The University of Massachusetts Amherst
Categories
Security Web

Private Data in the Digital Age

Former U.S. spy agency contractor Edward Snowden is wanted by the United States for leaking details of U.S. government intelligence programs
Former U.S. spy agency contractor Edward Snowden is wanted by the United States for leaking details of U.S. government intelligence programs

In a scenario where someone has a file of information stored on a private server with the intent to keep it private, is it ever justified for someone else to expose a security flaw and post the information anonymously on the internet? There exists a fine line where “It depends” on the scenario. But this classification simply does not do the case justice as there are extraneous circumstances where this kind of theft and distribution is justifiable.

One such case is whistle-blowing. Edward Snowden is still a man of much controversy. Exiled for leaking sensitive government documents, some label him a hero, others a traitor. Snowden was former Special Forces and later joined the CIA as a technology specialist. He stole top-secret documents pertaining to the National Security Agency and FBI tapping directly into the central servers of leading U.S Internet companies to extract personal data. Snowden leaked these documents to the Washington Post, exposing the PRISM code, which collected private data from personal servers of American citizens. This program was born out of a failed warrantless domestic surveillance act and kept under lock and key to circumvent the public eye. Americans were unaware and alarmed by the breadth of unwarranted government surveillance programs to collect, store, and search their private data.

Although Snowden illegally distributed classified information, the government was, in effect, doing the same but with personal data of its constituents. I would argue that Snowden is a hero. He educated the American people about the NSA overstepping their bounds and infringing upon American rights. Governments exist to ensure the safety of the populace, but privacy concerns will always be in conflict with government surveillance and threat-prevention. The government should not operate in the shadows; is beholden to its people, and they are entitled to know what is going on.

The United States government charged Snowden with theft, “unauthorized communication of national defense information,” and “willful communication of classified communications intelligence information to an unauthorized person.” The documents that came to light following Snowden’s leaks only pertained to unlawful practices, and did not compromise national security. Therefore, it appears as though the government is trying to cover up their own mistakes. Perhaps this is most telling in one of Edward Snowden’s recent tweets :

“Break classification rules for the public’s benefit, and you could be exiled.
Do it for personal benefit, and you could be President.” – @Snowden

This commentary on Hillary Clinton shows that in the eyes of the government who is right and wrong changes on a case to case basis. In many ways, Snowden’s case mirrors Daniel Ellsberg’s leak of the Pentagon Papers in 1971. The Pentagon Papers contained evidence that the U.S. Government had mislead the public regarding the Vietnam war, strengthening anti-war sentiment among the American populace. In both cases, whistle-blowing was a positive force, educating the public about abuses happening behind their back. While in general practice, stealing private information and distributing it to the public is malpractice, in these cases, the crime of stealing was to expose a larger evil and provide a wake-up call for the general population.

Alternatively, in the vast majority of cases accessing private files via a security flaw is malicious, and the government should pursue charges. While above I advocated for a limited form of “hacktivism,” it was a special case to expose abuses by the government which fundamentally infringed on rights to privacy. In almost all cultures, religions and societies stealing is recognized as wrongdoing and should rightfully be treated as such. Stealing sensitive information and posting it online should be treated in a similar manner. Publishing incriminating files about someone else online can ruin their life chances. For example, during the infamous iCloud hack, thousands of nude or pornographic pictures of celebrities were released online. This was private information which the leaker took advantage of for personal gain. For many female celebrities it was degrading and humiliating. Therefore, the leaker responsible for the iCloud leaks was not justified in  taking and posting the files. While the definition of leaking sensitive information for the “common good” can be in itself a blurred line, but a situation like the iCloud leak evidently did not fit in this category. Hacking Apple’s servers to access and leak inappropriate photos can only be labeled as a malevolent attack on female celebrities, which could have potentially devastating repercussions for their career.

While the iCloud hack was a notorious use of leaking private data in a hateful way, there are more profound ways which posting private data can destroy someone’s life. Most notably, stealing financial information and identification (such as SSID) can have a huge, detrimental effect on someone’s life. My grandmother was a victim of identity theft, where someone she knew and trusted stole her personal information and used it for personal gain. This same scenario plays out online constantly and can drain someone’s life savings, reduce their access to credit and loans, and leave them with a tarnished reputation. Again, we draw a line between leaking something in the public’s interest and exposing a security flaw for the leaker’s benefit. By gaining access to personal files, hackers could wreck havoc and destroy lives. Obviously this type of data breach is unacceptable, and cannot be justified.

Overall, taking sensitive material and posting it anonymously online can generally be regarded as malpractice, however, their are exceptions such as whistle-blowing where the leaker is doing so for the common good. These cases are far and few between, and the “bad cases” have harming repercussions which can follow someone throughout their life. Ultimately, to recall Snowden’s case, everyone has a right to privacy. This is why someone leveraging a security flaw and posting files online is wrong from the get go, because it supersedes personal secrecy. In an increasingly digital world it is difficult to keep anything private, but everyone has a fundamental right to privacy which should not be disrespected or infringed upon.

Categories
Web

HackUMass 2015

The word “hack” seems to have a very negative connotation these days, seemingly always associated with big company data breaches and malicious foreign governments. This past weekend, however, the campus saw the positive implications of the word, as over 500 students from across the country traveled to campus to attend HackUMass, the 3rd annual hackathon at Umass.

HackUMass 3
Congratulations to all of the participants at HackUMass III !

So what is a hackathon?  Well, as a computer science student, I like to solve problems. These days it seems like there very few things that can’t be improved or made more efficient by some sort of technical solution. At any hackathon, like this past weekend at HackUMass, students break up into teams to create a technical solution to a problem. This weekend, each team had between midnight Friday and noon Sunday to build, design, and troubleshoot their solution. Most teams worked through the 36 hours without much, if any, sleep.

HackUMass_Andrew
Help Center Consultant Andrew B. and his team for their project “Campus for Sale”.

My team hit Facebook to search for inspiration of what to build. We ended up on the UMass ‘Free and For Sale’ group and began looking through the posts there. Here, students can post anything and everything they are looking to sell to other students on campus. It seemed like a sort of Craiglist on Facebook. Here’s the issue though: Facebook is a social media platform. It’s simply not built for this sort of thing. Items that are posted disappear as more posts are made after it. You can’t easily search for items you are looking for, and there is no sort of filtering or category search. We knew we could build something better.

homepage
The categories featured on the homepage.

Armed with just our laptops and an endless supply of Redbull, we set to work in our cozy room in the Integrated Learning Center (ILC). Our project, CampusForSale, was going to be a website that let students buy and sell items on campus. We thought it was important for the website to only allow students to post items, as we wanted to make sure it was as easy and safe to pickup items as possible. Most of my team had never done any web development before the event, so we took a divide and conquer approach. Two of us worked mainly on the back-end database and search functionalities, while the other two worked on the front-end website. In order to make it more useful than it’s Facebook counterpart we made sure that you could search for items, and browse listings by category.

listings
This page shows all the listings in a certain category.

Other teams worked on hardware projects, some involving various sensors, LEDs, and embedded computers. You can view other projects that teams worked on at http://hackumass-iii.devpost.com/submissions.

Over the course of the weekend, each of us got only about 4 or 5 hours of sleep total, but our prototype of the site was live at http://www.campus.forsale by noon on Sunday. After an initial round of judging, CampusForSale was selected as a finalist and we got the opportunity to present our project at the closing ceremonies!

Now we’re all off to bed until HackUmass 2016.