Since time immemorial, humans have been concerned with the subjects of security and privacy, but the convergence of many of today's technologies — especially in the form of the Internet of things (IoT) — mean that the stakes have never been higher. Already identity theft and ransomware attacks are rampant, with a worse-case scenario being a dystopian future in which “Big Brother” in the form of governments or mega-corporations observe and control our every move.

The more you have, the more you have to lose

If only we lived in a utopian society where people acted like… well, not people. Unfortunately, people are flawed. The problem with owning something is that there's always someone who would have no qualms with regard to taking it away from you.

Our technological capabilities are developing faster than are the laws that dictate how they can be used. There are also many gray areas that require a lot of deliberation. With this set of articles we examined the technology and what we can do with it, and consider what we should do with it.

The more you have, the worse things are. Pity the emperors, kings, and rulers of old who were unfortunate enough to acquire a stash of jewels, precious metals, and other prized objects, because their next problem was to protect their hoard. This meant they required custodians to prevent anyone from relieving them of their ill-gotten gains, but Quis custodiet ipsos custodes? (“Who will guard the guards themselves?”) as the old saying goes.

According to the History of Keys website, the first mechanical locks of which we are aware were created over 6,000 years ago in ancient Egypt, when locksmiths first managed to create simple but effective pin tumbler locks made entirely out of wood.

The next step was to use metal locks with evermore complex keys, combined — in some cases — by convoluted conundrums, such as those depicted in this video . Of course, two of the problems associated with locking something up are (a) keeping the key out of the hands of nefarious players and (b) making sure you don't lose the little rascal. As reported by MarketWatch.com , Customers of Canadian crypto exchange QuadrigaCX ran into the latter issue when their fund manager passed away taking the password required to access their digital currency with him.

When the technologies that were to evolve into the internet were first conceived, the goal was to implement a robust communications system that would keep running, even if multiple parts of the network were incapacitated. It was also assumed that the network would be used by a small, trusted community who would have limited access to the network itself. For example, one report in the 1980s speculated that there might one day be as many as 3,000 users. The internet's creators never envisaged how it would evolve into the multi-billion-user behemoth we have today, and they had no concept of the security issues we would face, so security in our terms wasn't really considered.

Much the same applies to the processors that power everything. The creators of the original devices were happy if they could perform the logical and arithmetic operations for which they were designed. Similarly, the designers of operating systems were happy if their software ran for any length of time without crashing. Little thought was given to bad actors infiltrating the firmware or coopting the operating system and applications to perform maleficent tasks.

As a result of our lack of foresight, we now spend vast amounts of time, money, and resources “plugging holes in the dyke.” Meanwhile, hackers — ranging from individuals to nation states — devote themselves to penetrating our systems, ransoming, stealing or destroying our data, and stripping us of our privacy. And, speaking of privacy…

Living in a world without privacy

As the Russian-American writer and philosopher, Ayn Rand, famously said, “Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men.”

In reality, most humans throughout history have enjoyed little in the way of privacy. For those living in small, isolated communities whose main concerns were food, warmth, and shelter, privacy was less of a priority, not the least that everyone in the community already knew pretty much everything there was to know about everyone else.

Today, most of us believe that “the right to privacy” is self-evident, but it may be less self-evident than we think. For example, the Constitution of the United States arguably ranks amongst the most significant documents ever written. In addition to being the supreme law of the United States of America, the Constitution has influenced many other countries around the world, so it's somewhat disconcerting to discover that the word “privacy” doesn't appear anywhere in this document. In fact, the right to privacy didn't even exist as a constitutional doctrine until 1961, while the Privacy Act wasn't passed until 1974.

As John Milton said in Paradise Lost , “Solitude sometimes is best society.” We all need to be able to enjoy our private time and think our private thoughts. No one wants to be relaxing at home, only to glance up and see a neighbor with their nose pressed against the window looking in.

We currently exist in a strange state of dichotomy. On the one hand, the courts and legislatures have passed laws and statutes that define our right to privacy and specify places where we might expect to receive it, such as our homes. On the other hand, never before in history have we been so exposed, with so many entities and people knowing so much about our tastes, preferences, purchases, beliefs, relationships, and movements.

One of the problems we have is that our technological capabilities are developing faster than are the laws that dictate how they can be used. There are also many gray areas that require a lot of deliberation. For example, consider what would happen if the police were equipped with facial recognition smart glasses that could make surveillance ubiquitous. Suppose you were attending a concert and you were arrested for an unpaid parking ticket based on this technology. Would you be accepting or aggrieved? Is using this technology any different from the police simply looking at “wanted posters” back at the station and then spotting you by chance in a crowd?

Security and privacy in the 21st century

Security, privacy, and the intersection between them are becoming increasingly important. The pace of technological development — especially in the realm of information technology — is speeding up at an exponential rate. Some of these technologies — like the combination of augmented reality (AR) and artificial intelligence (AI) — are poised to dramatically change the ways in which we store, access, and manipulate information; the ways in which we interact with the outside world, our systems, and each other; and the ways in which the outside world (in the form of governments, mega-corporations, and bad-actors) accesses and manipulates us. Even those of us who “live and breathe” this stuff find it hard to keep track of new developments, which is why we created this special project. Below, you will find links to a suite of articles written by editors across the AspenCore network. Also presented are related columns written by some of our external contributors.

Check out all the stories inside this Privacy and Security Special Project

Designing hardware for data privacy

Ensuring privacy of electronic data requires data security, but a secure design does not necessarily assure data privacy. Developers must consider the two together.

Sitting at the Crossroads of Cybersecurity and Privacy

The combination of the headline worthy data breaches and new privacy legislation have put data protection and privacy on the top of the agenda for electronics OEMs.

Facial Recognition: The Ugly Truth

AI is making automated facial recognition for mass surveillance a reality — but at what cost?

High-Tech Distributors Grapple with Security and Privacy in the Digital Age

In the midst of the digital revolution, the stakes for electronics distributors trying to safeguard the privacy and security of customers is constantly on the rise.

Why engineers need to understand data privacy laws

Industry initiatives are underway in the U.S. to explore data privacy and how deep in the design process it should start, but in the meantime, U.S. engineers need to understand and be compliant with the EU's GDPR in a global economy.

Enhancing privacy and security in the smart meter lifecycle

Concerns about security and privacy of connected devices coalesce in the lifecycle of smart meters. Here's how IoT platforms help protect smart meters and their data despite an ever-growing number of threats.

Chip Security Emerges a Hot Topic in the Supply Chain

As more electronics devices are connected and hence hackable, OEMs are having to bring good security practices, designs, and devices into their products as soon as possible.

Also check out these related columns

The Illusion of Security

This mini-series of articles explains how today's cyber security is like a bucket with hundreds of holes, and each software solution is a patch to a single hole. We don't need more patches; we need a new bucket!

Privacy Issues with Voice Interfaces

Voice interfaces are only going to get more common, and there is a great market opportunity for those vendors that get their product and its approach to privacy correct.

Security in Semiconductor Manufacturing

Today's manufacturing lines are increasingly prone to IP theft and reverse engineering attacks. Savvy chipmakers know to institute secure systems to guard against them.

Will the Real Root of Trust Stand Up?

Not all roots of trust are created equal, nor are they all implemented in the same fashion on silicon.

How Many Layers of Security Do You Have?

Depth of defense and principle of least privilege are two concepts system and SoC designers must embrace as they seek security answers for their designs.

Multiply and Isolate Your Roots of Trust for Greater Security (Part 1)

Security designs can have multiple entities, as well as isolation, among separate applications on a chip.

Multiply and Isolate Your Roots of Trust for Greater Security (Part 2)

In order to give you confidence, you want assurances that all applications in your secure silicon IP are isolated from each other.