In my view, data security is an abstract concept, just as abstract as money, religion and fascination – all devised by humans. And anything that is human-made can be human-destroyed.
When it comes to IT and data security, history has proven that pretty much anything can be cracked, taken, reshuffled, altered, refurbished, reheated and re-served. As long as there is a strong enough incentive, nothing is impossible.
In my experience as data specialist, I have met plenty of security officers, and I have heard plenty of stories, ranging from concerns about CPU memory addresses containing undocumented functions to pure denial of data access due to the risk of terrorism and all of this in the dimension of the more and more popular cloud computing and big data.
In the 90s when the mobile phones became mainstream, there was plenty of demand to keep the telecom operators running through subscription fees. Given that there were plenty of new users demanding the services, this was a good income for a while. But as time passed, the services were bound to get cheaper (due to competition on the market, new emerging technologies, etc.) and this income was not nearly enough anymore from the vendor’s point of view. At this point, there was a need for innovation, a need for opening new opportunities.
Fast forward to the mid-2000s and we get into the birth of the big data, where the actual SIM cards and phone plans are cheaper, but the data they generate is sold without the owner of the device necessarily being aware of the sale.
For example, if you have a phone on you and you cross the city, the telecom knows which route you took, and they can run endless analysis to find out what drives your choice and how it can be influenced. And if not the telecom, then someone else for sure is very much interested to know this.
Welcome to the era of the human-behavior-as-a-product.
Facebook and others have hit it big with the selling and reselling of the activities and the preferences of the mostly clueless general public. On the plus side, the telecom data is also used for crowd analytics used for public transport optimization. This, in my view, is a great use case. As long as the bus comes on time right after I get off the train, I am happy to not wait in the rain.
You still need to send a message or two, and you still need to use networks and wireless devices (and by the way, wireless devices are perfectly capable of keystroke recognition!). You inevitably use ISPs. ISPs inevitably use satellites, and data circles the Earth several times before you get feedback on the message you sent. This shows how many possibilities for data break-ins there are.
Good luck with data security then. The only way to be safe is to dig up a well, hide a disconnected device there and make sure you don’t communicate with anyone. In that case you are pretty safe, but not safe from the well collapsing on itself.