The Hole in the Web: Information leaks on the internet are inevitable

The Hole in the Web: Information leaks on the internet are inevitable

In spite of security companies boasting of keeping data secure, information leaks on the internet are inevitable.

In the days of intelligent spam filters, it is rare to actually have an unexpected email landing in your inbox.

In the days of intelligent spam filters, it is rare to actually have an unexpected email landing in your inbox. Sure, there are the usual lengthening, strengthening, enriching, and enticing emails that make their way into the regular torrent of information, but the practiced eye has learned how to skip over them. Once in a while, you even click on them, out of curiosity, just to see who is purporting to give you a few millions or is just waiting around the corner to jump your bones, and when you realise that the spiel has remained consistent over the last decade, you know that all is well with the world. So it was quite a surprise, when I found in my inbox, an email from one of the largest software and business solutions, asking for details on two projects with prospective clients.

The email has a lovely, long disclaimer that goes “blah blah blah”. Okay, so it doesn’t actually say “blah blah blah” but under the six-line legalese, it basically says that if I am the unintended recipient of this email (I definitely am) then I do not have the right to transmit any of this information any further (though I don’t know who made them the arbitrator of my right to do what I want to do with something in my inbox), and that I should immediately delete the email. However, the nice chap that I am, I wrote back to the original sender about how he had made a mistake and sent this information to the wrong person. Before this could register, however, the five other people, who were probably the intended recipients, hit “Reply All” on their email, and I was flooded with about 20 more emails with graphs (you know, funny red and blue lines), balance sheets (lots of numbers under funny sounding headings), marketing strategies and business plans, and a bunch of other information that must have been residing in company-provided laptops with huge security safeguards and firewalls and behind non-disclosure and non-copying clauses, probably kept in important files marked “confidential”. By the time the original sender wrote back to me with a quaint “My bad, please delete all emails”, I was sitting on top of company secrets that had inadvertently leaked out and, if I had the acumen or interest to leverage them, would have seriously compromised two massive projects where the balance sheets had more zeroes in them than the digits in my phone number.

This is how leakage happens on the internet. There is a huge industry that serves as a plug-hole in the leaky infrastructure of the web. Security companies that boast of keeping data robust, safe, secure, distributed and on the cloud, often produce fancy charts and strategies of making sure that no devious cracker or act of god would compromise information, which literally is the currency of new businesses. Companies employ best practices ranging from locking hardware on company devices so that a surreptitious pen drive cannot copy extensive data to disconnecting employees from the web, making it impossible for them to have copies on anything except for the company’s internal servers. Extraordinary surveillance systems that track everything from physical movement to keystrokes on the machines are also quite commonplace in these walled gardens of corporate data security. However, the two things that are commonly forgotten in these complex security mansions are also the two reasons why information will always leak.

The first is that it is in the very nature of the architecture of the web and the internet that information shall circulate, leak, distribute, and find its way around roadblocks, bottlenecks, and blockages. The reason why we think of the internet as such a robust information delivery system is because it treats every blocked node on the network only as a reason to detour, and no matter how many blocks we create, it will eventually find a way for information to travel to new destinations. Both, leakage and circulation are the intention of this network, and trying to stop the flow is merely to differ the moment when the information will eventually be free.

The second, perhaps, more important thing that is ignored is that human beings are a central part of this information ecosystem. We are not just the data operators who mechanically serve the building of information highways and managing the data traffic. Human beings, in all their unpredictability and variability, are key agents in the data societies. They often have intentions, habits, practices, and motives which do not coincide with the protocol logics of data and information systems. This allows for the emergence of a Snowden, who, while working in one of the most protected systems, could leak information into public domain. This is why, all the people on that email thread, sent me this information because we almost never check who is copied, what email addresses we are replying to, and hit “reply all” as a habit in our professional communication.

The safeguards that we build for information leakage and the policies that we craft for plugging the leaks are always going to be counter-intuitive because the internet was meant for sharing, and whether we like it or not, information shall find its way — through a trickle, a trace, a leak or a blown whistle.


Nishant Shah is a professor of new media and the co-founder of The Centre for Internet & Society, Bangalore