杏吧原创

After Ashley Madison: How to regain control of your online data

Recent hacks have exposed just how vulnerable everyone鈥檚 personal data is. New technologies could change the very basis of how companies store our information

After Ashley Madison: How to regain control of your online data

Not so secret anymore (Image: Bobby Yip/Reuters/Corbis)

ONLINE privacy as you know it died last week. But the reaction to the release of Ashley Madison鈥檚 dossier of more than 30 million people seeking affairs was one of muted resignation. one commentator declared. Another bemoaned 鈥溾. The received wisdom is clear: our data will never be safe.

This collective shrug is the result of security fatigue, says privacy researcher Helen Nissenbaum of New York University. The companies who store our data have all the power, but the responsibility for protecting it has been placed on individuals. And we鈥檙e ill-equipped for the job. If you were using the Ashley Madison site, the strongest password in the world wouldn鈥檛 have kept your details off the growing number of searchable databases now being scoured by suspicious partners and those looking for dirt.

And it鈥檚 not just members of illicit websites who need to worry. 鈥淎ll of us are shedding data with no clue as to how it is being used, abused, protected 鈥 or not,鈥 says Nissenbaum. We are simply meant to have faith that the trade-off of our data for what the company offers us is worthwhile, she says.

鈥淎ll of us are shedding data with no clue as to how it is being used, abused or protected鈥

It is certainly worthwhile for the companies. Sliced and diced and sold to third parties, data can be a bounteous cash cow. What you get out of the deal is less clear. One thing we do know is that the model of trusting someone else to hold your data has failed.

Some researchers think you should revoke some of that trust. 鈥淚 can鈥檛 believe people put their real names, email addresses and credit card details on to a website like that,鈥 says Krzysztof Szczypiorski, a security researcher at the Warsaw University of Technology in Poland. He thinks the Ashley Madison hack will be a watershed moment for people鈥檚 understanding of just how exposed their data is. He says people will start to avail themselves of smarter ways of disguising illicit behaviour. Email accounts under a different name, and that can be loaded anonymously, for example, 鈥渨ould have saved a lot of people鈥檚 marriages鈥, he says.

Question of risk

Instead of people storing and sending unencrypted nude photos, Szczypiorski thinks steganography will become more popular 鈥 embedding a nude photo inside an anodyne picture of ducks at a park, say.

But while those options will work for the tech-savvy, Lee Rainie at the Pew Research Center in Washington DC thinks they won鈥檛 necessarily trickle down to all people. 鈥淓ven though they are reminded frequently that their data is at risk,鈥 he says, 鈥渋t鈥檚 pretty clear that many are making only modest changes 鈥 if at all.鈥

Sandy Pentland of the Massachusetts Institute of Technology says that putting the onus on individuals is misguided. 鈥淚t鈥檚 the data collectors that are the problem,鈥 he says. 鈥淭hey have never had any stake in making your data secure.鈥

For Nissenbaum, it鈥檚 a question of risk. 鈥淚f a data collector does not provide adequate security, there鈥檚 a small risk to them and a potentially large benefit.鈥

The spate of recent hacks may be changing that (see 鈥A history of hacks鈥). Breaches such as that affecting Sony鈥檚 files last year demonstrate that hacks can damage not only the lives of people whose details are stolen, but also the companies deemed liable for the theft.

Sony suffered financially but survived. Ashley Madison may not fare so well. 鈥淯nder data protection laws, that case will be a slam dunk,鈥 says Patrick Rennie, who specialises in data protection at London-based law firm Wiggin. In the past, it has been difficult to prove damages or distress, he says. 鈥淭hat鈥檚 not going to be a problem here.鈥 have been filed in the US and Canada.

鈥淎 couple more hacks like this and it will start to change the attitude of the data collectors to holding your data 鈥 from cash cow to liability,鈥 says Pentland.

Over the past year, there has been growing awareness that , according to IT market research company 451 Research. So what will happen when companies lose their appetite for storing data?

Several protocols are in the works that would change the way personal data is stored. Instead of simply throwing up our hands in frustration every time our data is violated, we could revoke access to it even when it already exists on the open web. It would be the online equivalent of squeezing toothpaste back into the tube.

鈥淓nigma would let you reclaim your data 鈥 like squeezing toothpaste back into the tube鈥

鈥淚n the current model, the data lives someplace and you have to protect it,鈥 says Pentland. 鈥淚f you share it with someone, they can run away with it. You can chase them, but it鈥檚 pretty hopeless.鈥 So he and his colleagues Guy Zyskind and Oz Nathan have developed a protocol called Enigma, based on the blockchain 鈥 the secure digital ledger that tracks bitcoins across the internet.

Instead of having all the data in one place, Enigma constructs a 鈥渉olographic鈥 version that it breaks into many encrypted pieces and stores in far-flung spots. Anyone can use the Enigma protocol, Pentland says, including Netflix, banks and health providers, but you would be the gatekeeper of your data. You would have the power to give permission to third parties to run queries on it, and the power to revoke that at will.

Think of it as a jigsaw puzzle whose pieces are in hundreds of different places. 鈥淣o one piece means anything,鈥 says Pentland. 鈥淚f a thief got their hands on most of it, it wouldn鈥檛 make any sense.鈥

Once you grant access to someone querying your data 鈥 say Netflix wanting to check that you are 18 鈥 then and only then do the relevant jigsaw puzzle pieces coagulate to provide the answer before vanishing again.

The system is based on the anti-fraud record securing bitcoins. Anyone who owns bitcoins has an exact copy of the blockchain, making forgeries impossible and removing the need for third parties like PayPal to verify online transactions. Pentland and his colleagues have turned that same public ledger into .

There are other ideas about how to keep data safe from prying eyes, or from people who don鈥檛 want to assume the risk of protecting it. Projects are under way at and Microsoft, whose proposals resemble e-wallets that hold your data for queries but never for direct access or storage.

A version of Enigma will be available later this year, and if such services take off, you truly will be responsible for your own data. At that point, the warnings to guard it will make more sense. 鈥淵ou can still do stupid things under Enigma,鈥 says Pentland. 鈥淵ou could give permissions to the wrong person.鈥 However, without access to the original 鈥渉ard copy鈥 of your data, he says, it will become impossible for advertisers to use that data without you knowing, or for people to buy it.

Currently, companies that misuse your data can be sued, says Rennie, but you鈥檒l never be able to eradicate data breaches. 鈥淵ou can make theft illegal, but that鈥檚 not going to stop someone pinching a bicycle.鈥 Tools like Enigma could be the next best thing.

Leader:It鈥檚 not too late to reclaim our privacy

A history of hacks

NSA 鈥 June 2013

Edward Snowden reveals how the US National Security Agency can monitor people鈥檚 personal data 鈥 including medical records, email, bank accounts and phone calls.

Target 鈥 November 2013

Malware in the payment system of US retailer Target siphons credit card information, addresses and names of more than 100 million people.

US Homeland Security 鈥 March 2014

Social security numbers, financial histories and children鈥檚 names are leaked when the files of 4 million government employees are exposed. Officials are warned that the .

iCloud photo leaks 鈥 August 2014

Celebrities鈥 nude photos are swiped from iCloud鈥檚 online storage platform.

Sony 鈥 November 2014

Five Sony Entertainment films are leaked and thousands of internal documents published. The data included private email messages.

Ashley Madison 鈥 August 2015

The details of more than 30 million people who signed up to the adultery website are released. .

Topics: Computer crime / Privacy