Pegasus and the consequences for our data

Commentary by David Chaum Pegasus and the consequences for our data

Ever since the WikiLeaks scandal, it has been known that data is regularly collected by nation states and is never really secure. The recent Pegasus revelations show that there is a thriving market for high-performance espionage programs and that it has become affordable for all kinds of institutions to access our data.

Pegasus is a spy software that infiltrates the phone software via messenger services. This happens without the user having to click a link or download anything, the system does it all by itself. Although Pegasus gains access without a formal download, Amnesty International’s Security Lab was able to run the software on various iPhones and Android -Discover telephones. The software can take over the entire telephone system, operate the camera, run apps, read messages, etc. No encryption in the world can help or protect against these intruders. Since the sensitive metadata of messengers and other apps are usually not encrypted, they are also easily accessible. Even the use of supposedly secure messengers such as Signal does not offer any protection against the collection of metadata.

Although the software was mainly bought by undemocratic states such as Azerbaijan or Saudi Arabia, the BKA also requested a demo in 2017. Since the software uses widely used, popular messengers to infect phones, no person, regardless of nationality, is safe. Also, nobody can understand who ultimately passed the software on to whom. This naturally lowers the inhibition threshold, especially for authoritarian states, to use this type of espionage software outside of the agreed areas.

However, without wanting to spread panic, despite all the danger: The Pegasus software is not the only and by far not the most powerful spy software. The market for personal as well as content-related data such as chat messages and Co. has been flourishing for years. And last but not least, many people reveal their data on their own initiative, in various social media networks around the world.

So what is to be done? Should we all throw away our phones and erase all digital traces? Judging by some reports, this seems like the only way to go. But for those who want to continue to participate in normal public life, this is of course not an option. Messenger, financial and organizational apps and so much more have become an integral part of our lives. To protect our data and thus our privacy, it currently takes more than just software. It also takes the right kind of security hardware.

Any software can be hacked

Secure software is promised by many companies, but no matter how good the code is, there is a loophole created by a complex, underlying operating system that can be hacked – so basically any software that runs on general-purpose hardware is vulnerable. If you want real security, you have to invest in the right, specialized hardware that doesn’t allow a hack in the first place. There are already options – secure telephones that, in combination with newer operating systems, still allow access to modern applications and services despite increased security.

Similar to cryptocurrencies, which are stored in a hardware wallet that does not access the network directly, secure, telephone-like devices can store their own data. A connection to the network can then ideally be established via a conventional telephone, whereby the two telephones are connected via a secure Bluetooth, for example. As a result, possible spy software cannot even get to our data, because these are already encrypted on the secure hardware. The inconveniences associated with these detours could be tolerated in view of the security advantages, but they are not tempting or user-friendly.

Safety has to be in the foreground

In recent years, software applications with enormous power and potential have changed and simplified our lives. We can transfer money, send messages, make purchases and much more in a matter of seconds. But our data is often not protected, especially since the goal of most software applications is to be profitable. Even if they are not aimed at selling themselves, it has been known for some time that user behavior is sold on social media, for example, in order to market other products more effectively to users.

If we as a society invested the same amount of effort in the security of our data as we did in recording and analyzing our usage behavior, the situation would be much better. But this insight is still ahead of us. Sooner rather than later, we have to face reality: The more we integrate software into our everyday life and thereby simplify it, the more we have to take responsibility for securing our data.

About the author: David Chaum is widely known as the inventor of digital cash (eCash). He is also responsible for other fundamental innovations in cryptography, including data protection technology and secure voting systems. With a PhD in computer science from UC Berkeley, he taught at NYU Graduate School of Business and the University of California, led a number of groundbreaking projects, and founded the International Association for Cryptologic Research, the cryptography group at the Center for Mathematics and Computer Science in Amsterdam, DigiCash, the Voting Systems Institute and the Perspectiva Fund. He is currently involved in the development of the xx blockchain. The first quantum-resistant, scalable blockchain.

About xx network:xx Network is a platform that focuses on the privacy of its users, with the aim of decentralizing all areas of daily needs, such as apps and services, in the long term. The fast, quantum-secure and highly scalable system allows the implementation of mobile-first applications on the xx blockchain. The xx coin represents the associated crypto currency for the completely private exchange of values. Fully functional systems such as the xx messenger and the voting system Votexx are already running on this layer 1 blockchain protocol developed by crypto father David Chaum.

(ID:47572516)

–