Our Naked Data: The Ease of Communicating on Modern Networks Has Meant a Rise in Data Vulnerability. A Security Specialist Outlines the Steps That the IT Industry Should Take to Protect Consumers from Data Attacks-And Itself from Reactionary Regulators

Article excerpt

Many of us find ourselves with multiple gadgets--in our pockets, our homes, our cars, our offices--and these gadgets are increasingly built to talk to each other, often automatically and invisibly. Camera phones upload straight to the Web and connect through WiFi and Bluetooth to unseen computer networks; the printer next to your desk can suddenly start printing out documents sent from a branch office on the other side of the world, and our cars automatically pull down information from the sky on the latest traffic and weather conditions.

A 2010 survey by Unisys Corporation showed that most Americans are largely unaware of the threat posed by data vulnerability. For instance, while a majority (73%) of Americans said they regularly update the computer virus detection software on their home computers, only a minority (37%) said they updated their cell phone passwords regularly, and nearly the same portion (36%) do not update mobile passwords at all.

Even common documents (licenses, passports, payment cards) that we carry around with us contain RFID chips. All these sensors and transmitters are constantly busy, silently collecting and giving away our personal information to other devices, often without our knowledge. Every time such information is transmitted and received, there is a very real risk that the data may be intercepted by people other than those for whom it was originally intended, and tampered with or abused for criminal, terrorist, or other purposes.

[ILLUSTRATION OMITTED]

Scientists actually may be more at risk than the average population, especially those in academic circles. For all the theoretical discussion of computer security, those inside the academic environment often do not take real security issues as seriously as do those in the business world. This indifference puts researchers at risk with regard to their data, especially those who are involved in research with potential commercial applications.

Scientists working on politically controversial or emotionally charged projects have also famously found themselves targets for security attacks: In 2010, the e-mail accounts of climate researchers from East Anglia University were hacked by conservative activists, who then attempted to use private messages to discredit the researchers academically and professionally. The researchers were subsequently cleared of any wrongdoing or impropriety, but their exoneration received much less public attention than the initial scandal.

The Global Positioning System And the Risk of Convenience

Numerous types of sensors were designed for our convenience, usually not with security in mind. By the end of 2010, almost 80% of cell phones had a built-in global positioning system (GPS) device, according to iSuppli. That's up from about 50% in 2009. These devices can be used to send information on the user's whereabouts to another place. For the most part, we see such technology as a welcome innovation, helping us find the nearest coffee shop when we are in a strange city, for example, or discover which of our friends is close at hand, thanks to social media applications.

We may have the option of allowing such information to be transmitted or of blocking it when we first start to use the application, but there are other ways of tracking phones (and people) without our consent or knowledge. The phone network is not the only system that provides information on our whereabouts; many digital cameras now also include GPS receivers, permitting the automatic geotagging of photos--i.e., instantly identifying the photographer's real-time location. Most modern cars are equipped with satellite navigation systems, which also transmit location information.

Back Doors, RFIDs, and Hidden Vulnerabilities

Our computer systems at home and at work are obvious security targets, but the existence of "back doors"--methods for bypassing normal authentication--may not be that obvious. …