Becoming Self-sufficient and IT Resilient in 2017. Part 1: Preamble and Problem Statement

This post will serve as the starting point for a series detailing how I intend to try and take back ownership of my digital life in 2017.

Also available in the series:

  1. Preamble and Problem Statement
  2. Define required outcomes and Guiding Principles
  3. Service reliance mapping, risk appetite and "make vs buy" decisions
  4. Architecture
  5. ...

1. Preamble and Problem Statement

Having read the recent privacy backlash against WhatsApp and the (incorrect) inflammatory accusation that the service also introduced a deliberate vulnerability in it's end-to-end encryption to allow snooping I decided to take a - massively overdue - hard look at the centralised services and proprietary software I rely on most for my daily acitivities.

This comes on the back of the 2013 PRISM
leaks on mass state surveilance of private individuals by US (and UK, thanks GCHQ) government institutions and the more recent blatant disregard of digital privacy in the UK Snoopers' Charter.

Perhaps driven partially by my recent re-read of George Orwell's excellent Nineteen Eighty-Four (although that re-read in itself inspired by the afore-mentioned events) some of the things that concerned me the most:

  • Private companies (e.g. Facebook) having access to a rich amount of metadata on me, my preferences, my friends, who I communicate with, the contents of those communications etc. in order to form a personal profile to then target advertisements at.
  • A steady shift in policy by anglo-saxon governments away from the traditional laissez-faire attitude to the internet and more towards outright regulation, monitoring and banning/blocking of certain websites.
  • Bulk capture of digital personal information by government agencies - resulting in a mindset that individuals are guilty until proven innocent.
  • Recent events highlighting Government demands for privately held information by companies.
  • Large amount of data breaches in the private arena and a feeling that it's only a matter of time before there is a large public breach of centralised information being held on citizens.
  • Specific provisions contained within the Snoopers' Charter covering areas such as:
    • requiring CSPs (Content Service Providers) to have the ability to remove encryption applied by the CSP
    • requiring to retain UK internet users' "Internet connection records" for one year. Police, intelligence officers and other government department managers may access this information without a warrant.
    • placing a legal obligation on CSPs to assist with interception of data and equipment hacking in order to access data.
    • created a new criminal offence for unlawfully accessing internet data.

One of the things that has struck me has been the ease with which the general public has accepted these huge restrictions on personal liberty and freedom under the auspices of the 'fight on terror'. Frankly there's not much more terrifying than the thought of a large state machine with this amount of power, limited oversight and the incentive to misuse it. What these sort of environments have created both in the present and in the past make our current issues with terrorism pale into insignificance.

To quote a recent interview with Edward Snowden:

”Privacy isn't about something to hide. Privacy is about something to protect. That's who you are. That's what you believe in, that's who you want to become. Privacy is the right to the self. Privacy is what gives you the ability to share with the world who you are, on your own terms, for them to understand what you're trying to be. And to protect for yourself the parts of you that you're not sure about, that you're still experimenting with. If we don't have privacy, what we're losing is the ability to make mistakes. We're losing the ability to be ourselves. Privacy is the fountainhead of all other rights. Freedom of speech doesn't have a lot of meaning if you can't have a quiet space. . . . to decide what it is that you actually wanna say. Freedom of religion doesn't mean that if you can't figure out what you actually believe without being influenced by the criticisms and sort of outside direction and peer pressure of others. And it goes on and on and on. But privacy is baked into our language, our core concepts of government and self in every way . . . without privacy, you won't have anything for yourself. So when people say that to me, I say back arguing that you don't have privacy because you have nothing to hide is like arguing that you don't care about free speech because you have nothing to say.

To put this in a business (and real world) context for most people I would frame it in the same way as the Fraud Triangle which is a model for explaining the factors that cause someone to commit occupational fraud such as insider trading, stealing from a company etc.

It consists of three components which, together, lead to fraudulent behavior:

  1. Opportunity
  2. Rationalisation
  3. Incentive or pressure

The fraud triangle originated from Donald Cressey's hypothesis (Montclair: Patterson Smith, 1973) p. 30.:

Trusted persons become trust violators when they conceive of themselves as having a financial problem which is non-shareable, are aware this problem can
be secretly resolved by violation of the position of financial trust, and are
able to apply to their own conduct in that situation verbalizations which
enable them to adjust their conceptions of themselves as trusted persons with
their conceptions of themselves as users of the entrusted funds or property.

In other words, if you give someone power and authority, a perceived reason that they can rationalise for abusing it and a lack of oversight they will end up using it for their own agenda and outside of its original purpose. Replace the financial speak with national security and other current government buzzwords and you can see where this is going.

PwC performs an interestingf Global Economic Crime Survey that shows the below.

Fraud Triangle

The following quote also caught my eye - I wonder what the percentage would be
if we applied a modified version of the question to Public officials (elected or otherwise) or Government Agencies in regards to the use of private and sensitive information held about individuals...? That they chose to exclude themselves from that very same Snoopers' Charter gives you an indication in my mind in how they feel about their own trustworthiness...

Interestingly, while 85% of respondents felt that management required business partners to take a public stand against corruption, only 77% felt that
their own management took such a stand.

James Veitch

Read more posts by this author.