When the antivirus software company founder — some might call him the founder of the entire industry — John McAfee was accused of murder in Belize, the media focused on the bizarre and tawdry details of his life there, his escape from the law and his eventual deportation. But one salient detail from all the salivating coverage — a metadata leak from Vice Magazine staff who were traveling with McAfee – actually highlighted some of the most debated topics in internet privacy.
McAfee’s escape route from Belize to Guatemala was supposed to be as private as it was foolproof. He claimed to have enlisted a body double to cross the Mexico/Belize border to throw off the Belize police in their search for him. While no media outlet has verified or refuted that, his vanishing tactics were in no way amateurish. He managed to hide from the police in plain sight on his own property, buried in sand with a cardboard box on his head. The digital world, it turns out, he found much harder to hide in. Vice Magazine, in a fit of journalistic bravado, tweeted a photo of an editor with McAfee . The metadata attached to the image revealed his physical location – and the error led to McAfee’s arrest.
As McAfee made his bungled escape, a number of ongoing, highly publicized cases about user privacy were also afloat in the media. The U.S. Federal Trade Commission tightened its rules on December 13 to prevent companies from collecting data from children under 13 years old without parental consent. Google came to the FTC on December 17 with a settlement proposal that included giving advertisers access to the data it collected from their ad campaigns. On the same day, the German government ruled that users should be able to use pseudonyms on Facebook as part of their right to free speech. The first two cases highlight how public — or almost public — our data are. The third case shows how upset users and governments can be about that publicity. McAfee’s metadata leak — coming, as it does, from a man who spent years successfully avoiding the attentions of hackers, for whom he represented a prestige target — seems to gesture towards a world where anonymity or hiding on the web will no longer be a possibility.
The irony of McAfee’s error is only compounded by the fact that the software company he founded specializes in erasing tech footprints. McAfee sells a feature that cleans traces of former files that lived on desktops, but measures like that are becoming increasingly outdated. Many companies have replaced or are considering replacing desktop antivirus programs with programs that protect Panda Cloud, Trend Micro, Symantec End and McAfee Total. With mobile devices, however, erasure of one’s information has become more complicated. The downside of having Google maps on a phone — or Siri to remind you when it’s time to pick up dry-cleaning — is that the device owns your location. Which means it can be made public, whether accidentally or with malice.
The ubiquity of GPS systems on mobile devices could be hinting at a new concept in internet security and anti-hacking. Namely, the encryption of the wrong data — the creation of digital red herrings, in other words — could be the path to protecting top-secret locations and files. John McAfee seems to have belatedly recognized this, or so his attempted cover-up of the gaffe: he claimed the metadata leak was not an accident, but rather a deliberate attempt to mislead the public, and by extension the Belize police, about his whereabouts. The hoax managed to fool several savvy and reputable tech publications for almost 24 hours, a near-eternity in our current news cycle. Perhaps McAfee (and by extension Vice) unintentionally stumbled upon the next phase of internet security…