DeepSec 2013 Talk: Prism Break – The Value Of Online Identities
We all have identities. We use them on a daily basis in our off-line world. Colleagues greet us at work, because they know who we are. Of course our family members know who we are. When it comes to the digital life-style our identity becomes a lot more complex and diverse. Web shops know what we like and suggest products we do not yet have. Social media sites suggest contacts that might match our interest (as do dating web sites). Frequently used search terms are processed to refine the results our favourite search engine presents us. Customisation and targeting is the key. Everything you do and communicate is processed like ore and the Big Data server farms refine your daily trails through the Internet and produce your online identity – which is a good by itself, exists multiple times (at least once per service provider) and consists of a pretty good picture of your interests, habits and quirks.
Why are identities valuable and who is affected? The latest blog articles and the French paper Le Monde reported that NSA’s surveillance operation also swept up text messages based on key words. The French government demanded explanation from the US officials over this recent NSA spy report … which is the same reaction the Germany government demonstrated earlier. The international press and citizens all over the world understand more and more that the publications based on Edward Snowden’s leaked documents was a milestone in information-processing history. During the cold-war the work of intelligence focused on politic-related actions and avoided to spy on (innocent) citizens – not only because the information technology at the time wasn’t able to handle all the data necessary. Nowadays the combinations of diverse data-sources and the possibility to process huge amounts of data enable intelligence services and companies alike to dig deep in everybody’s pockets.
Businesses are interested in your online profile for getting to you your interests, your social network (to have your friends’ friends buy something as well), and your online behaviour for advertising and selling products. Once you create an account, everything you do will be tied together. Every click and every character you send to their servers can be used to create a detailed picture of you. This is a classical information leak (think a bit about social engineering) from the perspective of security. Since your profile data is Out There™ it may even be (ab)used by third parties. Given these scenarios it should be clear that online identities should be part of your risks assessment.
Governments are also interested. You can gather this from the many reports about the practices of NSA, GCHQ, et. al. which have been published since June 2013. While the intelligence services probably do not want to bring advertising or products to you, they are keenly interested in the forecasts of a famous online bookseller (think along the line of terrorists who attacked location xyz are probably interested in attacking location abc, …).
In his talk at DeepSec 2013 Frank Ackermann will explain to you how online identities are created, maintained, and how they related to Mrs Merkel’s famous realm of #Neuland (roughly translated uncharted territory) in the light of PRISM, search engines, „Cloud“, and Big Data. We recommend attending this talk for everyone, because the topics discussed affect us all.