Helping you organise and protect your personal information

Monday, June 13, 2011

Privacy of Personal Information

How private is information you post on the internet? Is it more secure than if you store that information on your PC?

The reality is that information can be very secure or very insecure on both platforms.
In regards to the Web, I found a helpful view in David Siegel's book "PULL". He states that there are three basic levels to the Web and area findable by public search engines like Google and Bing.

The Public Web which we normally see when searching and browsing for information online.
The Deep Web which includes large data repositories that public search engines usually do not see. E.g. Craigslist, Grainger etc.
The Private Web which we can only get access to if we qualify or have access rights. E.g. Corporate intranets or subscription based services. Again, this information is not searchable by public search engines.

So your data is more secure in the private web than the public web, but, in all these systems there are people that have the ability to access your information if they wish to. There is always a systems administrator or similar with super admin rights to each database and can just about always get to see what data is stored anywhere.
On your PC you may think your data is safe, but there are two main ways that people can gain access to information on your PC.

Remotely - If your PC is connected to the internet, even if you have firewall protection or security software, there are ways that people can gain access to your PC and search your information.
Physically - If someone gains physical access to your PC, and even if your PC is password protected, people who know how can access your PC and search your information. This can also be that case if they get hold of any of your back up devices for your PC.

On either platform the best way to ensure that your data is not compromised is to have it encrypted with a strong cryptographic key that is kept confidential (and separated from any systems administrator). This way, even if information is found it cannot be read or understood as all the information is encoded using this key.

The cracking of a strong encryption key of about 192 or 256 bits is considered infeasible.

So, be careful what you do with your information. If you want it shared then that is fine. If you want it safe and protected, encrypt it – end of story.

2 comments:

Arp Thomson said...

Hi Ross,

Well encryptionn helps but which encryption algorithm to apply? DES can easily be cracked by people with knowledge using todays PCs. Triple DES is supposed to be secure for quite a few more years yet. AES has a longer lifetime as longer keys are can be applied.

However, do you really think the US Government would promote an encryption technique that it cannot break in someway? AES is the result of a US Government competition for a new algorithm to replace DES. Since when do they accept a method that they cannot decipher? Every country has laws (or methods) to ensure that electronic communications can be tapped by the authorities. Why should I believe that something like AES or any generally available technique will be any different?

Of course the authorities are going to pretend that they cannot. On what basis should we belive them. Can youn credibly believe that a US Government funded method lie AES will be inviolable by them, Yeh Right!

Ross Hughson said...

Hi Arp, thanks for your post. You may well be right and I cannot say with certainty the the US Government does not have some way of cracking encryption codes like AES. I can only hope that if they do, then they would only use it in case of need. But perhaps I am a "glass is half full" sort of guy.