Cryptography

The History and Mathematics of Codes and Code Breaking

Tag: security Page 1 of 8

Power of a Test

After the terrorist attack on San Francisco, the Department of Homeland Security ramps up security and surveillance in hopes of catching the people responsible, but instead only manage to inconvenience, detain, and even seriously harm innocent civilians. Marcus explains that the problem with the DHS system is that they're looking for something too rare in too large a population, resulting in a very large number of false positives.

What Marcus is describing is referred to in statistics as a Type I error - that is, we reject the null hypothesis (the assumption that nothing is abnormal) when the null hypothesis is actually true. In this case, the null hypothesis is "not a terrorist", and there's enough suspicious data, the null hypothesis is rejected in favor of flagging the person for investigation. Marcus claims that in order to look for rare things, you need a test that only rejects the null hypothesis at the same rate at which the thing we're testing for - in this case, terrorists - actually occur. The problem is, there's also Type II errors. While Type I errors are caused by being too cautious, Type II errors occur when our test "misses" the thing we are actually looking for. When determining how "tough" a test should be, we need to decide how to balance these two risks.

Marcus is advocating for making the system less broad, therefore reducing false positives. However, this increases the risk for false negatives as well. So, which is worse: a false positive or a false negative? That's a question of expected value, which is based off the probability of a result and its consequences. In this case, the result at one end of the spectrum is the terrorists are caught because of this system, but many innocent people are subject to surveillance and searching. On the other end is that no one is caught because they slip through a timid test, and more people are hurt as a result. Clearly, this can easily turn into a much more complicated debate on the values of time, trust, privacy, and life, so I won't try to determine what the correct balance is myself. Although it's easy to describe some aspects of this conflict with numbers, as Marcus did, it just isn't that simple.

Mining Mystery: Should we mine Student Data for more Protection?

Morris’s central argument revolves around the incorporation of student data mining in order to counter possible future threats. He calls this “the next natural step” in using private information to prevent external threats. Morris goes on to detail how administrators could track social media usage, shopping patterns, and further online activity in order to make assessments on whether a credible threat exists. 

 

The central issue in this debate lies between privacy and security. Are students’ rights to privacy outweighed by administrators’ need to provide safety and security for their students? This question isn’t limited to college campuses, but can rather be applied to society as a whole. Discussing the role of authority, particularly governments, in our daily lives is of the utmost importance and a daily ideological struggle. I both agree and disagree with Morris’s argument. It’s important for administrators to do whatever is necessary to protect their students, but violating the privacy of their students is not the path to go. Aside from the obvious moral enigma, such an act could give more power to authority and reduce self-accountability. Allowing the administration to monitor what students do online would lead to mistrust; dangerous, secretive behaviors; and a need for students to “hide” what they are doing online. A common-sense solution would combine certain aspects of Morris’s argument with the other side. Allowing the student population to decide which aspects of their online life they want monitored would provide more credibility to the administrations’ efforts to increase safety, as well as provide increased trust and accountability of authority.

 

How much power we are willing to give authority is a central tenet of modern society, and no discrete answer exists. The best possible solution takes into account both sides’ arguments and will help administrators provide better security while also protecting student privacy.

 

Data Mining: It's Already Happening, So Why Not Push It Further

In the essay "Mining Student Data Could Save Lives," by Michael Morris, the central argument is essentially that a variety of online platforms already use data mining to see what they should advertise to users; since this is the case, why not allow colleges and universities to use the same technology to see if they can identify when a student is showing unhealthy, worrying, and potentially dangerous through their internet usage?

At first, when I had begun to read the essay, I already had it set in my mind that colleges and universities being able to see what students were doing was an invasion of their privacy, simply because it is so easy to abuse that power. But after I continued reading, Morris made points about how shopping sites and social media platforms already data mine, and that quickly changed my viewpoint.

Just as I can Google dresses and later have dresses advertised to me on Facebook, students can shop for guns or stalk faculty (like Morris said) and have that information available for their university to see. And even though this is not one hundred percent full proof or guaranteed to prevent tragic events from happening on campuses, it is still a good step to assuring a little bit more safety and security on campus.

Careful Campus

After recently watching Citizenfour, I feel myself being much more cautious about what I search on the web. I do not do this because I have anything to hide, but because people do not act the same when they believe, or in this case know, they are being surveilled. These podcast episodes did not exactly put my mind at ease either. With problems such as ransomware and botnet, it seems a lack of knowledge could cost the average citizen a lot more than a few lost files. Therefor, the question remains, how do we protect ourselves from these cyber attacks?

College students around the world use their devices for primarily social media. Some of that content is private in the sense that you only want a select amount of people to be able to view it. So, how do we protect our accounts? The best way also is the most simple: long and complicated passwords. The more random and lengthy the password is, the harder for an attacker to gain access. Another caution to hold in your mind brings me back to the video we watched about the reporter who visited "hacker-con" in Russia. To show the ease and speed with which an attacker can infiltrate a device, the interviewees set up a fake wifi account under the hotels name. The reporter logged on to the wifi and the attackers were then able to snake-hole their way through the rest of her passwords and locks with ease. If I could offer two pieces of substantial advice for fellow college students I would offer: use strong passwords and always be vigilant of what you connect with your device.

 

Judging criteria for the debate

As a jury of a debate, I would like to consider several issues as the judging criteria for the debate on Monday.

First of all, the basic points for pro team and con team must be explicit and reasonable. In their first round, they must build at least one solid point of view, which should be prepared well before the debate. What I expect to hear about is the real voice for the citizens that which one is more important, privacy or security, and why. The best form of their speaking is the combination of points and examples in order to make the point more convincing.

Secondly, after hearing the point of the opposite team, they should know what is the core statement of the opponent and build up an effective counterpoint for that. For example, if the pro team states that electronic surveillance could help track criminals, I expect the con team to consider that sometimes it does not work with the system and there might be false positives that lead to the wrong direction and harm innocent people.

Thirdly, they should also learn about the possible weakness of their own points. If they could point out the weakness by themselves and do concession. Then they actually effectively eliminate one possible point of opponents. Both teams should prepare these ideas well before the debate so that they could react quickly in the class.

People cannot convince others thoroughly, but they could use their ideas to influence others' thoughts, at least make others agree to part of their points and consider the issue from some new aspects. If they made it in this level, then they might do better than the opposite side and win the debate.

How to Stay Protected While Online

Some advice that I would give to a college student is to never assume that what information is stored is safe. I think that if someone doesn’t want their information being leaked online, they shouldn’t put it online in the first place. There is always a possibility that something bad may happen. It would always be safe to keep a physical copy of important information than a digital copy. I also believe that secure passwords are needed to keep online information secure. There are so many occurrences of people having passwords like “password” or “123456”. Both of these passwords are easy to guess, and it makes it easier for hackers to find and steal your information. I think that the passwords that I use for online websites are strong. I keep most of my passwords written down in a notebook, so I would not have to save them online. The reason why I write my important passwords down on a piece of paper is that it is safer to store it on paper than online. If I saved my information on public storages, such as google docs, my information would not be secure. I do not like saving my passwords online; however, there are many password managers that can keep passwords safe. LastPass is a password manager and generator that I believe many college students can benefit from since it can create a secure password and save it for them.

How to Combat the Perils of an Online Identity

As we all know, in modern society we are being watched and surveilled by companies, individuals, and governments that want our data. Through the course of these podcasts, I think there are some key takeaways that we as students can implement to make our selves more secure and immune to major breaches to our online identity. It is very hard to stop everyone from seeing anything you post on the internet, but it is easy enough to put in a few safeguards so that major harm is mitigated. One thing that you can do is use secure passwords that vary from site to site. Password security is a big thing that students should be aware of, and using tools like apple keychain or another password creator/sorter is an effective way to combat against people trying to steal your identity. We saw earlier in the year that when a website's database is breached, it is only the 90% of the least secure passwords that are compromised because it is not worth trying to hack extremely secure passwords since they take to much time and computing power to crack.   Also, I know that certain products like iPhones are better about security than androids because of some of the safeguards that they put in place to make their phones and devices more secure. These are a few ways to keep yourself more immune to attacks on the internet, although, in matters like these, nothing is certain, so you also have to be careful what you put online as a student.

Another smart thing to do as a student is to have external backups to important files on your computer in the event that you are hacked. As shown in the first podcast, if a device is compromised it can be very hard (and expensive) to recover your data. Having an external backup will make you have a failsafe in place.

 

A Surveillance Story That Hits at Home

In Radiolab’s podcast, Darknode, the story of the “suburban Boy Scout turned black hat hacker” resonated with me the most in terms of the security vs. privacy debate. For starters, the story truly represented how “you either die a hero, or live long enough to see yourself become the villain” (The Dark Knight Rises). In today’s society, we are surveilled - plain and simple. So, what I found so compelling, was how Radiolab was able to portray that no one is immune to this new era of life and anyone can become part of it. Specifically, in this case, the person being surveilled eventually became the one executing the surveillance; I personally took it as his form of “rebellion” even though he was not necessarily as drastic as the friend that initially introduced him to the concept.

The second reason that this story resonated and made such a strong case with me is because I have actually lived the story being told. When I used to be much more active in my internet explorations, I actually encountered, and was friends with, many “script kitties” (as described in the podcast these are scripters who are able to take advantage of just enough of the tools available to scrape the surface of hacking). What I found fascinating, is the story and development of how botnets came into existence and how they initially had a more innocent origin. I was also able to piece together that his reference to “hitting people off the internet over video games” was a reference to a term I became very familiar with called DDoSing. It was truly amazing hearing an experience so similar to my own that was able to shape the course of someone’s life.

Overall, this section of the podcast furthered my opinion of how the issues of privacy vs. security are changing the way humans interact in today’s society.

 

Advice for College Students on their online security

First of all, to ensure the security of the computer operating system, install important and urgent patches, the operating system now has the function of automatically updating the patch, the system is often updated to ensure security. If the security of the operating system is not guaranteed, hackers or Trojans can easily obtain various private information of users through system vulnerabilities. For Windows systems, the daily login system, preferably users of the Power User or User group, avoid using the Administrators group, so even if the computer has a Trojan, the damage is controllable.

In terms of security, the iPhone that is not jailbroken is the best in common mobile phones. To use the iPhone, you need to turn on the "fingerprint unlocking" function and the "find my iPhone" function, while ensuring the security of the Apple ID password, using a unique The only secure password. If the phone is lost, log in to the iCloud website for the first time, and enable “Lost Mode” on the device in “Find My iPhone”, so that you can't use your phone by any method (even if reset the phone), then you can hit it. The phone is reported to the operator for loss of the SIM card. In the event of an emergency, you can remotely erase the information in your phone from the iCloud website.

Try to avoid using software that is suspected of having a privacy risk. Use caution on software developed by small companies. Do not enter personal information in it.

Striving for Privacy

In danah boyd's book, It's Complicated, one quote that stood out to me was when she stated, "for teens that I interviewed, privacy isn’t necessarily something that they have; rather it is something they are actively and continuously trying to achieve in spite of structural or social barriers that make it difficult to do so."

This quote resonated with me because throughout the semester, we have discussed and debated the topic of privacy versus security. In every instance, we looked at a specific example, or fictional scenario like in the case of Little Brother. However, I cannot recall a time that privacy has been looked at from the perspective of the innate state it exists; from the second we are born to the second we die, we are surveilled to a certain degree.

For better or worse, parents are there from the very beginning teaching right from wrong. When one reaches schooling age, it becomes the school, then, eventually an employer. Throughout the duration of human life, someone is always there to answer to. Therefore, achieving privacy becomes something that actually must be strived for if there is any hope of gaining it. It is not impossible, but it's complicated.

After coming to this conclusion, I began to imagine the best way that some level of privacy could be achieved, and I could only land on one answer: power. Which is ironic because in each instance those in power are the ones doing the surveillance - it becomes a pyramid. Sure enough, boyd laid out three methods that can be used to achieve this autonomy and find some degree of privacy with the first stating, "people must have a certain degree of agency or power within a social situation." Yet, we must ask ourselves is those in power truly have privacy? Whose family do you know more about... the Kardashians or someone you call a friend? While power may bring one closest to privacy, I do not think there is a way to achieve ultimate privacy.

I do not have an answer for privacy, and I am not arguing that all forms of it are evil. I just find it interesting that through boyd's interviews, it can be seen that privacy has become a construct of society that we strive for but can almost never have.

Page 1 of 8

Powered by WordPress & Theme by Anders Norén