It’s one of those terms that gets thrown around whenever people talk about cybersecurity. Everyone has heard of it, but why is metadata so important, and why is it so vulnerable?
Simply put, metadata is data about data. Let’s say you send a text message to someone. That text itself is data. The metadata includes the phone numbers involved in the interaction, the time the message was sent at, as well as the location of the sender and receiver. This information is collected by cell phone service providers.
When it was revealed that the NSA collected data on U.S. citizens, it was this metadata that they were gathering. With sophisticated tools, a web of interactions can be created to see how one person is linked to another person – similar to LinkedIn connections – and trace a person’s location and habits in consequence.
But it’s not just text messages and phone calls that use metadata. Metadata is created when you browse the Internet, send emails, check Twitter on your iPhone, and even when you flip through your smart TV. With the rise of the Internet of Things (IoT), your Wi-Fi connected toaster might be creating pools of information as well. This may seem innocent enough, but the implications of data being stored from every device poses certain risks. A report from the Internet Society highlights these growing concerns:
“Seemingly benign combinations of IoT data streams also can jeopardize privacy. When individual data streams are combined or correlated, often a more invasive digital portrait is painted of the individual than can be realized from an individual IoT data stream. For example, a user’s Internet-enabled toothbrush might capture and transmit innocuous data about a person’s tooth-brushing habits. But if the user’s refrigerator reports the inventory of the foods he eats and his fitness-tracking device reports his activity data, the combination of these data streams paint a much more detailed and private description of the person’s overall health. This data-aggregation effect can be particularly potent with respect to IoT devices because many produce additional metadata like time stamps and geolocation information, which adds even more specificity about the user.”
The value of this data seems clearer now – and not just to the authorities. If a hacker can monitor your activity to find out when you leave your house, there’s a good chance they can also modify the settings on your smartphone-connected door lock. Once a hacker has access to a device in a home network, every device is vulnerable. Many IoT devices lack simple authentication or encryption features, making them much more at risk to outside interference.
The IoT industry is fairly new, and they will learn the hard way about the need to include more security features in their devices. Just last month, PayPal, Twitter, Spotify and others were brought down by a hack that directed computers, webcams, cameras, fridges, and toasters to overload the companies’ servers with data, causing them to crash.
If you’re worried about the collection of your IoT metadata, there are ways to secure yourself by researching best practices online, though they are not all foolproof.
For communications by email and smart phone, the most secure system commercially available is Evizone.
With Evizone, there is no metadata captured in any interaction. Communications exclusively pass through and are stored in Evizone’s private servers. These servers are protected with military-grade encryption. The data stored is scrambled in small clusters of bytes, ensuring that no data can ever be extracted or pieced together by anyone but the intended user.
About Evizone Ltd.
Evizone Ltd. is a revolutionary secure communications, encryption and compliance software and service provider based in Montreal, Quebec, Canada. Evizone offers innovative enterprise solutions in secure messaging (next generation beyond encrypted e mail) and encryption, encryption at rest, regulatory compliance, compliance archiving, WORM compliance, 17a-4 compliance, document life cycle management and communications governance and risk management. Evizone’s services protect organizations through best in class security, encryption, recipient controls, document life cycle management, discovery management, compliance management, compliance archiving, tamper proof WORM and 17a-4 compliance archiving and complete audit records against the enormous damage caused by communications breaches. Evizone’s patented technologies offer a level of security impossible to obtain with conventional or encrypted email and fast, powerful, user friendly compliance archiving. Evizone’s services are immediately available on multiple platforms and provide the strongest commercially available communications security and compliance archiving. You can follow Evizone on Facebook, Twitter, and LinkedIn.
Tom Kott, HATLEY Strategy Advisors, 514.316.7082, firstname.lastname@example.org