Big Data and Mobile Data Security: Two bagels and a Cup of tea
Every day you wake up with that same daily ritual: alarm goes off, you get ready, you leave the house. Given your high environmental consciousness (or the lack of a driver’s license), you take as part of your morning ritual to set off on a train to get to your destination. To help you kill time and make your ride more enjoyable you take your mobile phone out of your pocket, connect to the train’s Wi-Fi and complete your journey as most of the people in the train.
What seemed to be a normal day may come with an unpleasant surprise. We often make use of public hotspots to save a few of those megabytes that consume our bill at month end. However, what is often neglected is the security of these connections.
Hannes Muhleisen is just an Amsterdam citizen who happens to live in a boat. In one regular afternoon he was setting up his internet connection when his laptop recognizes the Wi-Fi network very familiar to many of us, the “Wifi in de trein”, as a train passed by. Curious, Muhleisen decided to experiment by setting up equipment to ‘listen in’ into the devices of the train’s travelers (Maurits, M 2015). Would NS provide such an unsecure connection to its customers? With two antennas and some open software, Hannes was set to test. Thus, you are probably wondering: what kind of information was he able to pickup?
- 114,558 different MAC-addresses over 5 months
- Unique numbers of devices, time and data
- Device history of web-browsing and app usage
- Types of devices the travelers were using (e.g. Apple, Samsung, etc.)
For the additional fun, Muhleisen even created a model evaluating Wi-Fi usage based on the weather.
Muhleisen’s example is just one in many of the big data security and privacy concerns. However, these extend further than simply individuals’ data security, it also affects society and organizations. Among the top 10 big data privacy risks are (Herold, R 2015):
- Targeted marketing leading private information to become public.
- The need to have one piece of data linked to another to make sense would make your data impossible to be anonymous.
- Based on the previous point, data masking could easily be overrun and reveal personal information.
- Big data can be used to influence business decisions without taking into account the human lives involved.
- Big data does not contain rigorous validation of the user data, which could lead to inaccurate analytics.
- Big data could lead to discrimination of job candidates, employee promotion and more because it is an ‘automated’ discrimination.
- There are only few legal protections to involved individuals.
- Big data is growing indefinitely and infinitely making it easier to learn more about individuals.
- Big data analytics allows organizations to narrow documents relevant to litigation, but raises accusations of not including all necessary documents.
- Due to the size of big data it makes difficult to make sure patents and copyrights are indeed unique.
All these implications lead to major concerns towards IT security investments, paranoia and conspiracy theories. How to tackle all the ethical implications that come with big data? If one man with two cheap antennas can collect enough data to learn what you ate for breakfast, what can corporations do to trigger behaviors using first-of-line equipment? Whether you are an iOS or Android user, the big brother is watching.
Lilian Shann, 342890ls
Marits, M (2015). De wifi in de trein is volstrekt onveilig (en de NS doet er niets ann), [Online], Available at: https://decorrespondent.nl/3166/De-wifi-in-de-trein-is-volstrekt-onveilig-en-de-NS-doet-er-niets-aan-/97373496-af07ccc1 [Accessed: 13 September 2015].
Herold, R (2015). 10 Big Data Analytics Privacy Problems, [Online], Available at: https://www.secureworldexpo.com/10-big-data-analytics-privacy-problems [Accessed: 13 September 2015].
Damato, T (2015). Infographic: What’s threatening your mobile apps?, [Online], Available at: http://blog.vasco.com/application-security/infographic-whats-threatening-mobile-apps/ [Accessed: 13 September 2015].