SPOC-Web Icon, semantic Knowledge Management

How to... get Things done

Why is Security becoming increasingly important? Computers!

Computers present a new dimension in handling data. For thousands of years recording of data was impossible, relying on oral tradition, then using clay or expensive papyrus. Processing the data required people reading and processing the written records. Increased technization in the last five hundred years fostered bureaucratization and storage of von individual personal data. Computers were used for this purpose since their earliest days. The first mechanical computers were developed 1890 by Hermann Hollerith for the US Census. His company developed into IBM, one of the largest computer corporations in the world.

Moore's Law and the consequences

Already in 1890 it showed that the Hollerith-machines could process the US-census faster and cheaper than people. What took more than seven years before, was done within two years, especially the subsequent processing. It didn't stop there though.

Computers have become extremely powerful machines. For more than a century Moore's Law was verified over and over again, although it is no physical law, but rather an economical and technological phenomenon. Calculation capacities have doubled every 20 months since 1890 (including mechanical and electro-mechanical devices like Hollerith, Zuse and Eniac). In 120 years this yields 72 doublings i.e. 272 resp. 1021, a number with 21 zeros (a septilion!).

Similar numbers hold for storage capacities and netzwork-bandwidths. While fighting for every Bit in the 80s, today software-developers live in a paradise without many limits since about 2000.

These conditions provide companies like Google, Facebook and Amazon with myriads of possibilitiest to collect data, evaluate it and use it to their advantage. But this is only one aspect of increasing digitization.

Cell phones are computers too...

In the course of digitization computers are no longer used only for work or gaming. In the form von mobile phones they are a continual companion und indispensible tool for for many people. These phones are a multitude more powerful than personal computers only 15 years ago and computers themselves have developt so far that their limits are never reached by most of their users. Phones have a number of sensors, that make total surveillance extremely simple:

  • GPS-receivers to determine the position or alternatively...
  • triangulation within the cell-phone network
  • cameras and mikrophones to record the environment
  • WLAN senders and receivers
  • Bluetooth and RFID- sensors
  • acceleration and positional sensors like e.g. compass, gyroscope or barometer
  • thermometer to measure temperature
  • etc...

This power should serve the owner of the computer or phone, but just this complexity makes it hard to enforce than. With several billion operations per second nobody can check, whether hidden activities are performed. Traffic from and into the internet is allowed to pass mostly unchecked e.g. by Windows. Controlling each and every message by the user is hardly feasible.

Ideally an unbroken security-chain should be established from the individual processor operation via operating system to each application executed on the computer. Unfortunately this chain can be broken in many places. Hackers mostly exploit errors and unexpected situations at the hardware and at every software-level, starting at the processor, continuing with the operation system and browser software up to individual apps and web sites. These weaknesses can usually be fixed quickly and cheaply with software-updates, when they become known. However there is a black market for hackers and intelligence agencies, where known security vulnerabilities are traded and kept for future use. A prominent example is the collection of CIA hacking-tools, that exploits security gaps in Windows, Android and Apple iOS for more than ten years. Additionaly it contained trojans wrapped in common applications like VLC Media Player.

Much more fundamental and expensive to fix are vulnerabilities in the processor itself, as shown by the recent attacs named Meltdown and Spectre. To fix these, a new generation of processoren would need to be created and all old processoren built into computers since the middle of the 90s exchanged. Most operating system have published patches that mitigate, but not eliminate this vulnerability.

Absolute security is hard to obtain...

As the previous section showed, there is a multitude of opportunities to compromise a computer. This lack of control is usually mitigated by additional security programs, that monitor computer and other programs.

Every computer that is even only occasionally connected to the internet, should have installed at least a virus scanner and a firewall. Regular updates of the operating system and all other software is necessary to counter attacks and the easiest way to obtain these is to enable the built-in updates. 

It is hard to overestimate the extent that server in the internet are attacked daily. In home-netzworks the router of the network-provider takes on this task and has a specialized operating system to this purpose. 

Only an isolated computer is relatively secure!

Only a computer, that is never connected to a network, is safe, except of course for theft.

Ideally you should use a computer connected to the internet only for non-critical operations. It is inconvenient sometimes, but since most people have multiple devices (phone, tablet, notebook, desktop etc.) you can partition work and internet-research well between these, so that critical machines usually don't need to be online.

This is one of the easiest measures to fundamentally improve security.