Revisiting Privacy

Privacy: the state or condition of being free from being observed or disturbed by other people.

What is privacy? From one perspective, Privacy is what was once called freedom and liberty. From another it is to have a reasonable trust that what you have, discuss or know not to become general knowledge.

We can maintain our privacy in numerous ways. The catch-all and best of course is not to go anywhere or say anything, though our social nature precludes that as being reasonable. Which brings me to the question: What is reasonable privacy?

This is where opinion, emotion and ideals clash. FBI vs. Apple is one of the current examples. Our ideals of freedom and liberty (a.k.a. privacy) have taught us that a court or judiciary should find reasonable and probable cause to infringe on our privacy. However when we have seen the government abuse this privilege we logically take steps to prevent it. From Apple and other tech leaders (e.g. Amazon, Microsoft, Google, IBM, Facebook, etc.) have had real concerns and costs associated with the government’s requests (warrants) and been told that they must conform to the requests in secret. Their logical action is to limit their own ability to conform with encryption.

As an individual, you now have the means to keep your privacy in an electronic format better then just 20 years ago. You feel safe that this security has been provided to you even when you do not understand the technology and methodologies involved. I call this “a reasonable expectation of security.” Herein lies yet another issue with privacy and technology. You.

Through our reasonable expectation of privacy we have a reasonable expectation of security with the technology we use. We expect that our messages, emails, social media posts (the ones we have restricted to friends) and our computers to be safe. In general only 15% of adults understand the basics of information technology security according to research done at CYLab at Carnegie Mellon University. The basics are limited to things such as having a good password and installing a virus scanner on your computer.

It’s true that MS Windows come with antivirus protection built … Unfortunately, Microsoft’s free antivirus tools will not protect your computer from modern malware. While apple has a firewall, your Mac does not have antivirus by default. Linux has both a firewall and free antivirus available, though many distributions of Linux do not have them installed and active at install. Over 50% of smart phones have little to no antivirus anti malware installed. 75% of personal computers are not adequately protected against harm.

Ultimately, the security of your computer or smartphone is dependent upon your own actions and software purchased. What risks should you be thinking about?

  • Malware stealing your passwords and login information
  • Ransomware that prevents you from using your computer or files
  • A hacker using your computer to attack others
  • Someone breaking into your system and altering or stealing files
  • Someone stealing your computer and accessing your personal information

All of these are risks, many of these attacks can result in either social engineering (Social engineering is an attack vector that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.) or outright identity theft. In the end, hackers or criminals want to gain value from what they do. There is an almost unlimited number of attacks that can result in their profit and your loss.

If you’re wanting a simple and interactive primer, watch the video below and try the game they discuss.

When I speak with people about privacy and security, I hear many people exclaim, “I have nothing to hide.” These people have a naive worldview where they have never had a breach or identity theft. I envy these people far more then they know. Their naïvety of what is a daily occurrence for so many people leaves me feeling the same as watching a small child act without fear. It does not change any of the real world facts or dangers, but they have the super power of ignorance on their side.

Much of our privacy concerns are directed at the government. William Edward Binney in 2001 and Snowden in 2013 have highlighted the governments reach. FBI vs. Apple has reawoken the DOJ’s reach through the judicial branch of government. These are real issues and on-going reaches to attain more power. One lady interviewed in Belgium today (March 22, 2016) following the bombings said, “They [the government] need to take away our privacy to get these people. Do it now.” This reactionary ideal has real consequences.

Many of us want to utilize all the wonderful internet tools which help us keep in touch, track our favorite sports and to even manage our shopping list. Yet people have no idea how internet businesses use and transfer personal data to others. Many people and policy makers are only just now discussing the reality that many businesses, online and off, quietly seek to identify consumers personally and sell information about them to others. The information is transferred to data brokers, repackaged and sold.

The not so new Information-Intensive Business Model relies on keeping people in the dark as they know that people object to this collection activity. Some of the selling points they offer businesses:

  • “We can secretly identify the address of your customer.”
  • “Not just the identity, but how they felt while visiting your store.”

Keeping things secret is important to businesses that purchase these services to avoid “losing customers who feel that you’re invading their privacy.” This business model is more prevalent then many people want to believe. Some of their software is even considered malware by leading security firms.

Consider this: without bothering to ask or tell you, retail stores are using systems that capture a unique, unchangeable identifier from your phone to track your movements and to identify you on your next visit. Currently this tracking is done on a pseudonymous basis. But how long do you think it will take for retailers to link the phone identifier to your contact information? And what remedy will you have—aside from leaving your phone at home—once this linkage occurs?

Connect this tracking with your point of sale system and link their credit information. Further connect this with facial & emotion recognition software which links social media accounts and you start to see the depth of this invasion of your privacy. Consider that your employer may use all this connected information in their human resources systems and you may not feel you have nothing to hide any longer.

There is not a single “Where should the line be drawn between Personal Privacy and Security?” statement. As the line is not just between you and the government, but businesses, marketers and data brokers which capitalize all this data for their customers in all areas of our lives. The data is not just being used any longer to place ads in your browser window. They are an integral part of the profiling done to you by almost every business, even your employer.

FILM: 'Nineteen Eighty-Four' (1984) starring John Hurt and Richard Burton. big-brother-orwell FILM -rally-privacy-loss free pic

FILM: ‘Nineteen Eighty-Four’ (1984) starring John Hurt and Richard Burton.

Big Brother is not just watching you. Big Brother is judging you.

Events have had a major impact on public attitudes on this issue. Terrorist attacks generate increased anxieties. For instance, the San Bernardino and Paris shootings in late 2015 had a striking impact. A Pew Research Center survey in December found that 56% of Americans were more concerned that the government’s anti-terror policies have not gone far enough to protect the country, compared with 28% who expressed concern that the policies have gone too far in restricting the average person’s civil liberties. Just two years earlier, amid the furor over Edward Snowden’s revelations about National Security Agency surveillance programs, more said their bigger concern was that anti-terror programs had gone too far in restricting civil liberties (47%) rather than not far enough in protecting the country (35%).

There is an ongoing conversation about privacy. While there are groups on the side of Privacy such as Electronic Frontier Foundation, EPIC, the Center for Digital Democracy, Consumer Watchdog, Patient Privacy Rights, U.S. PIRG and the Privacy Rights Clearinghouse there are also over 175 governments and the many thousands of bureaus they contain with their own wishes. Were this the limit of players the conversation could be simple, but when you throw in the 10,000+ businesses that profit off violating your privacy, everything gets even more complex.

Pew Research stated: “One consistent finding over the years about public attitudes related to privacy and societal security is that people’s answers often depend on the context. The language of the questions we ask sometimes affects the way people respond.”

The conversation about Privacy and Security is a complex one. It is far better to be involved in this discussion then not. What actions can you take to get involved? You could read primers on the issues and threats. You can get involved with a group that supports some of your opinions about privacy. Better, get involved in more then one group. Most importantly, even if you have not had your privacy breached by the government, criminals or businesses you should become aware of the threat and how it can be used against you and others.

Colin Bennett of the University of Victoria, Author of The Privacy Advocates: “A lot of privacy advocacy is not only about privacy, It’s about honesty, and it’s about trust. And when a reputation has been damaged because a company has been seen to not have been entirely open about its policy, then that privacy message can resonate more effectively.”

So who owns the data about you? When we hear about the companies profiting hugely off our data it raises a natural question. Why don’t we benefit from it? Why don’t we get a say in how data about us is used?

The conversation about Privacy and Security is a complex. It is far better to be involved in this discussion then not. What actions can you take to get involved? You could read primers on the issues and threats. You can get involved with a group that supports some of your opinions about privacy. Better, get involved in more then one group. Most importantly, even if you have not had your privacy breached by the government, criminals or businesses you should become aware of the threat and how it can be used against you and others.

Primers:

Americans feel the tensions between privacy and security concerns by Pew Research

The Privacy Advocates: Resisting the Spread of Surveillance (MIT Press) by Colin Bennett

Nothing to Hide: The False Tradeoff between Privacy and Security by Daniel J. Solove

Lockdown: Your Life: A Step-by-Step Manual for Securing Your Computer, Smart Phone, Online Banking Sessions & your Life From Identity Thieves by Aaron Anderson

Securing Your Computer to Maintain Your Privacy from Privacy Rights Clearinghouse

Free advice while limited is a useful place to start

Something to read and think about: Animal Farm and 1984 by George Orwell or watch the movie: 1984 with John Hurt