Sunday, January 26, 2025
Data protection and boringness
From the outside it is pretty obvious how much the ongoing discussion on the Tiktok ban in the USA is mostly about partisan point scoring, very little about national security, and even less about whether Tiktok is good or bad for American teens. President Trump, who initiated the drive to ban Tiktok in his first term, and is now trying to score points by "saving Tiktok", said something interesting that justifies further discussion: To paraphrase, he said that Tiktok is mostly used by kids, and there wasn't much danger about the Chinese communist party getting hold of a lot of useless data about them.
If you use the internet at all, you probably have been bombarded over decades by various ads for software products to increase your internet security: Antivirus software, VPNs, data-deletion services, the lot. To me, many of these paid internet security services have always seemed overpriced and useless. The built-in antivirus of Microsoft Windows works just fine, and the really sensitive data like credit card and bank transactions I do over the internet are rather well secured by tools provided by the bank. Yes, identity theft and similar crimes are a problem, but paying somebody a hundred bucks or more per year for some sort of software protection isn't actually reducing your risk by very much.
The fundamental truth here is that most of us are rather boring. If the darkest secret your PC can tell about you is that you occasionally watch porn, and you aren't working in any capacity that is sensitive for national security, the Chinese government probably has very little use for your secrets. We are being spied upon all the time by corporations, but the information that they after is stuff like that you are currently considering buying a lawn mower, so they can bombard you with lawn mower ads. Yes, that can feel intrusive if you looked up lawn mowers at one point in time on one website, and then suddenly see lots of targeted ads on other sites later. But it isn't as if you actually lost something by somebody having collected that data. And one could argue that if you weren't bombarded by targeted lawn mower ads, you'd be bombarded by untargeted ads for other things you have less use for.
In 2015, in one of the most wide-spread leaks of embarrassing personal data, hackers published the customer details of Ashley Madison, an online dating service for extramarital affairs. So, yes, if you are doing things online that you don't want anybody to find out about, there is a risk. However, the data leak was possible due to the company running Ashley Madison storing those customer data not very securely. A customer of theirs could have spent a pile of money on various online data protection tools, and the outcome would still have been the same, as it wasn't the customer's computer that got hacked.
The biggest risk on social media is oversharing. In November 2024 tech YouTube influencer Marques Brownlee posted a video of himself testing an action camera, and in the process filmed himself driving a sports car at 95 miles per hour in a 35 miles per hour speed limit zone. There isn't any data protection software out there that can protect anyone from that sort of stupidity. And the Chinese government doesn't have to own Google / Youtube to access that sort of embarrassing information.
There is a serious discussion to be had on whether it would be good to follow the Australian example and ban social media usage under the age of 16. For matters of national security it would maybe be wise to ban all personnel with a certain security clearance from social media in general. But it seems to me that the huge amount of data that is being collected from us via everything from search engines to social media sites is mostly of commercial interest, and has very little to do with national security.
Comments:
<< Home
Newer› ‹Older
The real concern about TikTok seems to be less about it spying on citizens and more about it being able to influence them and that influence being controlled by a party American politicians can't control.
It's why they are fine with tiktok continuing to operate if they sell to someone else.
It's why they are fine with tiktok continuing to operate if they sell to someone else.
On a side note, the US just suffered what is likely the largest data breach of K12 student and staff data in history. Names, addresses, and social security numbers were stolen and you won't see a whiff of this on the front page of any of the mainstream news outlets.
We don't take information security seriously in this country.
We don't take information security seriously in this country.
With AI agents inevitably coming to start to co-run everyone's lives and businesses, your devices will soon know more about you than you know about yourself. Any resulting privacy breaches will only get more destructive.
You have to assume that there will be some data leakage because it ALWAYS happens. Once you understand that assumption then the next question is who do you want to own the systems that store the leaked data. The answer is in a jurisdiction that you control. That is why ownership and data locality is necessary for national security for any nation, not just the US.
In the case of the US and China I'd be worried about the Cinese getting IP or other information that the US that they shouldn't have due to someone posting something that they shouldn't have. Whether that's a child that posts something to gain "cred" which they stole from a parent or guardian, or the employee doing it themselves accidentally. It's just easier for the US government to deal with those issues if they have jurisdiction over the data.
It doesn't eliminate the issue since nations that we are in "competition" with can still access that data in my use case, but it does make things easier.
Other than that and location data, which again, you don't want in an adversaries hands (think the Strava heat map incident a few years ago). All those little bits of data matter and can be strung together to create psychological profiles that can be used to identify targets or target strategies.
People really underestimate the value of seemingly inconsequential information out of ignorance. They can't see how it would be valuable to others. Not everyone is ignorant though and those that see the value want the data or want to make it more difficult for adversaries to get.
In the case of the US and China I'd be worried about the Cinese getting IP or other information that the US that they shouldn't have due to someone posting something that they shouldn't have. Whether that's a child that posts something to gain "cred" which they stole from a parent or guardian, or the employee doing it themselves accidentally. It's just easier for the US government to deal with those issues if they have jurisdiction over the data.
It doesn't eliminate the issue since nations that we are in "competition" with can still access that data in my use case, but it does make things easier.
Other than that and location data, which again, you don't want in an adversaries hands (think the Strava heat map incident a few years ago). All those little bits of data matter and can be strung together to create psychological profiles that can be used to identify targets or target strategies.
People really underestimate the value of seemingly inconsequential information out of ignorance. They can't see how it would be valuable to others. Not everyone is ignorant though and those that see the value want the data or want to make it more difficult for adversaries to get.
100% agree that these bans are driven primarily by commercial concerns. I am not sure however that you can seperate commerce from national security. USA's global dominance owes at least as much to the success of American companies as it does to the success of American armies. The British understood this when they built an Empire using relatively small military forces to support and ensure advantageous trading conditions for commercial concerns who did the majority of the actual colonization.
Post a Comment
<< Home