The Strategist

The Delicate Equilibrium Between Data Privacy and Public Safety

12/14/2015 - 15:23

Administration of Twitter warned some of its users that they might have been hacked to steal information from their accounts. At that, the attacks could have been ordered by foreign states. This is the first statement of this kind made by Twitter.

European Justice Commissioner Vivianne Reding
European Justice Commissioner Vivianne Reding
Among the warning’s addressees are experts in cryptography, security researchers, political activists and journalists.

In the message, Twitter expresses concern on increasing hacker activity, noting potential engagement of government agencies. Company recalls a story that happened a year ago, when personal profiles of 22 million employees of the US Department of Homeland Security were compromised.

The message also says that hackers may try to gain access to users’ phone numbers, email and IP-addresses. According to the company, hackers are interested in personal data used in registration in social networks. Having obtained the info, the hackers can, for example, to send tweets from compromised accounts.

Twitter reports that hackers have managed to crack a "small number of accounts," and the company is now investigating the incident. A survey conducted by one of Twitter’s users revealed that the letter was sent to about 20% of the respondents. In 2013, Twitter warned some 200 000 of its users, but then it was theft of passwords, not attacks, sponsored by foreign countries.

FT cites an example of one of these attacks, performed by the Syrian Electronic Army: malefactors hacked Twitter accounts of some newspapers and distributed false news through them.

Google and Facebook have also begun to warn its users about attacks from hacker organizations sponsored by foreign countries.

The Internet as the new battleground

Following the terrorist attacks in Paris, intelligence agencies admitted their impotence in deciphering terrorists’ conversations. Rebels use all the Internet possibilities, from encrypted messengers to chats in PlayStation 4 games. Once again, this triggered debates on weakening of users messages’ encryption and backdoors for law enforcement agencies.

During a speech at a conference on cyber security in New York, Director of the Federal Bureau of Investigation James Comey said that encrypted conversations of ISIS militants stumped the FBI.

Comey told that the FBI monitored ISIS’s efforts to recruit new followers on Twitter, but the terrorists have switched to encrypted platform, and the bureau "lost sight of them."

Comey, along with the District Attorney of New York County Cyrus Vance, once again addressed to Apple and Google with a demand to weaken cryptographic protection to protect citizens in view of the terrorist attacks in Paris.

"Boundaries of public security protection should not be determined by only two manufacturers of smart phones," - said Vance.

US intelligence, congressmen, and the European authorities had previously tried to use shooting in “Charlie Hebdo” to put pressure on technology companies. It happened after Apple refused to provide law enforcement officers with keys to encrypted personal data, stored on a suspected iPhone, even despite the warrant. Tim Cook’s company stated that the algorithms are implemented in such a way that Apple itself does not have access to this data.

In May of 2015, US President Barack Obama joined appeals to technology companies to provide "backdoors" (means of circumvention) for cryptographic algorithms. Major Internet companies, including Apple, Google and Microsoft, supported by an international Internet security expert group, sharply criticized the initiative and warned about great danger in the very existence of these "keys". Backdoors would almost certainly become property of cybercriminals and terrorists, which would make citizens and businesses virtually defenseless against them.

However, after the bombings in Paris on the night of 14 November 2015, perception of the problem has changed substantially. Internet companies, understanding the social tension in connection with the attacks, willingly made significant concessions.

For example, Facebook chose an interesting position in terms of censorship and issuance of personal data. The social network does not allow censorship and does not disclose user data, yet removes everything that could potentially threaten the business. The administration even managed to block account of a girl named Isis (Isis Anchalee).

The EU’s attempts to expand the security services’ powers regularly has been regularly failing after revelations of the former NSA employee Edward Snowden. British Prime Minister David Cameron has even earned a non-flattering nickname, trying to ban the HTTPS protocol, widely used for Internet security.

However, the situation in Europe also changed after the attacks. France is preparing to adopt a new law expanding powers of security services in the field of Internet surveillance and wiretapping. Later, Belgium had the highest positive assessment of ISIS on Twitter. Now, the country is also concerned about lack of control over the terrorists activities in the region.

Shortly before the attacks, Minister of Security and Home Affairs of Belgium Jan Jambon said "not only Belgian but also international intelligence agencies have difficulties in decipher all conversations of terrorists via PlayStation 4".

Sony has announced its readiness to disclose identities of those who use the device for conversations and placement of illegal material. The divulgence will be made if requested.

In general, analysts believe that the security services can go on the offensive regarding personal data of citizens. One way out is backdoors in the encryption algorithms, or in security products. The second option is more likely, because the precedent is already there. It is a backdoor in the library RSA BSAFE of RSA company.

Another possible consequence - prohibition of certain messengers refusing to provide personal data or using cryptographic algorithms, unknown to intelligence agencies.

based on Financial Times, Wall Street Journal materials