Security, Privacy & The Democratization Of Data

Data gathering and profiling capabilities that today are only available to nation states will eventually be at the disposal of everyone. What then?

Martin Lee, Technical Lead of Security Research & EMEA Lead, Cisco Talos

December 30, 2013

4 Min Read
(Source: <a href="http://visibleearth.nasa.gov/view.php?id=78349"target="new">Norman Kuring, NASA/GSFC/Suomi NPP</a>)

Fifty-one years ago President Kennedy shocked the world when he revealed reconnaissance photos of Soviet missile launch sites in Cuba. Today, I can browse satellite images of the same locations from the comfort of my sofa on Google Earth. This once top secret capability has become democratized and available to all. At some point, today's top secret technology will also be accessible from your sofa.

In the same way that few people use Google Earth to search for Cuban missile bases, the average citizen is unlikely to be concerned with identifying enemies of the state. However, the digital, networked world makes it increasingly difficult for us to keep track of the trustworthiness of people that we may need to rely on. This human need to know someone's reputation is very relevant in a networked world, in which we may never meet our closest collaborators, and may provide a strong impetus to drive the creation of a democratized data gathering system.

In retrospect, the forces that drove the democratization of satellite imagery are clear: the development of digital camera technology, the development of privatized satellite launches, and the development of the Internet to deliver images to users.

Democratizing forces are still acting to make information available that is currently restricted to government agencies. Satellite navigation systems were once available only to deliver high explosives with high accuracy. Now they are to be found in almost every phone, delivering people with high accuracy to unfamiliar addresses. Similarly databases were once costly systems running on costly hardware available only to clients with the deepest pockets. Now, open source database software can be downloaded by anyone and run on the cheapest low-end desktop.

With some thought we can discern some of the long-term forces that are currently in play.

  • Data storage costs are decreasing year on year, allowing us to store quantities of data that were previously unthinkable.

  • Tools are becoming available that can store and make sense of these increasing amounts of data, such as Hadoop and Splunk.

  • As the Internet continues to develop, more information will become publically available for analysis, and the resulting analyses will be freely shared. Hence, the data gathering, analysis and storage abilities that previously required dedicated government ministries and major investments in hardware, will step-by-step become available to all.

Who do you trust?
In our ancestors’ villages everyone knew everyone else. The whole village knew who was trustworthy and who was not, who was skillful and who was not. If you needed someone to help you with a task, you knew who to turn to. As digital technology shrinks the world to make a global village, keeping track of others' reputation becomes tricky. With so many people to keep track of, the task becomes too much for our human capacities. Yet to collaborate in a digital world we need to be able to judge if we can trust a potential collaborator -- even if we will never physically meet them.

As governments implement systems to keep track of individuals to estimate if they are a risk to national security, we can envisage how this technology will become democratized. We can imagine systems that keep track of others' reputation to determine if they pose a risk to us through violence or fraud, if they are likely to assist us to help us achieve our goals, or if we are likely to be able to help them achieve their goals.

In a similar way as our ancestors' reputation spread within their villages, our digital reputations will be known to all. A reputation is likely to encompass the knowledge that we hold, our past deeds, the reputation of those with whom we keep company, and the opinions that others hold of us. Comprehensibly gathering such information and keeping the data accurate is within the reach of nation states, and before too long will be within the reach of private citizens.

We can already see antecedents of such functionality in the like button of Facebook, the recommendation system of Linkedin, or the crowd-sourced recommendations supplied by TripAdvisor. Our peers are able to show their approval or disapproval of our actions and display their judgements of us for others to see. We may choose to keep certain aspects of our life private, but we cannot keep private our public deeds and achievements, nor can we keep private the opinions that others may hold of us.

The changes brought by technology create many challenges for society and our individual need to manage our relationships with others. Conversely, the lack of knowledge about an individual's reputation exposes us to danger, such as fraud or engaging in personal or professional relationships that might do us harm.

The good news is that just as technology exposes us to these problems, it can also bring solutions. Governments are investing in vast data-gathering systems to identify individuals who pose a risk to society. The march of technology suggests that these systems that only governments possess today will be available to all of us in the future. In a global, digital village, reputation, integrity, and honor will be everything. As we begin the new year, it’s time to ensure that our digital reputation reflects upon us well.

Martin Lee is the technical lead for Cisco’s  Threat Research, Analysis, and Communications (TRAC) Team.

About the Author

Martin Lee

Technical Lead of Security Research & EMEA Lead, Cisco Talos

Martin Lee is Technical Lead of Security Research, and EMEA Lead for Talos, Cisco's threat intelligence and research organization. He seeks to improve the resilience of the Internet and awareness of current threats through researching system vulnerabilities and changes in the threat landscape. He has published widely on cyber security issues, and advises many organizations on the techniques used by criminals to subvert networked systems.

Martin started his career researching the genetics of human viruses, but soon switched paths to follow a career in IT. With 20 years of experience within the security industry, he is CISSP certified, a Chartered Engineer, and holds degrees from the universities of Bristol, Cambridge, Paris-Sud and Oxford. He lives in Oxford and when he isn’t in front of a computer is often to be found running through the countryside.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights