Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2013 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy, UNSW Wirtschaftsinformatik.

Similar presentations


Presentation on theme: "Copyright 2013 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy, UNSW Wirtschaftsinformatik."— Presentation transcript:

1 Copyright Roger Clarke Xamax Consultancy, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy, UNSW Wirtschaftsinformatik Forum – GI Deutsches Eck Universität Koblenz-Landau 17. Januar {.html,.ppt} eConsumer Insecurity Five Headlines – Sensationalist But True

2 Copyright What Do eConsumers Do? Inter-Personal Comms , Chat/IM Content Discovery and Access Reading Content Publication Web-Sites, Blogs, Personal Galleries, Music, Video Doc Prep File-Sharing with Friends, Colleagues Personal Databases Accounting, Investments, Hobbies, Family Trees

3 Copyright Consumer Computing clients, using smtp/pop/imap Personal Web-Sites Dedicated Devices Office on the Desktop FTP-server and -client [Books] Webmail, using http / https Flickr, Picasa, 3rd Party Blogs iTunes Zoho, Google Docs Dropbox eBooks, Rented Functions Applications ==>> Services Personal Galleries Personal Music Doc Prep File-Sharing Reading

4 Copyright A Participant-Oriented Classification of Social Media / Chat-IM / Skype Web-Pages 'Walled-garden' 'wall-postings' YouTube Wikis Dis/Approval 'Like', '+1' Second Life

5 Copyright eConsumer Wants – 1 of 4 The Basic Needs Does it do what I want it to do? [Fit] Will it be there when I want it? [Availability, Reliability]

6 Copyright eConsumer Wants – 2 of 4 The Basic Needs Does it do what I want it to do? [Fit] Will it be there when I want it? [Availability, Reliability] The Basic Protections How do I keep going if it stays fallen over for a long time? [Service Interruptions] Will you respond helpfully and quickly enough when I ask for help? [Customer Service] Will you lose my data, or muck it up? [Data Integrity] Do I get my data back if you fall over or withdraw the service? [Survival] Can I move my data to another supplier? [Lateral Compatibility] Who can I complain to if I get dudded, and will they actually help me? [Consumer Protection]

7 Copyright eConsumer Wants – 3 of 4 More Advanced Needs Will it keep doing what it does now? [Service Integrity] Will it stay up-to-date? [Future Fit] Will it fall over too often? [Robustness] Will it come back quickly after it falls over? [Resilience] Is my service protected against you, them and the gods? [Service Security] If bits of it are broken, will you fix it without breaking it some more? [Maintainability] Can I fiddle with it a bit if I need to? [Flexibility] Can I move my data to an upgraded version? [Forward Compatibility] How long will old versions keep working for me? [Backward Compatibility] Am I breaking the law if I use the service? [Legal Compliance]

8 Copyright eConsumer Wants – 4 of 4 More Advanced Protections Am I going to get gouged? [Cost] Can only appropriate people get in and do things? [Authentication and Authorisation] Can I get access to all data that you hold about me? [Subject Access] Is my data protected against you, them and the gods? [Data Security] Is my privacy protected against you, them and the gods? [Privacy Controls] If I terminate our relationship, will my data be irretrievably deleted? [Fully Effective Withdrawal] What happens to my data if I die? [Archival / Memorialisation]

9 Copyright Headline 1: Software on consumer devices becomes dated and local data is often not recoverable, but... eConsumer services are a very bad deal

10 Copyright The Terms of Service eConsumers can usually only know what Terms apply to an earlier transaction if they mirrored the Terms at the time The Terms applicable to the next transaction may not be the same as they were for previous transactions The Terms applicable to transactions and to the eConsumers data are entirely under the provider's control eConsumers can place no reliance on what they may have previously read or heard about the Terms

11 Copyright Second-Party Risk-Exposure Summary of Results 3 – the Terms provide the ISP with no right to use the data (iinet, Internode, Yahoo!) 2 – use is authorised, but... only in a manner directly related to the contract (Infinite, Zoho) 1 – use is limited to 'access' - although what that limitation means is unclear (Dropbox) 1 – use is authorised "to provide the service" - which can be readily interpreted as being the service as a whole not just the service provided to that user (MS Live) 2 – the ISP has very substantial rights (Google, LinkedIn)

12 Copyright In-Depth No responsibility to provide the service, or to do so reliably, or to sustain data stored in it Subscribers must disclose physical location, even if irrelevant No internal complaints process No rights to restitution, no liability for identity fraud LinkedIn gains rights to customers' data that are almost equivalent to the rights of the customers themselves Unilateral changes to the Privacy Statement, without notice Storage in the USA under lax privacy laws No undertakings to control staff behaviour Enforced 'permission' to disclose personal data, "to assist government enforcement agencies", without legal authority Inadequate subject access and correction rights

13 Copyright The Cloudy Future of Consumer Computing Inaccessibility and Lack of Clarity of Terms Service Malfunctions Loss of Data Provider Exploitation of Personal Data Largely unfettered scope for changes to the Terms Supra-Jurisdictionality and Use of Regulatory Havens Seriously Inadequate Consumer Protections Dominance of US marketing morés Pro-corporate / anti-consumer US regulators Meekness of regulators in other countries Lack of Organised Consumer Resistance

14 Copyright Headline 2: Mobile devices are irretrievably insecure

15 Copyright MalContent How Much Illegal Porn is on Your Personal DeVices?

16 Copyright MalContent How Much Illegal Porn is on Your Personal DeVices? Unexpected -Attachments and Microsoft -Emedded Files Unexpected Downloads over the Web Unwitting Downloads over P2P Malware, Unauthorised Users,...

17 Copyright MalContent How Much Illegal Porn is on Your Personal DeVices? Unexpected -Attachments and Microsoft -Emedded Files Unexpected Downloads over the Web Unwitting Downloads over P2P Malware, Unauthorised Users,... How can you know?

18 Copyright MalBehaviour Many categories, including Flaming, Incitement, 'Trolling',... 'Social Engineering' Enveigling users into harmful actions, incl. 'Phishing', esp. for authenticators Download of 'free anti-virus software'

19 Copyright Malware A Definition to Cope with the Complexities Software, or a software component or feature, that (1)is capable of being Invoked on a device; and (2)on invocation, has an Effect that is: Unintended by the person responsible for the device; and Potentially Harmful to an interest of that or some other person Virus Worm Spyware Backdoor / Trapdoor Remote Admin Tool Rootkit Drive-by-Download

20 Copyright Absolute-Minimum InfoSec Safeguards Malware Detection and Eradication

21 Copyright Absolute-Minimum InfoSec Safeguards 1.Physical Safeguards 2.Access Control 3.Malware Detection and Eradication 4.Patching Procedures 5.Firewalls 6.Incident Management Processes 7.Logging 8.Backup and Recovery 9.Training 10.Responsibility

22 Copyright Absolute-Minimum InfoSec Safeguards 1.Physical Safeguards 2.Access Control 3.Malware Detection and Eradication 4.Patching Procedures 5.Firewalls 6.Incident Management Processes 7.Logging 8.Backup 9.Training 10.Responsibility As applicable to consumers as to business and government

23 Copyright Headline 3: That's not a Password; it's a Passéword Kennwort wurde schon Bekanntwort

24 Copyright Password Vulnerabilities and Threats Direct Acquisition Visual Observation Electronic Observation Keystroke Logging Discovery of a Personal Password Database Interception Phishing Compounding Factors Use of One Password for Multiple Accounts Continued Use of a Compromised Password Indirect Acquisition Guessing 'Brute Force' Guessing Compromise of the Password-Reset Process Compromise of a Password Stored by a Service-Provider Acquisition and Hacking of a Password-Hash File

25 Copyright Access Control – Threats Safeguards What You Know password, 'shared secrets' What You Have one-time password gadget, a digital signing key Where You Are your IP-address, device-ID What You Are a biometric, e.g. fingerprint What You Do time-signature of password- typing key-strikes Who or What You Are reputation, 'vouching' Interception Channel Encryption, e.g. SSL/TLS Rogue or Compromised Second Party Transmission and Storage of only a password hash Compromise of the Client One-Time Passwords, Variable Action Passwords Imposter Multi-Factor Use Authentication:

26 Copyright Headline 4: Mobile devices are irretrievably insecure Web technologies are designed to be insecure

27 Copyright Server Control of Consumer Devices Java Applets ActiveX 'Controls' 'Asynchronous JavaScript and XML' (AJAX) Drive-by Downloads HTML5 Mobile Apps

28 Copyright Drive-By Downloads A big majority of requests to web-sites result in Unrequested Content being pushed to the browser from other sites – variously 'strategic partners' and parasites Third-Party Tracking Cookies are imposed by the vast majority of commercial web-sites, and are used by over 200 tracking companies (DoubleClick, et al.) Those companies use Additional Spyware to try to circumvent protections (web-bugs, Flash cookies, etc.) All of this is in breach of eConsumer consent Careful eConsumers use Protections

29 Copyright

30 Copyright HTML Support for: multi-media streaming open channels as well as sessions geolocation A way to subvert sandboxing A way to subvert user control, by inverting the Web from pull to push A way to access local data and devices (e.g. cameras, microphones), giving rise to "A Pandoras box of tracking in the Internet /other/sophosHTML5andsecurity.pdf

31 Copyright Mobile Apps Will Google and Apple protect eConsumers against other parties? Who will protect eConsumers against Google and Apple? Retrofitting of Mobile OS to the Desktop Mac OSX iOS Android / bluetracks

32 Copyright Headline 5: The spy in your pocket leaks your location, 10 times per second, and to far more organisations than you thought

33 Copyright The Practicability of Location and Tracking Cell-Location is intrinsic to wireless network ops More Precise Location is now mostly available

34 Copyright The Primary Geolocation Technologies

35 Copyright The Practicability of Location and Tracking Cell-Location is intrinsic to wireless network ops More Precise Location is now mostly available Tracking is feasible, because the handset sends a stream of messages Retrospective Tracking is feasible if the series of locations is logged (), and the log is retained () Real-Time Tracking is feasible if the data-stream is intense () and latency is low () Predictive Tracking is feasible if the data-stream is intense () and latency is low ()

36 Copyright Terms of Service Imposed by ISPs on Consumers Substantial Rights to collect, use and disclose personal data, incl. location data Unilateral Power: to change the Terms of Service to do so without notice to do so with immediate effect No Obligation to delete data, ever

37 Copyright Rampant Location and Tracking Through Pseudo-Consent: Uncontrolled personal data collection Uncontrolled personal data use Uncontrolled personal data disclosure US data havens undermine EU protections Consumer rights and data protection laws inadequate for the task Parliaments, Regulators asleep at the wheel

38 Copyright Headline Spare: Unauthenticated payments are switching card risks from merchants to consumers

39 Copyright Headline Bonus: Social media services have only one business model, and it's based on personal data exploitation and behaviour manipulation

40 Copyright

41 Copyright Some Implications

42 Copyright Naive Advice from 1998 'Apply Consumer-Friendly Principles' Information Choice Consent 'opt-in' the norm 'opt-out' with stringent justification Fair Conditions Recourse

43 Copyright Consumer-Oriented Social Media Features Interoperability, Portability Content, Messages Consent, which means: Informed Freely-Given Granular not Bundled Settings Management Conservative Defaults Trustworthy Terms Identity Protections Protected Pseudonyms Multiple Identities Caveats, Social Norms and Reputations Non-User Protections Content Social Networks Location Protections

44 Copyright Some Possible Measures IT Security Risk Assessment (SRA) done by someone, from the eConsumer Perspective IT Security Risk Management Planning (SRMP) done by someone, from the eConsumer Perspective Designed-In Security Safeguards Practicable and Economic Default and with Minimal Usability Trade-Off Documented, with Tutorials

45 Copyright Ways to Get There Depend on the proactive and productive prosumer? Impose liability for designed-in insecurity? Impose liability for serious security errors? Develop eConsumer Protection Law? Impose Minimum Privacy Undertakings? Impose Standards on eConsumer Services?

46 Copyright BYOD Issues Hosting Organisation Perspective Need for Network Protection Need for Device Challenge and Testing Need for Minimum Security Standards Need to provide Device-Cleansing Advice eConsumer Perspective Transparency of the Organisations Actions Auto-Reporting of Sensitive Information Exclusion from Services / Participation

47 Copyright Will Consumers Be Precluded From Owning General-Purpose Computing Devices? Many powerful groups will discover that they want it Copyright-Dependent Corporations Government Censors The Moral Minority, who want governments to extend censorship to whatever content the moral minority thinks the majority shouldn't have access to (Dominant) Computing Device Providers (iOS, Android) Law Enforcement & National Security Agencies (LEANs) 'Fraud Experts' Employers and other Organisations permitting BYOD

48 Copyright eConsumer Insecurity Five Headlines – Sensationalist But True Agenda eConsumers 5 Headlines eConsumer services are a very bad deal Mobile devices are irretrievably insecure Passwords are Passé; Kennwort heisst Bekannt Web technologies are designed to be insecure Mobiles leak location, very often, far and wide Some Implications

49 Copyright Roger Clarke Xamax Consultancy, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy, UNSW Wirtschaftsinformatik Forum – GI Deutsches Eck Universität Koblenz-Landau 17. Januar {.html,.ppt} eConsumer Insecurity Five Headlines – Sensationalist But True

50 Copyright

51 Copyright eConsumer Differentiation Education, Income, Wealth Infrastructure Availability Technical Capability Opportunity-Awareness Leadership / Followership Risk-Awareness, Risk-Aversion Age / 'Generation'

52 Copyright The Generations of eConsumers Indicative Indicative GenerationBirth-YearsAge in 2010 Silent / Seniors Baby Boomers – Early Baby Boomers – Late Generation X Generation Y The iGeneration

53 Copyright The Generations of eConsumers Baby Boomers (45-65) Handshake/phone, PCs came late, had to adapt to mobile phones Work is Life, the team discusses / the boss decides, process-oriented GenXs (30-45) Grew up with PCs, and mobile phones, hence multi-taskers Work to Have More Life, expect payback from work, product-oriented GenYs (15-30) Grew up with IM/chat, texting and video-games, strong multi-taskers Life-Work Balance, expect fulfilment from work, highly interactive iGens (to 15) Growing up with texting, multi-media social networking, networked games, multi-channel immersion / inherent multi-tasking ?Life before Work, even more hedonistic, highly (e-)interactive

54 Copyright ActiveX 'Controls' There is no sandbox. Access is given not just to the browser but to the entire workstation The designer thereby gains enormous power over remote workstations An ActiveX control can be authenticated, but that doesnt assure that it will not be harmful ActiveX security problems are far worse than Java: The embedding of ActiveX into the Internet Explorer web browser created a combination of functions that has led to an explosion of computer virus, trojans and spyware infections (An over-ridden Wikipedia entry for ActiveX)

55 Copyright A Lightweight Alternative – AJAX 'Asynchronous JavaScript and XML' A Successor to the vague Dynamic HTML Applies well-established tools: (X)HTML/CSS -> XML, JavaScript/ECMAScript Utilises the XMLHttpRequest Method of HTTP in particular to enable partial-window-refresh Involves an 'Ajax engine' within the browser, which intercepts and processes user-requests and server-responses

56 Copyright Headline Spare: Unauthenticated payments are switching card risks from merchants to consumers

57 Copyright Contactless Chips RFID / NFC chip embedded in card Wireless operation, up to 5cm from a terminal Visa Paywave and MasterCard PayPass Up to $100 (cf. original $25)

58 Copyright Contactless Chip-Cards as Payment Devices RFID / NFC chip embedded in card Wireless operation, up to 5cm from a terminal Visa Paywave and MasterCard PayPass Up to $100 and $35 resp. (cf. original $25) Presence of chip in card is not human-visible, but Logo / Brand may be visible No choice whether it's activated Operation of chip in card is not human-apparent No action required when within 5cm range, i.e. automatic payment No receipt is increasingly the norm Used as Cr-Card: Unauthenticated auto-lending Used as Dr-Card: PIN-less charge to bank account

59 Copyright Authentication – None? / A Non-Secret? (but Yes, for Transactions >$100 Only) Act of Consent – None? / Unclear? / Clear? If the card is within 5cm of a device, whether seen or not Notification – None? / Audio? / Display? If 'None', then enables surreptitious payment extraction Receipt / Voucher – None? / Option? / Y? Safeguards

60 Copyright Mobile Payments can be Faster More Intuitive More Convenient Less of an Obstacle

61 Copyright Mobile Payments can be Faster More Intuitive More Convenient Less of an Obstacle For the Thief Too

62 Copyright Risk Analysis Summary A lost, stolen or borrowed card can be used by anyone, for multiple transactions up to $100 at a time, without any form of authentication, against the credit or debit account the card it linked to The facility is in every card, the choice is merely to have a card or to not have one, and there is no 'Off' switch Many Parliaments and Consumer Protection Agencies have done absolutely nothing about it

63 Copyright Risk Management Possibilities Reconcile your Statements. But: Statements are now very long indeed Statements are increasingly online, not sent, and charged for The time available for challenges is limited (60 days?) Many transactions will not match against a receipt Many business names are not recognisable Query unrecognised transactions. But: The consumer has no evidence, much detail, and is uncertain Only a minority of unreconciled entries will be fraudulent Effort, time and fees are incurred for each challenge Processes are designed to be inconvenient and slow (60 days?) Card-issuers can refuse to reimburse

64 Copyright Headline Bonus: Social media services have only one business model, and it's based on personal data exploitation and behaviour manipulation

65 Copyright A Participant-Oriented Classification of Social Media / Chat-IM / Skype Web-Pages 'Walled-garden' 'wall-postings' YouTube Wikis Dis/Approval 'Like', '+1' Second Life

66 Copyright Currently-Available Social Media Genres 1-with-1/Few INTERACTION Tools networked text (asynchronous) networked text chat / IM (synchronous) SMS / texting from mobile phones -attachments, any format (asynch) voice: over Internet (VoIP, Skype) (synch) tele-conferencing (VoIP, Skype) (synch) videophone (Skype Video) (synch) video-conferencing (Skype Video) (synch) 1-to-Many BROADCAST Tools bulletin boards systems (BBS) Usenet / netnews lists web-pages indexes (Lycos, Altavista, Google, Bing) blogs (WordPress, Blogspot) micro-blogs (Twitter, Tumblr) glogs – wearable wireless webcams, cyborg-logs, retro-nymed as 'graphical blogs' 'content communities', e.g. for images (deviantArt, Flickr and Picasa), for videos (YouTube), for slide-sets (Slideshare) closed / 'walled-garden' 'wall-postings' within SNS (Plaxo, MySpace, LinkedIn, Xing, Reddit, Facebook, Google+) 1-with-Many SHARING Tools Content Collaboration wikis (Wikipedia) social news sites (Slashdot, Newsvine) online office apps (Zoho, Google Docs, MS Live) Indicator-Sharing 'social bookmarking' (Delicious) dis/approvals (Digg's dig & bury, Reddit's up & down, StumbleUpon's thumbs-up & thumbs-down, Facebook's Like button, Google+'s +1 button) Multi-Player Networked Gaming text-based MUDDs social gaming sites (Friendster) Massively Multiplayer Online Games (MMOGs), esp. Role-Playing Games (MMORPGs), e.g. World of Warcraft online virtual worlds (Second Life)

67 Copyright Social Medias Business Model 'There must be a way to monetise this somehow' 'You will find something interesting here' is a self-fulfilling prophecy, because people can be enticed to contribute 'something interesting' Contributors, and the people who come after them, can be enticed to click on targeted advertisements Targeting is based on: profile-data that users supply about themselves content that they have donated their online behaviour while using the service their online behaviour more generally data that other people contribute about the user

68 Copyright Privacy Risks in Social Media Second-Party Risk Exposure (Service- Provider) Content relating to Oneself Content relating to Others Social Networks including Oneself and Others Third-Party Risk Exposure Openness that was Unanticipated Openness through Breach of Original Terms The Service-Provider's Strategic Partners 'Syndication', to any player Government Agency Demand Powers Interception and Hacking

69 Copyright A Catalogue of Social Media Privacy Concerns Source: Reviews of Media Reports Privacy-Abusive Data Collection 2Privacy-Abusive Service-Provider Rights 3Privacy-Abusive Functionality and User Interfaces 4Privacy-Abusive Data Exploitation

70 Copyright A Catalogue of Social Media Privacy Concerns 1Privacy-Abusive Data Collection Demands for User Data identity data profile data contacts data, including users' address-books: their contact-points (some sensitive) comments about them (ditto) by implication, their social networks Collection of User Data about users' locations over time about users' online behaviour, even when not transacting with the particular service from third parties, without notice to the user and/or without user consent 2Privacy-Abusive Service-Provider Rights Terms of Service Features substantial self-declared, non-negotiable rights for the service-provider, including: to exploit users' data for their own purposes to disclose users' data to other organisations to retain users' data permanently, even if the person terminates their account to change Terms of Service: unilaterally without advance notice to users; and/or without any notice to users Exercise of Self-Declared Service-Provider Rights in ways harmful to users' interests in order to renege on previous undertakings Avoidance of Consumer Protection and Privacy Laws location of storage and processing in data havens location of contract-jurisdiction distant from users ignoring of regulatory and oversight agencies acceptance of nuisance-value fines and nominal undertakings

71 Copyright A Catalogue of Social Media Privacy Concerns 3 Privacy-Abusive Functionality and User Interfaces Privacy-Related Settings non-conservative default settings inadequate granularity complex and unhelpful user interfaces changes to the effects of settings, without advance notice, without any notice and/or without consent 'Real Names' Policies denial of multiple identities denial of anonymity denial of pseudonymity enforced publication of 'real name', associated profile data Functionality and User Interface inadequate documentation and reliance on interpolation frequent changes; and/or without advance notice to users, without any notice to users and/or without user consent User Access to Their Data lack of clarity about whether, and how, data can be accessed lack of, even denial of, the right of subject access User Deletion of Their Data lack of clarity about whether, and how, data can be deleted lack of, and even denial of, the users right to delete 4 Privacy-Abusive Data Exploitation Exposure of User Data to Third Parties wide exposure, in violation of previous Terms, of: users' profile-data (e.g. address, mobile-phone) users' postings users' advertising and purchasing behaviour users' explicit social networks users' inferred social networks, e.g. from messaging-traffic changes to the scope of exposure: without advance notice to users without any notice to users; and/or without user consent access by government agencies without demonstrated legal authority Exposure of Data about Other People upload of users' address-books, including: their contact-points comments about them by implication, their social networks exploitation of non-users' interactions with users

72 Copyright A Catalogue of Social Media Privacy Concerns 3 Privacy-Abusive Functionality 'Real Names' Policies Denial of multiple identities Denial of anonymity Denial of pseudonymity Enforced publication of 'real name', and associated profile data

73 Copyright A Catalogue of Social Media Privacy Concerns 4 Privacy-Abusive Data Exploitation Exposure of Data about Other People Upload of users' address-books, including: their contact-points comments about them by implication, their social networks Exploitation of non-users' interactions with users Disclosure of non-users' social networks

74 Copyright Social Media Privacy Disasters Plaxo, Twitter Facebook, Google Gmail, Orkut, Buzz, Google+ Instagram


Download ppt "Copyright 2013 1 Roger Clarke Xamax Consultancy, Canberra Visiting Professor in Computer Science, ANU and in Cyberspace Law & Policy, UNSW Wirtschaftsinformatik."

Similar presentations


Ads by Google