Plugging in means exposing yourself

by Dirk Knemeyer

The widely-circulated story today that Google fired an employee for reviewing the "private" files and information of users, and even harassed a user based on their "private" information might seem shocking, but it's really only illustrating something that those of us in the industry have known for years: anything we say, type or otherwise create that goes thru a pipe or a satellite or an antenna is fully accessible by every touchpoint in the process. It is kind of like being spied on by someone looking thru a peephole: we think it is private and "ours" but in reality we are buck naked for any prying eye to see.

The example in this story is an excellent one, because it really captures the depth of penetration. The offender was accessing the victim's Gmail and Google Voice accounts, thus able to see what they were writing and hear what they were saying. Of course, it doesn't stop there. When they sent email from Gmail on their home Internet, let's pretend it was Comcast cable Internet, Comcast was able to take all of those bits and bytes, too. When the call was made over the, for example, Sprint Cellular network, you've got a whole other infrastructure that data is exposed to. When you further consider that, in some cases, a Sprint has deals with other cellular companies to pick up your calls so you don't drop in certain circumstances, at times even MORE cell companies potentially have your words. What about in cases where servers are being outsourced, where a smaller email provider than Google is the email provider and they are using Indian Server Farm X for storage. The email provider and software infrastructure is one risk point; the physical storage location is another. And the pipes in between still another.

Is your head spinning yet?

Reality: any time you communicate using electronic means what you write/say/do is vulnerable.

Surfing to a porn site? Bzzzzzzzz. That's captured by the ISP, and the browser, and perhaps even servers behind the browser - not to mention the porn site itself - and can be recalled even years later. Bye bye campaign for state representative.

Spouse cheated on you and you are taking your frustration out by cursing them out in brutal, graphic language to your best buddy on IM? Bzzzzzzzz. That's captured by the IM client, likely on a file on your computer you don't know is there, possibly by the ISP, and likely on a file on your best buddy's computer that they don't know is there! There a much greater than zero chance that rant is going to get back to you and embarrass you later. As if getting cheated on isn't embarrassment enough!

The most personal and intimate of moments are only so intimate as the people controlling the servers and software and pipes decide they will be. That veneer of protection is little solace for those who are uncomfortable: we have thousands of years of human history proving our fallibility, our character flaws. So long as humans are the mitigators there will be more stories like this. It probably won't happen to you or me, but increasingly it will happen to people we know in ways large and small. Consider Google's stance on it, from the above article:

"...a limited number of people will always need to access these systems, if we are to operate them properly--which is why we take any breach so seriously," Google's Bill Coughran, senior vice president of engineering

There are three paths we can take:

1. We can unplug, not participate, and minimize our exposure. Hardly practical given the world today, but it is an available and viable option.

2. We can accept that we could surprisingly be exposed completely beyond our control in any possible way at any given moment, embrace it, and conduct ourselves in a way that lets us live with it.

3. The system could be changed - by legislation, or programming, or some sort of third-party security software that reduces or perhaps eliminates our exposure.

With the increasing attention and investment given to security software I rather think this will be the eventual solution. There is lots of money to be made in this space, and it is a problem that will get larger and upset more people the more we shift to being an operationally digital society.

In the meantime I pick #2. I hate for the world to see me naked, but I know it could happen at any damn moment. I'm not really going to change my behaviour, rather acknowledge the risk and let it ride. I suppose it is rather like continuing to drive a car despite the potential of a life-ending accident being just around the next corner. You try not to think about it, and simply join the flow with the rest of society. Here's hoping I stay lucky.

Topics: hardware, culture, predictive, Analysis, Blog, security, google, software