Cybersecurity and Privacy in 2020Petteri Järvinen

@petterijMindtrek 2016Tampere, Finland

Contact informationpjarvinen.blogspot.combittimittari.blogspot.com

@petterij

www.facebook.com/petterijj

profiles.google.com/petterij

pinterest.com/petterij

http://petterij.kuvat.fi

instagram.com/petterijjfi.linkedin.com/in/petterij

PGP: 0809 2085 308E 0DF1 4173 EADD 8231 7135 9F31 FC66BTC: 18XdRN46UvrHtteFyMejND7af5CBUe5A1o

Petteri JärvinenM. Sc. (eng)petteri@jarvinen.fi

Should I worry about my privacy?

Should I worry about my privacy?

Not anymore.If you use Google, Facebook or own a smartphone

17.10.2016@petterij

• Everything we do is done online– communication, shopping, entertainment...

everything done online is logged and stored• Storing data forever is less expensive

than deleting it• Cash will disappear (government wish)

– no more anonymous payments• Real world is merging with online world

– shopping in old-fashioned stores affects ads online

– physical cookies, customer loyalty cards• Data is new oil – and it’s your own oil

Trends

This is almost funny: people are watching their phones and phones are watching them.

New Yorker, 5th July 1993

New Yorker, 5th July 1993 October 2016: 93 tracker etc. cookies

They know you’re not a dog, but they also know what dog you have

17.10.2016@petterij

Dynamic duo: Google and Facebook• Facebook knows what you do

– real names, correct information– knows your friends and social networks– your friends will tell more than you think– friend suggestions by same Wifi-hotspot?

• Google knows what you think– search suggestions can really read your

mind– what you search, what sites you visit

(Chrome)– Google is transparent: you can delete

much of your data, if you know how and you’re willing to spend some time with settings

• It’s impossible to stay incognito

maps.google.com/locationhistory

Google knows where you stopped

Activity tracking software in use

https://myactivity.google.com/myactivity?restrict=vaa&hl=en&ent=r&utm_source=udc&product=29

What you have said?

17.10.2016@petterij

Customer loyalty cards• It’s not only Google and Facebook...

– your local grocery store works for Big Brother, too• It’s more than just daily groceries

– you get bonus points from travel, gasoline, hotels, restaurants (even your own tombstone!)

• Bonuses are not real, they are psychology– first you pay extra, then you get some back– customer pays his/her own bonuses

”Man is what he eats”

White bread

Two big PepsiSausages

Ready made pizzas

Chocolate cereals

Cookies

17.10.2016@petterij

Next step: audio• Speech will be the next UI• Digital assistants understand spoken

commands (Siri, Cortana, Google Now)

• Excellent speech recognition• Homes, cars, phones, televisions etc.• Is Facebook already listening on us?

• Walls have ears - can we trust they’re not eavesdropping us?

• Can they be hacked to do so?

17.10.2016@petterij

• Effective from 25.5.2018• Privacy is a basic human right• Good intention but does it work?• Citizens will have more control over

their personal data– e.g. right to be forgotten– right to download your own data and upload

it a competitor’s service• BUT

– cookie warning is annoying and useless– Mydata means your personal data must be

available for download – target for hackers? – in order to fulfill requirements you may need

to collect more personal data than before

EU General Data Protection Regulation

If you don’t want cookies, forget these policies and disable cookies in your browser.

Is privacy possible in 2020?

Is privacy possible in 2020?

Yes, if we redefine the word

Privacy is not hiding your data

Privacy means you have control over your data and you understand its value

Intercourse, Pennsylvania

17.10.2016@petterij

• Get rid of bonus cards• Use several browsers side-by-side• Logout from Facebook after use• Pay for the services, if possible

– oil is your currency• Use bitcoins instead of credit card• Poison the data by obfuscating

Brunton & Nissenbaum: Obfuscation - A User's Guide for Privacy and Protest (MIT Press, 2016)

All these methods are expensive and laborous. You have to pay for your privacy.

There is always something you can do

The Asian way.

In Finland we are protected: ALKO (liquor store state monopoly) bag-in-box wines can be reused as tin foil hat.

17.10.2016@petterij

Cybersecurity

1985 PC revolution1995 Internet2005 Social media2015 Cybersecurity

17.10.2016@petterij

• Infrastructure was built before security became a concern• Traffic lights, water pumping, heating, factories etc.• VOR (air traffic nav aids) and marine traffic controls not

protected against tampering and sabotage

And this is just the beginning• In the near future we’ll have

smart appliances, smart homes, autonomous cars...

• They’re designed to be easy-to-use,cheap and have many features

Our infrastructure is not secure

Smart == vulnerable

In Finland plumber needs formal training and a certificate, but anybody can build websites and engineer net-connected devices.

17.10.2016@petterij

This is normal

Small disruptions are common - what happens when a powerful actor launches real attack to take them down?

Military invented internet, now they are taking it back Future elite soldier

Information is incomplete, attribution impossible

Security is a feelingHow are we feeling now?Very insecure

Who is attacking us and why? Script-kiddies, state level actors or something in between? Government officials are tight-lipped and confused.

This message is very clear

Generals and politiciansare always fighting the last war

When next crisis happensyou’ll be at the front line

17.10.2016@petterij

• If you are a programmer: don’t do bad coding!• Protect your home: update all your smart appliances (Wi-Fi

router, TV etc) regularly• Increase your own and your family’s resilience: always keep

some cash available• Prepare for infowar: don’t believe everything you read and see

in the media

Only Thing We Have to Fear Is Fear ItselfFranklin D. Roosevelt inauguration speech 1934

What can I do to protect my country?

Thank you