• United States




Your gardener wants access to your house safe

Sep 13, 20185 mins

What we would balk at in the real world, we give with impunity in our digital universe.

keys to access solutions answers open
Credit: Thinkstock

Any house owner with a garden can attest that it takes care and maintenance for it to shine. And frequently, those who do not have the time or the mojo to manage it themselves, take the services of a gardener for its proper upkeep. What has this got to do with security and privacy? I am getting there. Now imagine if your trusted gardener comes to you one day and asks for the combination to your house safe. Your face would be a study I would imagine. And imagine that after the expletives have died down, he (or she) continues with their normal chores without missing a beat. How about an alternate reality, where you hand over the combination to them and then pretend life is normal thereafter?

The second narrative sounds fictional right? Well, this is what happens every day in our digital universe. How so? Well, replace the gardener with your favorite gaming smartphone app. Akin to the gardener, whose purview and scope is limited to the vegetation outside the house, let’s say this beginner’s gaming app just needs access to your smartphone’s CPU, memory, storage for it to perform its function flawlessly. But taking a leaf from the impertinent gardener, it stretches its boundary and asks for access to your location, Wi-Fi, Bluetooth, camera, body sensors, phone, text messages … – you get the drift. And in your frenzied universe, where hitting Accept to get on with life has become a norm (even more so these days after GDPR – the EU-mandated General Data Protection Regulation – went into effect and those annoying cookies acceptance popup shows up wherever you go), this presumptuous and intrusive request is hastily honored, and life goes on. Or does it?

What happens hereafter is heresy. You have an authorized eavesdropper in your smartphone who is privy to everything you say, see, do, think… but even more disconcertingly, now shares your vitals with its masters who in turn can sell or trade this with salivating third parties. Does Facebook and Cambridge Analytica ring a distant bell in your mind.

Now before you feel indignant and start chastising the app developers and their businesses for their utter disregard for privacy and lack of ethics, let’s switch back to the gardener analogy. There were no repercussions when the gardener asked for your vitals. You either berated him and life went back to normal or you handed him your DNA sequence and life went back to normal. Bottom-line – there is no downside for the gardener to ask. Ditto for the businesses and their developers (or bots in the future). They can ask – worst case, the user says no (for example yours truly but more on my habits in a bit), best case they have just reined in their next digital scapegoat.

And let’s be honest here – if you look in the mirror what do you see? A time-crunched digital glutton with more devices, more apps and a frenzied finger dabbing furiously at the OK button to #GetOnWithItAlready. That needs to change. Why? Because that is about you and me and how we interact with our digital world. While there are grassroots efforts to highlight the need for ethical business practices, especially in this technological age with data collection and privacy practices – we need to be realistic about the long and winding road ahead before every business embraces ethics in technology as its standard business practice.

Until then, privacy and security are still key issues that need to be addressed. And that is where you and I need to take charge as consumers. How? For instance, I make it a point to revoke all unnecessary permissions from apps (after I have installed them) that demand the sun, moon, and earth before they will even install. And to date, I have had no problem with any of these handcuffed apps working per design.

Why is this so important to become part of muscle memory now? Because the tsunami of connected devices (IoT anyone) is starting to invade our homes and offices. By familiarizing ourselves with the apps, where a proper user interface exists and a relatively simple way to revoke these permissions, it would allow us to make this our norm in how we interact with the digital universe – securely and privately. That will fortify us as we venture into these daunting single function IoT devices where there is a less obvious way to revoke permissions – but nevertheless equally important to impair these intrusive devices that will invade our homes, bodies, and mind.

That’s the world that we are living in. While many of us may not own homes or gardens so the gardener analogy may have sounded fictitious. But make no mistake, the smartphone apps, IoT devices and the rampant desire for businesses to own our digital exhaust affects everyone. Not just homeowners with gardeners to contend with. And the first step is to wrench control of our apps by being deliberate and thoughtful from installation to usage.


Ashwin Krishnan is the COO of UberKnowledge, a cybersecurity knowledge sharing, training and compliance organization.

As a former vendor hi-tech executive in the cybersecurity and cloud domain he has turned writer, podcaster and speaker. His focus is on simplifying technology trends and complex topics such as security, artificial intelligence and ethics through enduring analogies which he shares on his blog and his talks. Ashwin is the author of “Mobile Security for Dummies,” and as a recognized thought-leader he contributes to a variety of publications, including Entrepreneur Magazine.

Ashwin is a regular host with CISOs on podcasts such as the Cyber Security Dispatch where he bridges the education gap between what the security practitioners need and what the vendors provide; as a tech ethics evangelist he is frequently on main stage at conferences educating and empowering consumers and vendors alike on the role of ethics in tech; his recent speaking engagements include the Smart Home Conference, Fog Computing Congress, and the Global AI Conference.

The opinions expressed in this blog are those of Ashwin Krishnan and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.