Tim Bray speaks to U of G audience about Internet security and privacy
On Wednesday Jan. 15, renowned software developer and Guelph alum, Tim Bray, came to campus to speak on Internet security and privacy, as well as touch on the travails of government oversight.
Bray, a U of G graduate in mathematics and computer science, founded Canada’s largest software company, Open Text Corp. He later became director of web technologies at Sun Microsystems and has now been with Google since 2010.
The campus event was held in the engineering atrium of Thornbrough Building; approximately 150 people attended the talk. Bray began his lecture showing the now famous Edward Snowden interview, which revealed the extraordinary spying conducted by the National Security Agency (NSA) in the United States.
According to Bray, there are four parties who are potentially interested in your browsing history and private data: monetizers, domestic governments, foreign governments, and criminals.
Monetizers are the group that includes Facebook, Google, Snapchat, Twitter, etc., who use tracking click-streams to “collect huge amounts of information” to create better advertisements so they can sell you things. Search engines like Google could not exist without advertisers who make money by “spying” on our online habits.
For advertisers, “trust is very important,” said Bray. “It’s hard to win, yet easy to lose.”
The second group interested in our data is domestic governments. They not only deploy technical advice, they also spend “vast amounts of money to watch you and to protect society in preventing another September 11th.”
Essentially, governments collect meta-data and traffic on the Internet and provide “net protection” for all because, as Bray said, “protecting us is very important.”
Bray said that despite the concerted efforts from the intelligence community, their duty in protecting us “lacks controversy.” The need to keep privacy intact on the Internet is tantamount to the software contingency. “Privacy in and of itself is a benefit to society and civilization,” he said, adding, “it’s a natural part of the human condition to be secretive.”
However, the problem is that not only is the “bad behaviour of intelligence agencies not cost-effective,” but the abuse of government oversight needs better transparency and a new regulatory framework.
It has been revealed that the NSA has secretly compromised over 100,000 commercial products, including computers and Linksys software around the world. These infected products have been sold globally, and randomly provide data for the spy agency.
In this way, third parties can ultimately compromise the meta-data collected by creating “backdoor” surveillance.
Bray asserted that “the NSA will not voluntarily back-off” and that as citizens we need to go to our local politicians so that “new legislation” can be enacted to protect our rights from being intruded upon.
He pointed out that the European Union is currently in the process of passing new legislation called “the right to be forgotten,” which will protect Internet users and their histories by preventing governments and third parties from compromising people’s browsing habits.
The criminals, the final group interested in our data, are everywhere, said Bray, even in the Guelph and Toronto area. These cryptographers not only steal email addresses, they have the capacity to exploit vulnerabilities of insecure information to steal money. Because “spam is big money business,” these criminals are succeeding in selling mass email addresses to third parties. The safest email accounts to use, according to Bray, is Gmail.
To ensure better security, Bray offered a few pieces of advice. First, everything we see and do should be encrypted in default mode. We must cease continuing to use plain text. To do this we need to add an “s” to all http: addresses. By implementing an encryption on our personal computers, we can make our searches more private and halt the pervasive surveillance.
Second, we don’t all need to be cryptographers to be more secure. Bray recommends that users always browse anonymously, always clear cookies, and consider using the anonymity software, “Tor.”
Finally, he suggested that users always use alternate passwords and logins. It is foolish to duplicate names, which only enables criminals to steal your information. He recommends either using a Dropbox, a password manager, or alternating scrambled login names every few days to throw off would-be criminals.