While this may not seem obvious to us in Fiji right now for the first time in human history, almost everyone is under surveillance every day – surveillance not in spite of, but because of what social media has achieved.
In a very interesting article about the Principle of Separation (which I published), the authors look at the old principle of building privacy into the servers themselves. I think we all thought it was, but I assure you it is not!
Privacy breaches are a multi-billion dollar industry, and for some time now have been the core business model of the Internet. All those free Facebook accounts and other apps come at a price – your data (details/photos/videos/etc)!
People need privacy in their daily lives, but privacy is more important than the individual: societies thrive when we prevent the unintended consequences of total surveillance. Individual privacy is similar to organizational security: in each case, stakeholders wish to maintain control over their private data and metadata.
Thankfully, network designers and researchers alike have recognized the need for, at the very least, data privacy. Transport Layer Security (TLS) is used for almost all forms of communication on the Internet, and is the default in all major browsers, modern protocols such as QUIC and HTTP/3, and many others.
Despite the success of TLS, Internet communications are still more scrutinized today than ever before, both at the network and at the edges. While data is encrypted in flight, important metadata is often leaked in transit (eg, IP addresses, DNS messages, etc.) and at endpoints (by endpoints and partner organizations).
Although for decades the research community, and many widespread deployments, have attempted to address the privacy of communications metadata, reusable design patterns to address this problem are notably absent from the protocol designer’s toolbox.
In their paper, what the authors call the Decoupling Principle is a simple idea that in order to ensure privacy, information should be separated structurally and institutionally in such a way that each organization has only the information it needs to do its proper work.
It makes sense, the kind of ‘need to know’ basis that we use in organizations at various levels to separate and provide privacy for information. Architecture separation involves separating the performance of different key actions in the system, such as authentication (proving who is allowed to use the network) from connection (establishing the state of a communication session).
Decentralization involves separating what information remains between unrelated parties, such as different companies or network operators, or between a user and a network peer. This disconnect makes individual service providers more breach-proof, as each of them has little or no sensitive data that can be lost to hackers.
Simply put, the Principle of Separation suggests always separating what you are from what you do.
This is partly done in current authentication systems such as AD where users can only access systems or databases they are authorized to use. Chaum was one of the first to design privacy principles and systems in this way, in a series of seminal papers. Many systems have built on Chaum’s insights, including some of the most popular privacy systems ever built, such as Tor (used to access the Darknet).
However, due to the growing pressure to improve internet privacy for end users, it was only in the last decade that Chaum’s ideas began to see widespread use and adoption. Some earlier methods failed to obey the Principle of Separation.
For example, VPNs and middleboxes move trust from a widespread set of network endpoints (e.g., websites a user may visit, DNS resolvers a user may use, etc.) to a single trusted intermediary (e.g., a VPN provider). .
Depending on the threat model, this design may address the privacy concerns of end users, especially if the network is increasingly unreliable. However, here a single trusted intermediary sees all user activity tied to the user’s identity, requires more than necessary trust, and is vulnerable to data breaches.
This pattern does not comply with the Separation Principle. Examples like these reinforce the idea that encryption is essential to network privacy.
This is a conflict of authors. What is Internet Privacy? Privacy cannot be overlooked, and nowhere is this more important than on the Internet, where we must rely on others to manage our traffic.
Since data privacy has, thankfully, been largely resolved, privacy challenges have moved elsewhere: to traffic metadata (there is now encrypted payloads) and to the end where application-level processing takes place.
In addition, privacy challenges abound in ensuring disassociation between multiple streams of traffic from a single user/entity (in the network) and multiple identifiers (at the edge). Privacy challenges exist throughout the network stack, so privacy solutions must also be addressed.
For example, encryption of application traffic can provide privacy of message content, but unprivileged observers at lower layers (eg, IP routing infrastructure) can easily see who is talking to whom by recording IP endpoints.
Systems that adhere to the Separation Principle must consider privacy holistically, and consider information leakage throughout the stack. Privacy interacts with security mechanisms in important ways.
As network security has grown in importance, more and more systems rely on authentication to verify the identity of a user or device and authentication to ensure the levels of access to be granted.
But authentication and authorization, both in real-time and in recent legal applications, often create an undeniable record of who used a network service when, how, and why. The actors involved are separated at the same time – with authorization and authorization used from the most security-critical applications to low-risk situations – and centralized (such as OAuth and SSO) with a view to the use of a large range of services.
Privacy depends on the trust users must place in the online systems they interact with.
When we use systems we put our privacy in their hands. Over the past 15 years, the Internet has become more centralized as most of the traffic is generated from a few cloud providers, CDNs, and content providers that are considered hypergiants.
For example, the number of ASNs (or major network numbers) needed to make up 50 percent of Internet traffic has dropped from 150 in 2009 to just five in 2019. ‘ behavior, in these organizations.
This centralization has come with some advantages for users, as large organizations are sometimes able to protect user data effectively, but this comes with different costs and consequences.
Most communication protocols assume end-to-end coordination and thus end-to-end trust. Included in this assumption is a different reliance on authentication methods that ensure that the source is sure of the destination it is communicating with (eg, using certificate classes or other externalization methods).
Users often make implicit or explicit judgments about whether a particular piece of data should be disclosed to a particular service in a particular context, and these judgments require countless factors that can only be considered by the user.
What many do not realize is that all traffic on the Internet can be tracked and even if it is encrypted you can trace the path. Given a server or other digital device, with the right forensics tools it can be very easy to track where all internet traffic on that device (including services and even data) has been – source/destination.
Cyber criminals using Bitcoin and other cryptocurrencies are now getting that to their death as law enforcement agencies are now sticking to this method of online tracking of Bitcoin wallets.
As the founder of the World Wide Web (WWW) – Tim Berners-Lee commented: “There are growing problems related to the web, such as privacy and security, that we currently have no way of thinking about.
No one has thought to look at how people and the web interact as a whole – until now. ” The World Cup soccer finals this weekend and good luck to France and Argentina! As always, God bless you and stay safe in both the digital and physical worlds.
• ILAITIA B. TUISAWAU is an independent cybersecurity consultant. The opinions expressed in this article are his own and not those of this newspaper. Mr Tuisawau can be contacted at ilaitia@ cyberbati.com