Posted by: patenttranslator | September 3, 2014

A Few Common Sense Precautions for Translators Intent on Preserving Confidentiality of Information

 

The fact that nude pictures of the young actress Jennifer Lawrence, which she unwisely stored in “secure storage” in the cloud, were hacked and made available to millions of Peeping Toms on the Internet was on the first page of just about every newspaper in this country yesterday, and probably in other countries as well. It was also all over the so called news channels on my teevee yesterday. They will be talking about it for many weeks if not months now (remember Paris Hilton?) That way they don’t have to cover real news, and they are not really very good at that.

Nothing is better for making people pay really good attention than when a beautiful young woman is thoroughly humiliated.

So the obvious question that is on everybody’s mind now is, how secure is so called “secure storage” in the cloud? And the obvious answer to this question is that secure storage in the cloud is extremely insecure.

Most of us store a lot of information about ourselves in the cloud without even realizing it. For example, if you have an iPhone or iPad or another smart phone or a tablet, you were probably asked at some point whether you wanted to have your “data backed up” in the cloud so that it could be easily restored. And you probably said “yes” without giving it much thought. I did too, of course. It’s so convenient!

So now they have all kinds of personal information about us, with our consent, and we have absolutely no idea who “they” are. The news media, I mean the infotainment channels, keep talking about the danger posed by hackers. But hackers are only a small part of the problem. In addition, the government is spying on everybody and their grandmother and her dog, probably regardless of which country you happen to live in. (They only do it to protect us from bad terrorists because this is obviously the best way to protect us from the evildoers!)

And so are many corporations whose goal is to “own” as much information about us as possible.

I am also asking myself, what about the employees of these companies who “own” our data, how many of them are looking at the goodies we have stored with them for fun and profit? Probably quite a few. Of course, it would be illegal to do so, but wholesale government’s spying on entire populations is illegal too and nobody gives a damn, least of all the politicians who have taken an oath to protect our constitution.

So I was thinking, perhaps I should write a post about a few things that we as translators who have to use Internet every day should probably keep in mind and a few precautions that we might be able to take to protect our privacy and the privacy of our customers.

1. It is a really bad idea to store any sensitive data about us or customers’ data in the cloud.

Just ask Jennifer Lawrence. Nobody would be interested in my naked pictures, if I had any, but a lot of people might be interested in other data that I sometime work with. Lot of the stuff that I translate has Bates numbers on every page with the words, in capital letters: HIGHLY CONFIDENTIAL – ATTORNEY’S EYES ONLY. To store these kinds of documents or translations of these documents in “secure storage” online would be really asking for trouble.

2. It is probably best to assume that at some point, our computer will be hacked and somebody will be looking at our private and confidential information or infect it with malware.

There are a few things we can do to minimize the potential damage if something like that happens. Like most translators, I have several computers in my house, both desktops and laptops, and I used to check my bank account balance from any of the computers I own, while I allowed each of these computers “to remember” the password.

I don’t do that anymore. I check my account only from one computer now, and the passwords are stored only on paper and in my head. I am sure that there are still ways to hack into my private information, but this should make it a little bit more difficult.

Having several computers also means that should one of our computers become infected, we will be able to get rid of the malware immediately by simply junking the infected hardware, which can be done easily as long as most of the data needed for our work is backed up on another computer or on an external hard disk.

3. Who else besides us can view the data contained in our online machine translation queries?

If all you do is look for the translation of a word or a few sentences, it is not a lot of data and it would be hard to misuse it. But it is a different story if you run an entire document through a machine translation program.

Does Google Translate have employees whose job is to look for gold nuggets in all of this data? I would hope not, but it is possible. Are there rogue employees working for companies offering free machine translation online who could illegally spy on our information while looking for something that could be sold to somebody? I don’t know, but it seems very likely.

If you have to run something through machine translation, you should at least remove all identifying information from it, such as the names of persons, places, and companies.

4. Who else besides us can view data contained in online conversions of our files, for example from PDF to MS Word format?

I use this conversion all the time because most of the time I am dealing with a PDF file rather than a word processing file and the first thing I need to do is provide a cost estimate which will be based on the number of words as counted by MS Word.

However, I only use my online conversion tool (which costs me 20 dollars a year) for documents that are already in public domain, such as patent applications.

For other documents I use the scanning software package that came with my printer because in this manner, all of the information will remain only on my hard disk.

5. Is it a good idea to use only one search engine for all of your searches, even if it is a very good search engine?

I don’t think so. If you do that, a lot of information about you will be conveniently accessible from one location to …. who knows who can access this information?

I now alternate my searches between several search engines, and I am especially partial to DuckDuckGo and other engines that do not track me and do not store information about me. At least they say so. It is of course entirely possible that they are simply lying to me and that they track me anyway and store information about me too, but maybe they are telling the truth and in any case, at least I am making spying on me more difficult.

These are just some of the precautions that translators who deal with sensitive information about themselves and their clients should take into consideration.

Let me know if you can think of other common sense precautions.

Advertisements

Responses

  1. Thought of a similar post myself – but no need now, will just contribute here, if that’s OK, as you’ve covered the situation much better than I could have.

    Those celeb leaks really show how vulnerable our private data can be. It’s a bit of a PITA to maintain privacy nowadays with the major platforms (Android, iOS, WinPhone etc.) defaulting to full data collection and very few safety precautions.

    In addition to the above, I’d reiterate the use of different, secure passwords, 2-factor authentication (using a phone or similar – Gmail offers this, for example, as well as a growing number of services), encryption of ‘at rest’ files (7Zip lets you use AES encryption across all operating systems), the use of HTTPS where possible (as far as that can be trusted, it’s still better than plaintext – see HTTPSeverywhere add-on) and an investigation of full disk encryption PGP for email. PGP has the added benefit of ensuring your CV isn’t hijacked, even without the encryption aspect, just by signing your email with it.

    I’d also be wary of what you carry over international borders, as regulations vary between countries. Encryption is still illegal in many countries, and unencrypted files can be copied with ease. Bit of a rare edge-case, but perhaps worth a thought. I’ve heard people have been delayed at airports for this.

    I’m particularly interested in this, having started the snowball rolling by side-stepping the Android/iOS mobile avalanche. Back in 2010 I went from a dumb-phone to the now defunct Nokia Maemo system. Based on Linux, as with Android, but with less layers between the phone’s internals and the user interface, and no phoning-home back to Google HQ with my data. Unfortunately there hasn’t been a good ‘open’ replacement since, but promising options are starting to emerge – especially from Ubuntu, FirefoxOS and Sailfish (former Nokia team). I only really would like a little more power in the mobile device, giving the ability to plug it into an external monitor for work. As it stands it’s fine for email and… phone calls, of all things.

    Over the years I’ve also extricated myself from Facebook (back to email/phone communication with actual friends – and all the better for it!), Skype (as far as that is possible), Dropbox, Google Apps and a range of other 3rd party services. It’s a shame that most of the goodwill and support for these innovative services has dried up in the tech community, but also a good thing that the trend of centralising our lives is now starting to be reversed.

    I’m aware that this is not a priority for most, but the IT industry especially is switched onto it at the moment and we ought to start seeing encrypted defaults for most of our file and communication operations this year/next.

    No harm in investigating and getting a headstart though!

    Like

  2. “… but no need now, will just contribute here, if that’s OK, as you’ve covered the situation much better than I could have.”

    Thank you very much, but that is hardly the case.

    And thank you very much for your contribution.

    Like

  3. Useful stuff! Thanks much.

    Like

  4. The “cloud” is nothing more than a buzzword to describe the age-old server-client architecture. It is re-branding that tries to add some magical and mystical attributes to this amorphic and intangible “entity”, pretty much inline with how technology is being sold these days.

    From a strictly technical standpoint, servers could be made secure. However, what we are talking about here is consumer grade services that are all about trading security (that perceived by the average user as PIA) for convenience, and this is a big problem.

    What is more infuriating is that the service provider are not forthcoming about the privacy and security risk of using the cloud. The average user doesn’t really understand the associated risks. In the worst case scenario, such concerned doesn’t cross the users’ minds; in the best case scenario, they trust the “big boys” to protect them.

    Even the consumer-grade cloud can be made quite secure using encryption, but it is not very trivial or practical in many cases. Even the most secured passwords and other “client-side” measures are only as secured as the security of the server that is usually outside the user control. Social engineering is also a big and overlooked concern.

    The best defense – as with all technology-related security issues – is common sense.
    The wise don’t put themselves in situations that the smart know how to get out of.

    Like

  5. Just out of curiosity, do you and your clients encrypt all documents before e-mailing them?

    Like


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories

%d bloggers like this: