Have you used your computer or smart phone today? Then you have probably unintentionally left quite a digital trail behind you. How old the smart phone is that you use, or which brand it is, the pages that you like to look at, the articles that you read or how long you spend on certain pages - all of that information is collected, saved and evaluated. Personality profiles are produced in the background that provide deep insights into your private life from which much more can be gleaned than many would suspect: Does the user have a pet, are they overweight or afraid of spiders? Does they to eat Asian or Mediterranean food? Alongside this perhaps harmless seeming information, our digital trail also gives away more controversial details: What are our political opinions? What is our relationship status? Or how is our physical or mental health?
The business of data is worth billions. Experts describe the assiduous collection and analysis of data as tracking. With personality profiles and forecasting algorithms, advertising can be specifically targeted, tailored to an individual’s current needs and the personality behind the user profile. Dr. Robert Altschaffel is an information scientist and expert in computer security. For him, the mania for collecting data on the internet is a “threat to society as a whole”. “We are easy to manipulate. Most people are completely unaware of this,” says the researcher. Even political decisions can be influenced by strategically positioned stimuli, as the case of the data analysis company, Cambridge Analytica, showed. The company, which was founded in 2014, primarily collected data in the United States about potential electors in order to influence their voting behavior with individually tailored messages. After countless illegal methods came to light in 2018, the company filed for insolvency.
Dr.-Ing. Robert Altschaffel (Photo: Jana Dünnhaupt / Uni Magdeburg)
Robert Altschaffel is part of a research team led by the Professor of Computer Science, Jana Dittmann, that is interested in security in the digital world. How can we defend against dangers from the internet such as tracking, phishing mails or other scams? How do people protect themselves when they do not have the money for security departments or lack expertise? As part of a research project within the Cyber Security Network of the state of Saxony-Anhalt, which is led by Harz University of Applied Sciences, Martin Luther University of Halle-Wittenberg and Otto von Guericke University Magdeburg the experts in computer security and computer forensics are examining precisely these questions. Their aim is to assist small and medium-sized enterprises, the public sector, educational institutions and citizens to consider IT security in their online activities from the very beginning and to integrate it into their behavior. In their sub-project, “Security by Design Orchestration”, the Magdeburg researchers are focusing on educational institutions.
Analysis and education
The digitalization of schools is accelerating - especially thanks to the coronavirus pandemic. Digital tools such as video conferences, data clouds, communication via social networks or the organization of teaching materials through online learning platforms have become part of the everyday lives of teachers and pupils. Here in particular, where a lot of sensitive data is accumulated, the topic of security should be taken seriously - and yet it often lags behind. The team around Jana Dittmann aims to find remedies and uncover and eliminate threats to digital sovereignty, to our private lives, data protection and computer security in educational institutions and simultaneously in the process strengthen sustainability, since less data transmission saves resources and can reduce energy consumption. First and foremost, the scientists need to determine the needs of this target group. Which programs and digital tools do the institutions use? Where could dangers lurk? What possible alternatives are there to problematic applications used in the past?
“To begin with, people do not even know that they are being tracked.” This is the position from which Robert Altschaffel begins. Without an awareness of the possible hazards, data leeches and con artists have an easy job of it. The research team, which includes an educator as well as information scientists, has therefore devised the “Digital self-defense guidance” workshop, which explains to every level of the educational institution - from the school leadership and teachers to the pupils themselves - about how their data travels across the internet and where it lands at the end of the day. Why are there different search results, and even pricing levels when it comes to making a purchase, depending on the user? A look behind the scenes should answer this question and highlight on the way we deal with our own data. Then efforts can be made to solve the problems: “In practical terms we show which tools can be used to detect and disable trackers,” explains Robert Altschaffel.
Within the cyber security alliance, the team also sees itself as a direct contact for schools in matters of digital security. (Photo: Jana Dünnhaupt / Uni Magdeburg)
The researchers’ philosophy is giving people the opportunity to help themselves. This is done not only through explanation, but also primarily through what are known as demonstrators, which the team “knocks together” and presents at the workshops. “A demonstrator is, in principle, a software program for showing something,” explains Robert Altschaffel. The necessary building blocks are already freely available as open-source components. The advantage is that behind this free software there are no businesses such as corporations that market their products and have a financial interest in the users’ data. Countless developers are permanently optimizing and improving the freely accessibly source code, closing security loopholes and developing new functions. The Magdeburg team also makes use of this wealth of possibilities for collating new digital tools especially for the needs of schools. With these technical alternatives to the existing conference, chat or memory programs, tracking programs and other sources of danger are locked out. “We want to show that if there’s a will, there’s a way,” stresses Robert Altschaffel, who is currently working on a demonstrator for a large cloud data storage facility and in order to do so is bringing together - the researcher calls it “orchestrating” - freely available digital components and combining them to make an efficient tool. “There are already a lot of building blocks for this,” explains Robert Altschaffel, “but they are not yet so well known and are hard for the layperson to access. We want to change this.”
Within the Cyber Security Network not only is the research team from Magdeburg working on workshops and demonstrators, but it also sees itself as a direct point of contact for schools when it comes to digital security matters. If educational institutions are uncertain about whether a program that they are using might possibly represent a risk, the scientists put the software program under the microscope using forensic methods. Are there problems with data protection or security? To find out, they need to do a deep dive into the program's functions. The software is examined forensically:
- Where is there tracking and data leakage?
- Does the program adhere to all of the statements in the privacy notice?
- Does it connect to other pages in the background when users log in?
- What data packets flow back and forth in the network?
In complicated cases this forensic exploration can take a few days - sometimes new approaches need to be researched and implemented. Usually, however, the experts have a good overview of the functions and possible risks of the programs within around an hour.
Prof. Jana Dittmann (Photo: Jana Dünnhaupt / Uni Magdeburg)
Sometimes critical program codes also make it into the applications unintentionally. This is because many developers use commercial toolboxes to, for example, build websites from individual elements. Tracking is then built in through the back door, so to speak. If that is the case, Robert Altschaffel and his colleagues contact the manufacturers and make them aware of critical areas. “Many are not aware of the possible risks,” says the researcher. “However, often the developers use our information to improve their programs and make them more secure.” “It is possible to defend against tracking - there are free software solutions for the purpose,” explains Robert Altschaffel, who will continue to work full speed ahead until the end of the funding period on making these alternatives available. The open-source cloud should be available in active demonstration mode until the end of 2022. The “Digital self-defense guide” workshop, which so far has been attended by around 1,000 participants, will continue to be optimized and extended to include a sustainability component. Subjects such as the consumption of resources and energy or a long service life for the software programs that are developed are also becoming increasingly important in the digital world too.
In conclusion the information scientist has two more tips for greater security on the internet, for which no expert knowledge and little effort are needed: “A good password is indispensable. Wherever possible it should not always be the same one, and is best managed with a password manager. And please do not simply click on attachments in emails and links without thinking first. If you do, the malware will be onto your computer in no time and your personal details gone in a flash."