How the West was won or protecting data

The Internet world shook once again this week with the revelation of military, strategic information leaked by a sports app. By running around the compound soldiers gave away their position to the app, that dutifully offered this information to the world, transparent as it is. It became worse. Researchers were able to track individual soldiers to their private addresses simply by connecting available data and thus revealing the identity of soldiers working in highly classified circumstances. This is just one aspect of where things seem to go horribly wrong.

It is not surprising to me that apps reveal data of its users. What does come as something of a shock is the fact that even in organisations that snoop on the world with unprecedented capacities the naiveté concerning simple apps is still so high. It is 2018 and still the military and undoubtedly dozens of other organisations around the globe are surprised by a single app that tracks the fitness and running scores of individuals using the app. And I will not even go into privacy implication here.

From this information it becomes clear that still there are no clear rules on the use of apps, social media, fitbits, etc. vis à vis the workplace. This is not just about the military but about each and every individual, next to the millions of people working in high(er) level trust environments. Was this app installed on a work phone or a private phone brought to work? It should not matter in these circumstances. It shouldn’t be on the phone, in these circumstances, at all.

The news so far focused on the fact that an app revealed this data. If we look one level further down into the app, the question is where does the software come from? Who else is able to gather this data -and who knows what else data from the phone or laptop- either through the software used in the app, what is the origin of the chips used to build the app and is the data sold in any form to third parties?

Ever since the journalists Maurits Martijn and Dimitri Tokmetzis showed that by installing one single app (in this example of a large Dutch department store) on a smartphone, dozens of, mostly unknown firms from North America were able to access all information on that phone every few seconds to auction this information off to advertisement companies, I am very weary of apps on my phone. What apps are really for, data gathering, ought to be common knowledge by now. Perhaps not by the general public but certainly by those is positions where the secrecy of certain data is key. Including rules and regulations concerning the use of apps.

Again the news shows that the knowledge and understanding of the Information Society simply does not seem to get between the ears of those responsible. It makes me dread the moment that the West really comes into a conflict with adversaries. I’m afraid that we will find out the hard way that we really haven’t seen anything yet.

Hence the question becomes whether an open Internet for all is something the West must strive for. The balkanisation of the Internet is becoming a fact fast. China, Russia, Iran, North Korea, etc. are all becoming less and less open to the West. We remain open and highly vulnerable to attacks of all sorts of nature. Is it time to contemplate a wall around us as well?

This question is a far jump from the data revealed by a sports app. Yet it is all related. Each individual incident shows the weakness in our defences. It is time to rethink and strengthen ourselves as well, without giving away anything on the inside. Free speech, economic benefits and protection of the core of the Internet are all possible within our system. Who wants to live beyond these rules, suffers the consequences. Most likely economically to.

What the sports app data revealed does show, is the level of openness our western society has reached. There is no going back on that. Perhaps there is a way of protecting it better. It will be drastic though.

Wout de Natris

Haarlem, 31-01-2018

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber awareness, Cyber education, Cyber espionage, Cyber security, Cyber warfare, Privacy and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s