Lets Connect the dots in a connected world @9jaclicktivist

-
 











Incase you dont know the Internet has become part life of millions of people worldwide. It has found many applications, and today  the smartphones are leading the way. But with increased access it has built enough issues of confidentiality
The Internet was developed as a medium for sharing data. Its basic architectural principles (to break data into a numbered set of small packets and transmit the packets as efficiently as possible), reflects that underlying premise. Each packet is transmitted using the Internet protocol. Packets typically have three parts. The header says where the packet is from (the sender’s IP  address), where the packet is going (the receiver’s IP address), the type of communications protocol (email, Web page, video, voice, and so on), and its position (packet number) in that particular transmission. The payload the actual content  follows. Finally a trailer marks the end of a packet. Applications are broken into packets and then reassembled at the receiver’s end.
Mobility of devices means that the user’s IP address at the café at 10 am is different from that in the seminar room at 11 am. Each time the user connects back to the network, his IP address is transmitted to his service provider. That is how Facebook communications and your email reach the person even when that person has moved locations and IP address has changed.
IP location provides partial identification. While an IP address delimits a location from which and to which packets are transmitted, that address is, for a number of reasons, not necessarily useful in identification. The IP address may be one used temporarily, and without strong identification, such as at an Internet café or an airport. Without ancillary information, such an IP address may provide minimal identifying information. Another reason that an IP address may not provide definitive identification is that few routers along the transmission check a sender’s address; so spoofing an IP address is easy.
Even if the IP address is correct, it may not provide an investigator with information to determine who is responsible for a particular action. That is because in such instances, the connecting machine may be just a way station. Consider, for example, DDoS attacks (Distributed Denial of Service attacks), in which hundreds of thousands of computers simultaneously send messages to an online service, overwhelming it and taking it offline. The machines sending these messages are simply intermediaries that have been compromised themselves. DDOS  is an example of a multistage attack, in which a perpetrator infiltrates a series of machines to launch an attack. Cyberexploits theft of information from networked systems are also typically multi-stage attacks. The first machine to receive the exfiltrated data is often itself compromised, and the stolen data will be quickly moved from that machine to another and another a lengthy chain of compromised machines before the data ends up in the attacker’s hands. An investigation may lead to the initial machine that was used in the scam, but is unlikely to lead all the way to the real attacker.
The fact that IP addresses do not provide precise identity matters very little in certain cases. Spoofing does not concern the Recording Industry Association of America, which uses an IP address as a jumping off point for copyright infringement suits. IP addresses have also served law enforcement as a starting point for investigations. They can also be useful in investigations in which the participants’ addresses are related or common.
Investigators often seek identity, though not necessarily at the level of an IP address. Following users across the Internet became important with the arrival of free services such as Facebook, Google search, and Yik-Yak. Such services are supported through advertising.
There are times when identity on the Internet at the level of a person matters. A bank does not particularly care what a user’s IP address is, but if there’s a transaction occurring, the bank seeks assurance that the person is who he or she claims to be and wants him or her to authenticate the identity at the bank’s site.
 By making the network indispensable to  daily life, the Internet drove the development of smartphones. Most Internet accesses now occur through mobile devices, a fact with profound implications for privacy and surveillance. While a laptop can be ‘on’ but not connected to the network, if a smartphone is on (and not in ‘airplane mode’), it will be connected to the telephone network whenever the provider’s system is within range. Thus, a phone’s location, is a relatively public piece of information.
Governments are not the only ones following users’ locations; in fact, they may be collecting far less information than many private companies. To provide the Internet with services for which smartphones are valued, the phone must provide location information to the app. This is done through GPS, which typically operates on a resolution within ten metres. So, the network provider knows where the phone is and which service the user is communicating from, while the app provider learns phone location and what information is delivered through the app. This is an interesting design choice in location data tracking: Apple’s ios8 does not allow apps to collect location information when the app is not in use, but there is no such restriction for Android phones
While the use of encryption for confidentiality had been controlled, its use for authentication  assurance that a person or site is who they say they are  had not. Https, the secure version of the http linking protocol, is used to authenticate a website and encrypt communications between a user and the site. This protocol was essential for electronic commerce, and was already deployed by the mid  to late 1990s. Given that https was widely deployed quite early for e-commerce, it is surprising that Web mail, the service that provides email through a browser, was not similarly protected.
An example of alternative privacy protection is Off-the-Record chat. Google’s OTR chat does not store chat histories in users’ accounts, or in the accounts of the people with whom they are chatting. But Google policy does not preclude storing the communications elsewhere. A more protective version would be not to store the communications whatsoever. Even more protective would be not storing and providing encryption for the chat. Most protective would be to encrypt using a technique called ‘forward secrecy’, so that even if the encryption key is compromised at some point, no previously intercepted messages can be decrypted.

As the Snowden disclosures confirmed, national security agencies may exploit vulnerabilities in communications devices to exfiltrate data from targets. Such capabilities are used not only by intelligence agencies, but by law enforcement as well. As encryption becomes increasingly common, such ‘lawful hacking’ will increasingly be used when communications content cannot be retrieved in other ways. It is no silver bullet; a vulnerabilities approach is more complex legally and technically, and more expensive than if unencrypted communications can be made available.


Comments

Post a Comment

Popular posts from this blog

Kaduna, Dangote, BoI, Others To Acquire PAN – El-Rufai

-
Image
Gov. Nasir El-Rufa’i of Kaduna State said on Friday that the government, Bank of Industry, business tycoon Aliko Dangote and some states will acquire the Peugeot Automobile Nigeria Ltd (PAN). El-Rufa’i who said this during the state’s special day at the ongoing 37th Kaduna International Trade Fair, named the other states as Katsina, Kebbi and Jigawa. He said a proposal to acquire the majority shares of the company had already been submitted to Assets Management Company of Nigeria (AMCON). According to him, the step is part of efforts to revive ailing industries in the state to provide huge employment opportunities to the teeming unemployed youths in the region and Kaduna State in particular. He said that PAN, a critical partner in Kaduna State industrial history, had gone down from assembling 90,000 cars per annum to merely 200 a year. “Our hope is that when we acquire the majority share of the company, we will restructure it to operate to full capacity of assembling betwee
Tap & Tell »

Senate moves to enforce patronage of local goods

-
Image
THE Senate, Wednesday adopted a motion seeking the amendment of the Procurement Act to compel all government agencies and institutions to give maximum priority to patronising locally made products. Adopting a two prayer motion moved by Senator Eyinnaya Abaribe (PDP Abia South) titled “Need For Patronisation of Made-in-Nigeria Goods,” the Senate urged the Federal Government to initiate and implement the first option policy on purchase of locally manufactured goods for any government procurement in all arms of government and every public funded organisation. It also urged both the National Assembly to amend the Procurement Act to ensure that as a matter of law, agencies of government and government funded institutions adopt ‘the made-in-Nigeria’ goods first option policy and where consideration is first given to the local industry before any other. In a comment shortly after the motion had been passed, Senate President Bukola Saraki said: “I used the opportunity to commend him be
Tap & Tell »