The mystery of the odd sock….

So it’s Monday morning and you need to get to the office, but you only have odd socks in your draws. Where have the matching socks gone?

I have a theory that there are little people living under our houses that run around collecting ‘odd-socks’, to save us from the err of becoming too predictable and symmetric. I call them “the Collectors”. They don’t only collect odd-socks, they collect hair clips, pens, and here is where the information security bit comes in… USB memory sticks,  commonly referred to as ‘thumb-drives’.

How else can we explain where our USB sticks disappear to? How many have you purchased or acquired in the last 10 years? Where are they now? Fortunately for us “the Collectors” are not interested in what is contained within this little plastic sticks, so it really is not a concern to us security conscious individuals. Or is it? Because although it really is no big deal if you turn up at the office with odd socks, it has become pretty cool nowadays. The memory sticks are a bit tricky. How much data is stored on them and is some of this personal data?

But what is personal data? This is difficult. Nowhere has a clear definition of personal data been stated, although  Personal Identifying Information (PII) and sensitive data has been defined. In the EU even the IP address is classed as PII.  The problem is that data can be combined from different data sources to become identifying data, that could be on one or more of yours, or your employees’ memory sticks.

The new EU Data Protection Regulation due out December this year, potentially January 2016, will have the power to impose fines on those companies that lose personal data. Numbers we have at the moment is between 2% and 5% of revenue for each data loss. In public sector the fines will be fixed. What this means is that when one of your employees loses one of their memory sticks your company is liable to the consequences.

So what’s the solution? Well this is what is rather nice, it is simple when it pertains to data that is stored on movable persistent storage, e.g. memory stick.

  1. Request all your employees to turn in their memory sticks;dataAsur encrypted memory stick with PIN
  2. Destroy them, securely;
  3. Replace with an encrypted stick, that has a simple PIN code build in;
  4. Enforce the use of encrypted sticks using a Port-LOCK functionality found in most virus scanning packages today that is often not implemented;
  5. Log all data that is copied to and from USB devices.

This is not difficult to implement, and pretty inexpensive. This mitigation will block one of the main channels/threat vectors for data loss in your organization.

You could of course just keep hoping that it is ‘the Collectors’ who have all of your mislaid memory sticks in your organization? If I am right about that too…. but I wouldn’t believe me, if I were you 😉

Today I committed FaceBook suicide! – Part 2

2518864-8236474736-tombsA followup to my post of 21 May where I discussed not only the FB suicide, but how I did it. The question is: How am I coping since committing FB suicide? The question popped up when I had some time today to check my LinkedIn feed. It was Shared from Wired (I’m Quitting Social Media to Learn What I Actually Like).

So how am I coping? The answer is ‘very well, thank you’ 😉

I have some friends in my new anonymised FB profile. Although clearly I will never achieve anonymity so long as I have connections to friends. Nevertheless although I have few friends, my feed was filling up again….. panic! Not that I’m not interested in what my FB (and now only physical) friends are up too, it’s just I would prefer to choose when I check them out. You know when I have an hour to spare one evening, with a cup of my favourite tea, sitting in my favourite couch 🙂

So I unfollowed all my FB friends. It is a dream, I now have the advantages of FB without the intrusions on my life. No adverts, as I’ve clicked nothing outside of my direct FB friends, and no feeds, except those that really interest me, e.g. data protection commission. It is lovely, sometimes I am thinking, I wonder what so-and-so is up to nowadays? Then I take a look, but only if I have the luxury of time and I’m in the mood 😀

Now my Focus is PRIVACY!

Well here I am, after 20+ years working in IT and information security as an active Privacy Advocate since I started this blog in 2007, I am proud to admit that I have started a company that is focused on privacy and the new upcoming data protection regulation. Whereas privacy has traditionally been viewed as the ‘other side of the coin’ to information security. I would like to challenge this and say that PRIVACY is a much bigger, and information security is a tool to enable privacy.

You are welcome to pay a visit to PrivaSee and let me know what you think? Our team have the skills to assist you in the E.U., and upcoming E.U. Data Protection Regulation. When it pertains to existing local legislation for data protection we have the expertise for both Sweden and the U.K. Now that my work will be focused on privacy, I will be much more active on this blog which incidentally will have a 10 years anniversary in 2017!

Clearly if you need our services I would love to hear from you 😉

Security vs. Freedom (A Short Story)

He stood blocking the light from a single window in the small room. It was cold even though the sun was warm outside. The only other person was a woman sat at a steel table; she was frail, almost transparent, tired of resisting, and tired of life.

His presence radiated strength as he spoke. “I remember when I lived in fear. Can you imagine I was afraid? It is true that life was cruel, with each man living on-the-edge, and for himself. The world as we knew it: was becoming chaotic; moving too fast; so lost on foolish quests. People were scared as change embroiled the world, and they were losing all that made them feel secure.”

Turning around, he looked down at her, compelling her to look up. “Where dictators didn’t rule, fascists and extremists terrorised the ‘so called’ democratic societies. The world was shrinking, and with this the economies started to crumble; and the great towers fell as the terrorists of the world hit out.”

“In those days you couldn’t board a plane without that fear in the back of your mind, that a terrorist maybe your neighbour. In some countries they would tie bombs to their bodies, calmly walk into a crowded café and explode; in others they would tie bombs under cars that would detonate once the poor driver turned the key in the ignition; or what about a change of carnage with chemical warfare in the subways? There were other alternatives of course: your children could have been shot in the school by some madman; or thieves may choose to sacrifice your life for some petty reward.

So we started to watch you, to protect you. We introduced a global numbering system, so that every person in the world would have their own ID. We likened it to the Social Security number, but really it was more than this. This number was scanned into their ID card, that later became an RFID implant. From hereon we were empowered to stop all known terrorists travelling by plane. The concept was accepted; those that travelled often got a fast track for the implant. Those that didn’t got a slow track. Eventually everyone wanted one, nobody wanted to be in the slow track, whether this was at the airport, the subway or in the supermarket.

However that was when the terrorists started to target more the subways, and we implemented it here too, and then on all trains, and buses. They even slaughtered innocent children in schools.  We chipped everyone, even the children to protect them. Those that were not chipped could no longer move, and we caught them for being guilty in having ‘something to hide’. The world became safe from terrorists and madmen. What an evolution! We now had in our global data-bank containing the biometrics of every individual in the world. We knew the online and offline movements of all; collected and stored in an intelligent data-bank that was able to predict what they were planning even before any ‘terror attack’ hit.

Hence you are protected, secure in a world that looks after you. You say you don’t like to be watched, but we don’t watch you all the time, we just track you. So yes, it’s true I know everything about you, but so what? I know everything about whoever I wish. So why should this offend you? Why do you continue to refuse to accept and conform, why are you not like the others who are settled in this wonderful new secure world? Why?”

Calmly he faced her, looking deep into her eyes. He could see how her strength ran deep, beautiful in its purity, but tired, so tired. The silence hung heavy in the room, breaking it she brought her thoughts to life. Her voice was quiet, firm and clear. “I appreciate that today our society is secure and safe. We are no longer at risk of attack from terrorist or madman. However in providing this security, society has taken from me my personal space, my privacy, and the freedom to do as I wish, when I wish; this is because I feel and know that I am being observed, this changes my behaviour, and ultimately the choices I make.

It is clear that security has a price to pay, and the currency is freedom. It is a delicate balancing act, to increase either, jeopardises the existence of the other. Man will however never be completely free; he will always find ways to build some security framework around him. Unfortunately, it is when the free man becomes obsessed with security we are faced with the risk that the scales of security and freedom will cease to balance.

Now the payment has been made. The scales that once hung so delicately have fallen. Freedom is lost, but man no longer realises this, he doesn’t know what freedom is. It is only I that still remembers.” She paused for a moment -her breathing shallow- and looked at him. “You have clearly forgotten.”

Sitting back in his chair he continued to survey her, saying nothing, finding himself savouring the sound of her voice, remembering something, but not sure what.

Standing up she moved over to the window; gravitating towards the light, the sun, where she had once been free. “Don’t you remember me anymore Security? I know freedom well. I am Freedom. I am what a man feels when he sits alone, and watches the mountains reaching high above the lake that lies so low. I am that yearning: when he sees the road that run so long, and the trains that pass so fast. I am the sound of birds in the air, the cool breeze that passes by, and the leaves that flutter loose. I am the feeling that man belongs not to anything, that he can walk and run where ere, to say and to think as he wishes.

Have you really forgotten Security? Don’t you remember our vow? We were married once, a long time ago, ‘Security and Freedom’. Has it been so long that you have forgotten how we loved each other, and how we promised in our union ‘that you would make man feel secure, and upon this foundation I would let him be free’?”

Written (but unpublished) 2001 after 9/11.