Highly debated on how much security is required, as security will always add complexity
Why?
Data can be read and/or modified by ANY device on the network. THIS CANNOT BE PREVENTED
Ways it can be affected:
- Eavesdropping:
- A man in the middle (MITM) can listen in on any message that is transmitted.
- This is done a lot in countries with strong censorship
- Tampering:
- Somewhere along the way, a user can alter some of the data that is transmitted so that the receiver gets incorrect data.
- Spoofing:
- This is when a malicious third party pretends to be the sender, and sends malicious data to the receiver.
- This is done to mislead the receiver into sending private data
Core Problem:
There is No Known Way to stop malicious users from accessing private data that doesn’t also stop law enforcement. This means that governmental interest are always at odds with TRUE data privacy.
So where is the trade-off between preventing terrorism and child abuse, and protecting private data?
Proposed Solutions:
- Key Escrow
- Concept of a “Key Under A Doormat”, which gives a special key to the government for them to override encryption.
- Political Risks
- Really depends on how much you trust the government to have access to ALL your data, can create a security state very easily
- Technical Risks
- Creating a certain server or whatever with access to all data just incentivizes specific hits onto that specific server, and if malicious users such as hackers and spies have access to that, they have access to everything.
- End-system Content Monitoring.
- Scans on the end system for malicious content, i.e. child abuse
- Technical Risks
- Entrusting an AI algorithm to detect child abuse can lead to a lot of false positives, which are potentially life destroying.
- Servers with model data obviously have to be opaque as we cant have transparent servers will illegal content, but this also means that governments can use this for censorship, like activism or protests.
- Political Risks
- Forces the user to entrust their government, and the government of the ISP/Phone provider.
More information:
Eavesdropping
Many organizations are able to and do monitor Internet Traffic.
- Governments, and their agencies.
- They monitor for illegal activity, no matter how draconian the laws are.
- Businesses
- “Call may be monitored for training purposes”
- Network Operators / ISPs
- Data for them to optimize systems
- Malicious Users/ Criminals
- Steal data for fraud, identity theft or just for sale
Spoofing
Things like phishing are very commonly used for obtaining passwords, and other private information. (Though you are able to phish without spoofing).
Common example of people faking DNS responses on public networks, like cafes, and sending people to fake pages to get sensitive information.
How do we combat this?
DNS-over-HTTPS (DoH) ensures integrity of DNS responses → stops people monitoring/altering DNS replies.
- Stops man in the middle attacks for people sending fake DNS replies and general DNS monitoring to sell to advertisers
- Stops ISPs from blocking known Child Abuse etc.
However it can be mitigated as such.
- Encrypt the data.
- Authenticate the data, to detect alterations