Friday, May 25, 2012

Levy vs. Mitnick

When thinking about the security of their data and information, there are two things companies (and individuals) need to consider.  First, they must insure they have the right hardware and software to prevent any leakage.  Second, no matter how much technological protection they think they may have, companies must train their personnel to protect information from social engineers.  Steven Levy, author of "Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age" and Kevin Mitnick, author of "The Art of Deception: Controlling the Human Element of Security" discuss these topics but in very different ways.  

While both authors are concerned for the security of data and information, Mitnick focuses strictly on the human element while Levy focuses of the software/hardware element.  Not only do they differ in content, but the authors also differ in writing style.  Levy writes his book like a historical documentary.  Chapter one starts out in the late 1960s discussing Whit Diffy's life and rise in the crypto field.  Levy describes the history of cryptography through the lives of key players in the field.  Each chapter builds from the next and almost reads like a suspense, leaving the reader wondering what will be the next twist in the fight for privacy.   Levy's audience seems to be anybody who is interested in crypto and the history of.

Mitnick's book, on the other hand, reads more like a training manual and best practices.  His audience is corporate executives and business owners. In chapter one he writes, "The purpose of this book is to help you understand how you, your coworkers, and others in your company are being manipulated" by hostile social engineers.  Mitnick believes it's the non-technical methods that intruders use to steal information from unknowing employees that should be a focus (and is often forgotten) when considering information security.  Instead of reading like a narrative, live Levy, Mitnick relays his ideas through short stories covering different topics/methods.  He tries to give his reader the perspective of the victim of a social engineer.  In his stories, Mitnick allows his audience to "put [themselves] in their shoes and gauge how you yourself (or maybe on of your employees or coworkers) might have responded" (Ch. 1).  This is a very effective writing style and allows the reader to really become engaged in the stories and forcing "what if" scenarios to wander through the reader's mind.

After each story, Mitnick does a recap or what he calls "analyzing the con".  I also feel this is effective because he is able to break down the scenario for the reader perhaps pointing out key elements that could have been prevented had the victim been better trained or aware of social engineer tactics.



Overall, both books are very well written and both styles serve the purpose of the author very well. In terms of how quickly the author gets his message across and readability, I feel Mitnick does a better job.

Wednesday, May 16, 2012

Final Paper Introduction

Below you will find the Introduction to my final paper with the working title "Cloud Computing: It is here, but is it ready?"  Please comment and make suggestions.


Unless you have literally been stuck in the clouds the past few years, there is little chance you have not heard of the term "cloud computing".  Although very much still in its infancy, cloud computing has boomed into a very lucrative market in recent years.  Offering a multiple of services and products in both the public and private sectors, the cloud computing market, according to Forrester Research, brought in around $41 billion in 2011.  It is estimated that number will be over $240 billion in the next decade (Valentino-DeVries, 2011) If you have not already embraced the cloud computing wave, get ready because it looks like it may be the wave of the future.

The term cloud computing has come to mean, generally speaking, an “arrangement under which users store their data on remote servers under the control of other parties, and rely on software applications stored and perhaps executed elsewhere, rather than on their own computers”. (Svantesson, 2010)  The benefits of adopting cloud computing for personal or commercial use are quite substantial.  Among them, as P.G. Dorey and A. Leite point out in “Cloud computing-- A security problem or solution?”, are “cost reduction, improved provisioning and access to resources beyond that which would normally be possible in a private environment”. (2011) A user is able to access data and services stored in the cloud from any location with any computer with access to the Internet.  Sounds like a dream, right?  

On the surface, cloud computing may seem like a no brainer for anybody who ever yearned for more processor speed, data storage or hardware but did not want to pay or have the mountain of money required to purchase such technology.  As users give cloud service providers more and more control over the things that were normally controlled at the personal level (i.e. data storage), users will have less options available to them to ensure their data is secure. Some might think, as Gary Anthes points out in his piece, “Security in the Cloud”, entrusting security needs to cloud service providers is a good idea because they are thought of as experts and highly skilled at dealing with security issues. (2011)  However, such trust could be a mistake.  Cloud computing has grown with such speed and breadth that its security and privacy controls have failed to keep up leaving consumers at more risk than they are aware of.

Saturday, May 12, 2012

Encryption. What is it good for?

I must admit that I have thought very little about data encryption and securing my electronic mail until reading "Crypto: How the Code Rebels Beat the Government--Saving Privacy in the Digital Age" by Steven Levy.  It seems obvious that big business and government agencies would have a strong desire to want to secure their data and communications.  I am pretty certain that the Kelloggs company does not want the recipe to their Famous Amos cookies to be stolen by some hi-tech hacker.  So they secure their network and data.  For sure the Government must secure its data and communications or risk giving away the nation's most importnat secrets.  So, why would a private citizen, somebody who doesn't have top secret recipes or national security information to hide, need or want to use encryption?

After reading from Levy, I believe a better question would be, why wouldn't a private citizen want encryption?  Currently, when I send an email from my google account, it is not secure.  This means that my ISP has access to that email, not to mention the dozens of computers the message passes through on its way to its final destination.  At each of those computers, it is possible to make a copy of that email to be scanned later.  There are programs that can scan thousands upon thousands of emails a day looking for certain words, social security numbers or credit card numbers.  A good way to think of encryption is like an envelope for a written letter.  You probably wouldn't send that letter without first sticking it in an envelope and sealing it. Why?  Because you don't want anybody to be able to read it's contents.  So why wouldn't you do the same with your email?

I guess you might say to yourself, "well I do not really have that much to hide so why would anybody want to sort through all the emails I write?"  That is true.  Your correspondence to your friend about what a great time you had on your vacation seems pretty innocent.  You tell her all about the restaurants you went to and the tours you went on.  Then you mention briefly how you stayed out a bit too late one night at the local pub and maybe had a bit too much too drink.  Just like the teacher who posted a photo of herself with a beer in here hand on Facebook, she also thought that her posting was private and could do her no harm.  After the photo was leaked, she lost her job.  Do you want to take that risk?   So, just like you buy that extra insurance for that expensive new Iphone you purchased, using encryption is the piece of mind knowing that all of your data is secure from prying eyes and you are safe from any unintended consequences.


Reference: http://actionamerica.org/privacy/encrypt.html

Monday, May 7, 2012

Judge says Facebook’s Like button is not free speech | Marketplace from American Public Media

I thought this article was relavent to what Lori Andrews discusses in her book, "I Know Who You Are and I Saw What You Did."  Very interesting question.  Should hitting the like button on Facebook be protected as free speech under the 1st Amendment?  Is the person expressing an opinion by doing so?  This is another great example of how what was thought to be a seemingly simple, private act carried out on a social network has come back to hurt someone.  Check it out.


Judge says Facebook’s Like button is not free speech | Marketplace from American Public Media

Saturday, May 5, 2012

Out to Lunch

After finally landing my first teaching job at the local high school where I will be teaching Information Technology and Social Studies, my fabulous new principal (Mrs. M) took me by surprise when she asked me to lunch one afternoon.  We drove out to the local diner and over a burger and fries we discussed the new job and how I was adjusting.  After awhile, the topic turned to the Internet and Mrs. M started to express concerns with her security and privacy as she was new to the online experience.  She inquired what, if anything, she should be looking out for in those regards.

I told her that she was right to feel concern about online security and privacy.  The Internet has exploded onto society and into our lives so quickly that laws dealing with privacy and security on the Internet have not kept up (and current laws do not apply or are too narrowly written to cover all).  There are also consequences that are not fully understood yet regarding certain operating dynamics of the Internet.

First and foremost, I told her, is that she needs to be aware that everything she types and posts on the Internet is being watched or recorded by somebody.  Always be very cautious about what information you are posting about yourself.  I warned her that leaks from what people had posted on sites like Facebook have led to divorce, being fired, prevention from getting a job or admission into college (Andrews, Ch. 9).  I told Mrs. M the sad story about Ashley Payne that Lori Andrews relays in her book "I Know Who You Are and I Saw What You Did".  Ashley, a teacher, had posted some pictures of her at the famous Guinness brewery in Ireland on her Facebook page.  Even though her settings were set to private so only her friends could see them, her principle forced her to resign after receiving an anonymous email from a concerned "parent".  Many institutions including schools, credit card companies and employers use information from social networking sites to make decisions about people and most of these institutions, including the courts, consider social networks to be public spaces, not private ones.  Meaning what you post online can be used against you.  (Andrews, Ch. 9) Then, I gave her my copy of Andrews' book and told her to read it.

I didn't get much into the topic of data mining and behavioral advertising that most Internet sites are practicing now but I did want to make her aware of what Eli Pariser, in his book "The Filter Bubble: What the Internet is Hiding From You",  calls the "filter bubble".  The great thing about the Internet is that most of the services provided are for free.  For example, Google provides it's search services for free just like Facebook provides it social networking services for free.  However, I informed Mrs. M, there is a hidden cost.  The cost is information about you.  I explained to her that sites like Google use the data that users type to create an Internet universe designed specifically for each individual user.  Google remembers what you have searched for (and clicked on)  in the past to bring back search results they think are more relevant to you.  If I searched for the same thing, I would get a completely different list of results.  News aggregators like the Huffingtonpost.com even attempt to curate the news to what they think a users interests are.  Although personalization seems good, taken to its extreme, it can get pretty ugly.  I explained to Mrs. M what Pariser said in his book, "a world constructed from the familiar is a world in which there's nothing to learn.  If personalization is too acute, it could prevent us from coming into contact with the mind-blowing, preconception-shattering experiences and ideas that change how we think about the world and ourselves". (Intro)  That is pretty powerful.  So until the powers that shape the Internet decide something different, I told Mrs. M to be aware of the "filter bubble" and to intentionally make sure she clicks on and reads a wide array of topics and subjects so she does not limit herself to what she is exposed to on the Internet.  Then, I gave her my cope of Pariser's book and told her to read it.

Saturday, April 21, 2012

Andrews vs. Pariser

In The Filter Bubble: What the Internet is Hiding from You, Eli Pariser argues the recent push for a more personalized Internet may not necessarily be in the best interest of Internet users, society or the Internet.  Similar to Lori Andrews' book I Know Who You Are and I Saw What You Did, Pariser attempts to warn his reader about the hidden aspects of the Internet.  The perspective of each author is very strong and convincing, however, they do differ in the focus and breadth of their argument.

Andrews' main goal is to develop a Social Networking Constitution.  She relays story after story and lays out case after case about how social networks are getting away with stealing your information and not protecting your privacy.  I feel her main approach is to scare her reader into taking action.  She has a lot of examples about how a Social Network could be used for opportunistic reasons not only by the site itself but also by its users.  Although she mainly argues about the ills of Social Networking, the topic does allow her to touch on what she see are the more broader issues with Internet security as a whole.  Her arguments are sound and her examples are enlightening, however, I feel her approach is too “doomsday-esk”.  

Pariser, on the other hand, focuses on the personalization of the Internet creating what he calls the “filter bubble”.  His main focus is to point out web giants like Google, Facebook, Apple and Microsoft are in a race to gain as much information about you as possible in order for them to gain as much money as possible. (Intro)  In the meantime, those same companies are creating an Internet that defeats its original purpose; to make available information and opportunities to the masses.  The “filter bubble”, created by using algorithms to produce ads and information which are most similar to what we have looked in the past, “fundamentally alters the way we encounter ideas and information”, argues Pariser. (Intro)  Pariser’s main point is that the Internet is being changed by companies who are in a personal data race and as consumers we are sacrificing what makes the Internet great; openness and freedom.  

The perspective Pariser argues, I feel, is of a much greater concern than that of Andrews when it comes to the future students I will teach.  From the standpoint of necessity, social networks are not as important as the sanctity of the Internet as a whole.  With social networking, a user can always choose to post or not to post, to connect or not to connect.  The user has power, all be it limited, to decide what he or she will or will not share with the rest of the world or to even have an account on a social site or not.  However, with what Pariser calls the filter bubble, there is no choice at all at this point.  He rightly points out with the filter bubble you are alone in it, it is invisible and you do not choose to enter the bubble.  (Intro)  To me, that is more scary than any of the examples and cases Andrews points out.  For my students, I would rather them have the ability to be exposed to the entire Internet and not just the one that was personalized just for them, limiting the information and experiences they are exposed to.

Friday, April 13, 2012

The Social Network Constitution

In her book, "I Know Who You are and I Saw What You Did", Lori Andrews outlines the need for a Social Network Constitution.  Throughout the book, Andrews relays stories about how users of social networks (and the Internet in general) have had their rights trampled on due to the lack of protections.  She argues for a viable way to protect the digital self that is becoming more and more prominent as the use of the Internet grows.  Andrews encapsulates these protections in what she calls the Social Network Constitution.

After reading through many of the examples of individual rights being abused (Harriton High School case in chapter 8), individuals getting away with questionable behavior on websites (Melchert-Dinkel case in chapter 7), and websites using questionable means(craigslist.org in chapter 7) to discriminate against a particular group, it is easy to see there needs to be a better way to preserve the freedoms that living in a free society allows even in the digital world.  Andrews' idea of a Social Network Constitution is a very reasonable solution to what has amounted mass confusion and inconsistencies when it comes to digital protections.  Andrews understands that there is a fine balance between privacy rights and freedom of expression.  I agree when she states that the right to free speech and freedom of expression should not be infringed upon unless the speech incites serious, imminent harm or defames a private individual.  Just like someone can't yell "FIRE!" in a crowded theater, nor should someone be able to convince somebody to commit suicide in a chat room and get away with it (like the Melchert-Dinkel case) just because of physicality.

As a teacher, I feel the most important element of the Social Network Constitution proposed by Andrews is the Right to Connect.  Today, more than ever, being able to gain access to the vast amount of information on the Internet is critical for "individual growth, political discourse, and social interchange".  I know it wasn't that long ago when email was not a communication option, but could you imagine not having email today?  Can you imagine being cut off from a digital world where knowledge about anything is just a click away?  As a teacher, not having access to that vast world of resources and tools would greatly hinder my ability to do my job effectively.  That's why I think it is critical to include wording like no government shall abridge the right to connect, nor shall a government monitor exchanges over the internet or code them as to sources or content."

For students, who seem to share information, especially about themselves, more freely and without fear of consequence on the Internet, I believe it is inevitable to protect the right to Control One's Image.  Although Andrews list them as separate rights, I feel the right to Control One's Image encompasses the right to Privacy of Thoughts, Emotions and Sentiments and Place and Information..  Everyone, needs to feel like the information they share online is not going to be used without their knowledge or prior consent.  I agree that social networks should be considered private places and just like someone can not come into your home and take things to use against you without a warrant, the same should apply to data shared on social networks.  Andrews discusses (and there are many other examples found with a quick Google search) several cases where employees, including teachers, have been dismissed for items they shared on a social network which were thought to be private.  Andrews points out in chapter nine that "leaks in social network information has led to people divorcing, being fired, being denied admission to college, and committing suicide."  Andrews goes on to point out that many admission offices will look at an applicant's social site account and 38% of the time it reflects negatively on the candidate.  Even a third of employers, according to a CareerBuilder study said they would hire someone who has photos with a drink in their hand or dressed provocatively. (Ch. 9)  With that in mind, students need to be more aware of the consequences of sharing and posting online in a world where social networks are NOT considered private.  More importantly, to protect students and their future, it is inevitable to establish a set of rules where individuals are free to share online without the worry of what they post will be used adversely against them in the future.