) and forward viruses on to other connected computers. The Mirai malware and more recently the unnamed botnet affecting the West Coast are extremely powerful botnets. Their capabilities are far-reaching, and the botnets can infect millions of systems and devices. Because both are DDoS, they prevent people from accessing Internet service, websites or playing games on gaming platforms. This is a significant breach of our privacy.
The second type is anonymizing technology like Tor. This network enables anonymous communication between dark web visitors, making it incredibly difficult to detect involved parties. In the case of Operation Pacifier, hundreds of users of the child pornography site, Playpen, were identified and arrested. This was another controversial case as many people believed the FBI was abusing criminal procedure in obtaining evidence. These types of cyber attacks are becoming more and more common, and its powers to invade our privacy are expanding.
Evolving legislation in response to cyber attacks
In an attempt to address increased criminal activity using technology like botnets and Tor, the Supreme Court approved an amendment to Rule 41(b) earlier this year.
Prior to the approved amendment, Rule 41(b) authorized search warrants for property located outside the judge’s 5 districts in 4 scenarios. The rule read as follows:
At present, Rule 41(b) authorizes search warrants for property located outside the judge’s 5 district in only four situations: (1) for property in the district that might be removed before execution of the warrant; (2) for tracking devices installed in the district, which may be monitored outside the district; (3) for investigations of domestic or international terrorism; and (4) for property located in a U.S. territory or a U.S. diplomatic or consular mission.
The amendment to Rule 41(b) allows for a judge to issue an all-encompassing warrant to search electronic media in or outside of the district the information is stored in IF anonymizing technology concealed the location of such media or IF the infiltrated media (hacked phones, computers, etc.) is in 5 or more districts. You can find the amendment here on page 25.
The amendment’s proposal was adopted on April 28, 2016, by the Supreme Court of the U.S. and went into effect on Thursday, December 1, sparking widespread controversy. Members of the Senate in opposition, as well as the general public, were fearful of the implications of such an expansion of power.
Assistant Attorney General Leslie R. Caldwell of the criminal division dispels many of these fears in her blog post on the U.S. Department of Justice website. If you are interested in reading a summary of the facts involved in the new amendment, you can download this “Summary Of The Report Of The Judicial Conference Committee On Rules Of Practice And Procedure” here.
How can we protect ourselves?
The larger issue at hand is our vulnerability, as digital participants, to the technological criminals of the world. They are after our financial data, our personal information and our sense of security and privacy. Our laptops, computers and tablets are everyday necessities. Our smartphones are an extension of us. We store our information and trust (for the most part) that it will be safe and sound within our device. Though some of us are more attune to the realities of hacking, others need still need to be forewarned. We must take proper precautions to ensure our personal information is secure, especially on our smartphones - the devices that typically hold the most information about us. While there are no guarantees that our information will be hack-immune, there are measures we can take to protect ourselves.
The Federal Trade Commission urges users of mobile apps and smartphones to think about a few key considerations before downloading apps. The government agency wants users to consider how apps are paid for, what information they access from your device and who sees that information. This FTC website informs readers about all things mobile apps and addresses matters of privacy as well. Additionally, it is good practice to use your smartphone settings to protect your privacy by limiting the amount of access an app has in the settings. Close or log off apps when you aren’t using them, especially shopping or banking apps. When there is a new update, update the app; many times it could protect your information from the latest malware. As for an app accessing your information, the FTC recommends you consider what you know about who created it and the developer of the app.
That’s where we come in. As a mobile app development consultancy, we believe our clients deserve the utmost quality apps and with that comes a promise of security and privacy. We take extra precautions to ensure that the personal information of the users of our apps is secure. Good security practices will ensure that the user is properly authenticated within the app and that the user’s data is protected both in transit and at rest. While measures are taken to keep the user’s data safe, we recommend limiting overall exposure by reducing or eliminating the amount of data being persisted or transmitted whenever possible. In addition to identifying and implementing a sound plan, a well-rounded strategy will involve regular audits by a third-party that specializes in security certifications such as Symantec or VeriSign. Beyond a detail-oriented approach to security, we have a specific protocol that goes into building each of our apps to protect the client’s information as well as the users.
Ultimately, we are living in a time where privacy is becoming more of a luxury than a right. It has been suggested that privacy will be monetized in the future and that only the wealthy will be able to enjoy any true privacy, as only they will be able to afford it. It’s a scary thought! Certainly, our ever-changing digital atmosphere is challenging our definition of privacy and what our rights to privacy truly entail. As technology criminals continue to develop new ways to invade our privacy, our legislation will need to adapt in ways that both protect us, but don't infringe on our rights. We as software engineers will also need to employ new ways of protecting our clients and their users.
This blog was originally written for the stable|kernel blog, you can find more from Alexandra and stable|kernel here