“It seems to me, Golan, that the advance of civilization is nothing but
an exercise in the limiting of privacy.”
from “Foundation’s Edge” by Isaac Asimov
Welcome to the Naked Society, where “privacy” is more a figure of speech than a reality. Where you’re on surveillance camera an average of 10 times per day. Where just about any kid with a computer and some time is trying to sniff, phish and pharm for your personal information. Where email hacking tips and tricks are shared freely on the world wide web. Where your identity can be bought by the highest bidder. Where we impetuously broadcast our personal information across social media networks. Welcome to the Fishbowl.
With remnants of a dream still flashing behind closed eyelids I reach for my BlackBerry and power it on. It’s an extension of me, like a fifth limb with a brain, it fills in where I leave off. I yawn, stretch, prop myself up in bed and enter my device password. And it’s just like unlocking the door to my home. My email Inbox alone is a treasure chest of precious data.
I enter my Inbox and brace myself for an exciting 20 mins of dodging virtual threats. Like a seasoned veteran I need only glance at the subject to distinguish authentic emails from the phishing emails that will try to lure out some personal information from me. Like my email password. Or credit card number.
“God loves a cheerful giver!”
“Warning Notification from PayPal”
“REQUESTING YOUR PROMPT REPLY”
With a couple swift keystrokes I banish them to trash.
Cybercrime. It’s an epidemic of global proportions, and yet many people are still unfamiliar with this term. The US Department of Justice generally categorizes Cybercrime in three ways: a) a crime where the computer was a target (eg. spreading viruses); b) a crime where the computer was a weapon (eg. auction fraud), and; c) a crime where the computer was an accessory (eg. to store child pornography). Cybercrime is a vast global industry, believed to have exceeded illegal drug trafficking as a felonious moneymaker. ‘Believed’ because it’s difficult to prove. For one, Cybercriminals don’t file tax returns showing their profits. Secondly, many people don’t even know that they’ve been victimized. And lastly, sadly, others still don’t report it.
Cybercriminals easily transcend time and space without much risk beyond carpal tunnel syndrome. They reach across the internet with invisible hands, hacking into your email or Facebook account, phishing for your personal information, sniffing for valuable data, infecting your computers with viruses and malware, installing malicious bots, impersonating you and spamming your contacts with probing emails.
A new email comes in, the subject a sequence of scrambled characters. I open it and am prompted “Decrypt message?” I select Yes. “This is D-day!” the subject proclaims, appearing from a string of letter, numbers and symbols, as if by magic. Preceding the message are three little words that immediately put me at ease.
[Secured with eCrypt]
‘Because it’s none of your business’ I think to myself and smile. It’s an email from my brother. He’s leaving to travel Europe tonight and is very excited. He asked me to stop by his place and water his plants while he’s away. He’ll be gone for two whole months, lucky son of a bitch.
Some still don’t see the link between Privacy and Cybercrime. That’s not so surprising. Somewhere along the line we got conned into believing that in order to be safe and secure as individuals, we had to give up our privacy and control. Indeed, seeking privacy is often misconstrued as a desire to hide something.
Once upon a time, cryptography was a regular and accepted part of existence. Edgar Allan Poe and Leonardo Da Vinci infused their art with secret messages. Da Vinci invented mechanisms for keeping messages private from their carriers. Hebrew scribes encoded religious writings, Ceasar used it to obscure government communications, and in Mesopotamia it was used to preserve formulas. The Kama Sutra lists cryptography as the 44th and 45th of the 64 arts that men and women should know and practice. For thousands of years, cryptography, the art and science of crypto- (secret) -graphy (writing) was celebrated.
The taboo surrounding crypto seems to be a new age invention. Our collective consciousness swaying from appreciation and curiosity to fear and skepticism. We’re getting mixed messages: on the one hand there are people lurking who will willingly exploit us if we give them a chance; on the other hand we’re being forced into a naked society, with cameras on street corners, monitoring of online communities, and laws that imprison people for refusing to give up their decryption keys. There’s a stigma attached to it, like a large mole on a pretty face. It’s complex, heavily regulated, authorities don’t like us using it, and it’s involved in many high profile news items. The personal use of encryption is deemed suspicious, approved of only to secure “confidential” documents or “sensitive” communications.
But in personal communications, are “confidential” and “sensitive” not largely ambiguous? I, for example, consider all my communications sensitive. Much can be learned about me, my routine, and my family, from reading nothing more than casual emails. And much can be done with that knowledge. If the email trail between me and my brother wasn’t encrypted, what knowledge could an eavesdropper gain from it? What other information could gaining that information lead to? How could this information be used against him? Against me?
I reply to my brother letting him know I’d be happy to help keep his plants alive in his absence. I click send. There’s a slight pause and the email goes out, the subject again a sequence of scrambled characters as it’s encrypted. Thank you eCrypt, my favorite little app. I close my inbox and see the little ‘e’ icon there on my BlackBerry home screen. Like a good little soldier, in line with all the others. So unassuming, and yet so powerful.
Albert Einstein said that “Imagination is more important than knowledge. For while knowledge defines all we currently know and understand, imagination points to all we might yet discover and create.” We may regard hackers, these pioneers of Cybercrime, as scoundrels, hooligans. But many could be considered artists. Bright, resourceful, talented, misdirected lateral thinkers.
Not all Cybercrime is aggressive. Not all culprits rely on Brute Force to extract your personal information, like traditional hacking of trial and error, overpowering defenses through relentless repetition. Much of Cybercrime is passive, “hands off” if you will, allowing targets to assist in the effort. More frequently violators use Social Engineering – manipulation of victims into divulging personal information – like phishing, pretexting and baiting.
A little bit of creative research can go a long way in the Cybercrime game.
Thieves – robbers – rifle through garbage cans for discarded receipts and copies of invoices or statements, personal letters, photographs, anything they can use to exploit you. Now they also rifle through the internet and your email mailbox for juicy tid-bits that, like puzzle pieces, reveal a picture of You. Do you know that if you share something on the internet, it’s there indefinitely? What information are you leaving on the net for them to grab? What have you ever posted on an online forum? What kind of pictures have you ever posted or been tagged in on Facebook? Do you disclose your real birthday when signing up for online communities? What do you talk about with your friends via email? What about your business contacts? Your partner? If I hacked your email today, what could I learn about you and your business?
Social Networking sites are a smorgasbord for Cybercriminals. It’s a depository for seemingly trivial information that should be safeguarded. Like a toddler that plays hide-and-seek by covering his eyes, most social network users naively think that because they can’t see the culprits, because they don’t knowingly admit them into their circle of online friends, that they are safe. That because they change their profile privacy setting to “friends only” that unwanted viewers will not be able to gain access to it. As Sarah Palin learned so publicly, any information about you that comes in contact with the internet, can potentially aid offenders in gaining access to things like your email account, with little effort, and zero hacking skill required.
Brad Lever, President of eCrypt once said that “the most dangerous person is the one who assumes he is secure”.
Putting down my BlackBerry and dragging myself from under the sheets I recall a conversation I witnessed last week. Brad was speaking with a group interested in eCrypt email encryption software for use on their BlackBerry smartphones. They asked how it was going to make their devices more secure.
“Right now, my BlackBerry is secure” said one gentleman.
“May I ask what security you use?” inquired Brad.
“I don’t know but I am sure I have it. I have someone who looks after that.” he replied.
“So, you are speaking theoretically?” Brad asked.
“No, it’s not theoretical, I am sure I have security. Someone else takes care of it and I am sure it’s updated all the time.”
Ah. There it is. Someone else is taking care of it, therefore it must be secure. I wonder if the hundreds of LifeLock’s users who lost their identity thought the same of the identity protection service that LifeLock advertised was the only that could “…prevent Identity Theft. Guaranteed.”
As much as Cybercriminals prey on victims, there is also a special breed of service providers who exploit users in their own right, making claims of “security” and “privacy” while offering neither. Hushmail, DataLocking, BeStealth… all offering services that were to ensure that users’ private communications remain private.
Except with Hushmail “…there is no guarantee that we will not be compelled…to treat a user named in a court order differently, and compromise that user’s privacy.” Pray tell, I wonder to myself, what’s stopping a Hushmail employee from exercising this ability outside of being compelled by authorities? A mandate? Their morality? A Symantec study showed that more than half of ex-employees admit to stealing Company data. Their contracts didn’t stop them.
My belief is that if you don’t have control, you don’t have privacy. Because like privacy, control is not something you can have some of: you either have it or you don’t. It is a belief that’s shared by the team at eCrypt Technologies. Control is key. It is why the encryption technologies we develop give the end users control over their own privacy. Not a service provider, not an employer, not an IT administrator with a hefty student loan, a bad money-sucking habit, and salary that won’t cut it. No, not even eCrypt.
Human beings have an inherent desire to be in control: of our finances; our careers; our emotions; our reputations. So why are so many of us still so willing to give up control over our privacy, one of our most precious and vulnerable rights and freedoms? Because we are oblivious? Naive? Or is it the convenience of having someone else take care of it? That’s great for an oil change, but privacy? It must be convenience: the American dream. Or is it the American fantasy? Let someone else take care of it. Convenience. But at what cost?
MY privacy is priceless. That is why I got into this business. That’s why we founded eCrypt Technologies, so that we could have and share technologies that offer TRUE end-to-end privacy, without the expensive and complicated infrastructure, the IT staff, or the high price tag. That is why the solutions we develop use the strongest algorithms available while leaving control in the users hands. Literally.
As I leave and lock up my home, BlackBerry in my purse, eCrypt encryption enabled, I smile to myself at the memory of a joke I read somewhere once:
“Message from hacker: all you boring people out there stop encrypting your emails, you’re wasting my time.”
A vision appears in my mind’s eye, a reality where people use encryption for EVERYTHING, every document, every email. A reality where the sheer amount of encrypted data is overwhelming, tying up hackers for years decrypting grocery lists and ‘pass-this-on’ quizzes. That is MY American dream, my fantasy.
Cybercrime. It’s a global epidemic and yet, so many of us still don’t know just how vulnerable we really are. Don’t think it can happen to you? Consider this: a Google search of “how to hack email” yielded over 91 million results today. Yesterday that figure was 80 million. What will it be tomorrow?
As Marlon Brando said, “Privacy is not merely something I am entitled to, it’s an absolute prerequisite.”
Privacy is your right. Protect it with eCrypt.