Abstract
Information provided by whistleblower Edward Snowden imposingly demonstrated the advanced capabilities of intelligence agencies, especially the National Security Agency (NSA), to monitor Internet usage on a large scale. Huge amounts of data are collected day by day, violating the privacy of millions of people. Public media suggest that IT security methods like encryption are the magic bullet to protect one’s privacy. This paper reflects on the feasibility and practical limitations of technical privacy protection. Current vulnerabilities of widely used IT security mechanisms impressively demonstrate the limitations of these mechanisms.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Literature
Robert Graham, “300k vulnerable to Heartbleed two months later”, in: Errata Security — Advanced persistent cybersecurity, http://blog.erratasec.com/2014/06/300k-vulnerable-to-heartbleed-two.html, accessed 01.07.2014, published Juni 2014
heise, “Das Router-Desaster: Fritzbox-Update gerät ins Stocken”, heise online, http://www.heise.de/newsticker/meldung/Das-Router-Desaster-Fritzbox-Update-geraet-ins-Stocken-2173043.html, accessed 01.07.2014, published April 2014
Michel van Kooten and Balder Verberne: “The world’s top hardware companies in 2010”, http://www.hardwaretop100.org/the-worlds-largest-hardware-companies-2010.php, accessed 01.07.2014, published October 2010
Joseph Menn, “Exclusive: Secret contract tied NSA and security industry pioneer”, http://www.reuters.com/article/2013/12/20/us-usa-security-rsa-idUSBRE9BJ1C220131220, Reuters, accessed 01.07.2014, published December 2013
Nicole Perlroth: “Government Announces Steps to Restore Confidence on Encryption Standards”, New York Times, http://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/?_php=true&_type=blogs&_r=0, accessed 01.07.2014, published September 2013
James Ball, Julian Borger and Glenn Greenwald: “Revealed: how US and UK spy agencies defeat internet privacy and security”, Guardian Weekly, Friday 6 September 2013
Georg T. Becker, Francesco Regazzoni, Christof Paar, and Wayne P. Burleson: “Stealthy Dopant-Level Hardware Trojans”, in: Cryptographic Hardware and Embedded Systems — CHES 2013, Lecture Notes in Computer Science Volume 8086, pp 197–214, 2013
Henry Samuel, “Chip and pin scam ‘has netted millions from British shoppers’”, The Telegraph, http://www.telegraph.co.uk/news/uknews/lawand-order/3173346/Chip-and-pin-scam-has-netted-millions-from-British-shoppers.html, accessed 01.07.2014, published October 2008
Microsoft: ”Security-TechCenter”, http://technet.microsoft.com/de-de/security/bb291012, accessed 01.07.2014
Andrew Cunningham: “What happened to the Android Update Alliance?”, arstechnica, http://arstechnica.com/gadgets/2012/06/what-happenedto-the-android-update-alliance/, accessed 01.07.2014, published June 2012
Netcraft: “Keys left unchanged in many Heartbleed replacement certificates!”, http://news.netcraft.com/archives/2014/05/09/keys-left-unchanged-in-many-heartbleed-replacement-certificates.html, accessed 01.07.2014, published Mai 2014
Hans-Joachim Hof: „Towards Enhanced Usability of IT Security Mechanisms — How to Design Usable IT Security Mechanisms Using the Example of Email Encryption”, International Journal On Advances in Security, volume 6number 1&2 2013, 2013
Hans-Joachim Hof: „User-Centric IT Security — How to Design Usable Security Mechanisms”, The Fifth International Conference on Advances in Human-oriented and Personalized Mechanisms, Technologies, and Services (CENTRIC 2012), 2012
Sean Gallagher: „Heartbleed vulnerablity may have been exploited months before patch [Updated]”, http://arstechnica.com/security/2014/04/heartbleed-vulnerability-may-have-been-exploited-months-before-patch/, accessed 01.07.2014, published April 2014
Bundesamt für Sicherheit in der Informationstechnik: “Überblickspapier Apple iOS”, https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Grundschutz/Download/Ueberblickspapier_Apple_iOS_pdf, July 2013
Sabine Trepte, Tobias Dienlin, Leonhard Reinecke: “Privacy, Self-Disclosure, Social Support, and Social Network Site Use”, Research Report, University of Hohenheim, http://opus.uni-hohenheim.de/volltexte/2013/889/, November 2013
Eiji Hayashi, and Jason I. Hong:“A Diary Study of Password Usage in Daily Life”, Proceedings of the SIGCHI Conference on Human Factors in Computer Systems, pp. 2627–2630, ISBN 978-1-4503-0228-9, 2011
Author information
Authors and Affiliations
Corresponding author
Additional information
Prof. Dr.-Ing. Hans-Joachim Hof Professor für Sichere Software-Systeme an der Hochschule München, Leiter der Forschungsgruppe MuSe — Munich IT Security Research Group, Vice Chair German Chapter of the ACM, Leiter der Zusatzausbildung „Betrieblicher Datenschutz“ an der Hochschule München
Rights and permissions
About this article
Cite this article
Hof, HJ. Practical limitations of technical privacy protection. Datenschutz Datensich 38, 601–605 (2014). https://doi.org/10.1007/s11623-014-0236-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-014-0236-0