Privacy and digital security is a personal responsibility. It can’t be anything else

17 July 2020 by Steve Blum
, , , ,

Gagged by privacy

Three unrelated stories that broke within 24 hours demonstrate why digital security is a personal responsibility, and how blindly trusting third parties – individuals or private companies or governments – to look after your best interests is no solution:

  • The European Court of Justice nixed a data sharing safe harbor deal between the European Union and the U.S., pointing out in its decision that “the requirements of US national security, public interest and law enforcement have primacy”, which makes any promises of privacy meaningless.
  • Western intelligence agencies took the unusual step of calling out Russia by name, and blaming its spooks for breaking into systems used by researchers working on a covid–19 vaccine.
  • Crackers punked Twitter employees, and got the keys to the kingdom. Or at least sufficient credentials to take over Bill Gates’, Warren Buffett’s and Joe Biden’s accounts, among others.

Twitter’s explanation for its breach is as succinct a description of the fundamental problem as I’ve ever seen…

We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.

I have no doubt that Twitter takes security and customer privacy seriously and takes the steps it truly believes are necessary to safeguard its systems. I believe the same about medical researchers.

And the National Security Agency too. But that, thankfully, did not prevent Edward Snowden from blowing the whistle on its mindless and pervasive surveillance of electronic communications, thanks to AT&T’s “extreme willingness to help”and similar assistance from other compliant telecoms companies.

Good intentions and diligent efforts are not enough. With U.S. law enforcement agencies continuing to press for backdoors into secure systems and breakable encryption, the problem will only get worse.

People will always have to have “access to internal systems”. Trustworthy, competent people, to be sure, but people with human frailties and fallibility. Perfect privacy and security is impossible. All we can do is vigorously accept personal responsibility for individual privacy and security, and resist anyone’s claim of greater need or superior authority.