Sophos Cloud Optix
This article is inspired by another piece we’ve published today in which Naked Security’s John Bryan asks ‘is data privacy an out of date concept?‘. For the most rounded perspective, I highly recommend you read both.
John points out that the Facebook generation are increasingly putting their lives online – posting information about who they are, where they are, what they’re doing and who they’re with – the very information that organisations often go to great lengths to protect.
All that openness is bound to have a profound impact on our social norms and it could well be that things that are considered embarrassing or shameful today won’t be tomorrow.
As John asks in his article:
…are we trying to protect privacy based on past social values? Are we old-fashioned in trying to keep a lid on the social media generation?
It’s a good question and after careful thought my answer to that is this; not only is it not old fashioned, I think that trying to stem the rising tide of spilled personal data is the very height of modernity.
Who pays the price today?
Firstly, there is an immediate cost to consider.
Profound change in social norms does not happen overnight and anyone ahead of the curve is putting themselves in the firing line, and in this particular social revolution, a lot of those in the firing line are minors.
We might be comfortable letting adults push the envelope with brave or ill informed privacy choices but we have a legal and moral duty to protect our children from damaging themselves.
We have to find a way to make our kids the beneficiaries of social change rather than the cannon fodder – when it comes to data privacy that means erring on the side of caution.
Their generation might grow to adulthood in a world where fewer things are considered shameful or embarrassing but, right now, that isn’t even true in their own closed social circles – cyber-bullying is real, widespread and damaging.
So, whatever the future holds, we have a job to do today, and part of that job is leading by example.
Will the future be more liberal?
But what of the future? Will all this copious sharing of private, personal information lead to a more open and tolerant society?
Well, it might. But then again it might not.
It’s easy to look at very recent changes in the western world’s attitudes to sexuality, race, or even bathing costume choices, and see a positive trend that’s here to stay.
Unfortunately, societies don’t move steadily and inexorably towards greater openness, tolerance and liberalisation.
Who in the liberal 1920s would have imagined the sudden and horrific rise of fascism in the 1930s? There are countless examples of how social attitudes ebb and flow over time.
And of course, whilst data crosses national borders, social attitudes do not. Uganda is not San Francisco.
Finally, whilst technological progress and the sharing it brings might make us more open and tolerant it is not the only factor that will impact how our culture will develop.
Predictions of the future are, by their very nature, doomed to be confounded by the unforeseen. Better to hope for the best but plan for the worst.
Shared once, shared forever
For me, the biggest difference between today and the past is not how liberal our attitudes are but how permanent our data privacy choices have become.
An internet user might have some choices about what personal data they put online but, once there, that data can be impossible to erase.
To make matters worse, it’s becoming increasingly difficult to determine what data is being recorded and why data might be significant.
Data points that are individually innocuous can be enormously powerful and revealing when aggregated – that is the essence of Big Data.
How can we possibly know what aggregations will be possible next week, next year or next decade and, faced with our ignorance, can we really claim to understand the consequences of the data privacy choices we make today? And if we can’t do that then how can we say with any certainty what data we shouldn’t consider private?
We can either accept that the genie is out of the bottle and that private data is part of the commons or we must guard our privacy more jealously than ever before.
It’s possible of course that the genie is already long gone: if nobody can reasonably protect all of their private data then data privacy really is an out of date concept.
Quite reasonably John asks, in a world of Google Glasses and commercial video satellites, “Where will you hide tomorrow?”
I think the answer to that will depend on how much money you have. So long as private data has a value there will be a market for those acquiring it and a market for those protecting it.
If always-on video surveillance makes it harder for individuals to be private then I suspect it will simply increase the value of privacy, the amount somebody is prepared to pay for privacy and the financial rewards for anyone who can provide it.
Far from an egalitarian data commons that renders privacy moot I expect that we’ll see stratification with the wealthy being able to afford more and better privacy options than the poor.
Data is the crop that powers the information economy and we’re all smallholders. That economy is still only in its early years but your personal harvest of private data is already valuable (if it weren’t there would be no identity theft and no such thing as a supermarket loyalty card).
4,000 years ago, farmers got together to build city walls around their grain surpluses. In 2014 we’ve only just realised we should be encrypting the connections between our data centres.
We have a long way to go before we can say we understand the significance of our data or that we’re managing it well. Until we can say that, and until we understand the long term consequences of our privacy choices, I think we must act with great caution before making any of our personal data less private.
In regards to the mention of loyalty cards near the end of the article, sometimes there is a way between giving away all our personal info and collecting rewards (discounts, promotions…) from companies, and being left behind or aside.
For example the Dutch supermarket Albert Heijn has a bonus card that you can get completely anonymously. This way they cannot identify you, but the company still gets two advantages:
– people with a loyalty card will be more likely to come back as they know they get discounts
– the supermarket can gather info about which kind of discounts people prefer, buy together, etc, studying (big data again, and this time really anonymous) the info provided by those cards (not sure if they really do so, but I presume they must be doing it).
This card has a second option where people can register with their name and addresses, and get personalized discounts (in Tesco style, let’s say).
So you can chose which kind of loyalty card you get, anonymous or personalized, with different levels or privacy and rewards.
One doesnt need to show an ID to sign up for loyalty cards…I have loyalty cards from my local grocery chain and have a fake name, dob etc. I still get all the discounts associated with it. Now ofcourse if I win a car or something like that in one of the sweepstakes, I will be regretting that I didnt sign up with my real name LOL
Maybe not such a good idea. I found a set of house and car keys on an Adopt-A-Highway cleanup, along with about a dozen loyalty tags. I started calling the merchants. I did NOT ask for the owner’s contact information; I merely gave mine and asked that they have the owner contact me to retrieve his keys.
Some merchants declined but two or three agreed to contact the owner. He called me the next day, greatly relieved. He had been about to have the house and car locks changed at great expense.
As long as you trust the merchants to withstand social engineering, no problem with giving correct information for your loyalty tags–or you can do as I do. The loyalty cards stay in my billfold, not my keychain.
Signing up with fake data does not render these card holders anonymous…if you use a ‘loyalty card’ + credit card, they are linked to your real info because the credit card company sells your data to the retailer… If you only use ‘loyalty card’ + cash, but show your ID for alcohol purchase, they are linked…then there are the facial recognition cameras being rolled out to most stores. The whole thing stinks and I’m not sure of the end game.. great article!
Don’t put booze purchases on your loyalty card?
the mention of permanence is correct – sadly even people that have no personal online presence at all are at risk from ‘friends’ that post stories, info and photos on FB and other sites – we have no control at all about what others post for us – something that I as a parent am aware of, I am very careful what I share about my child for example, and now that she’s old enough I ask her permission too.
Sadly people don’t ask my permission before sharing school photos, details or trips, locations, etc
Not only are they at risk from friends, but also, once a realtor friend of mine found out that someone had created a fake facebook and linkedin profile in his name and was getting all his clients. After that incident, he almost found it to be a necessity to have an online presence.
“Will the future be more liberal?”
If by “liberal” you intend the original meaning of the word, which pertains to freedom, the future will not be more liberal if things continue the way they’re going now. When the consequences of assaults on privacy such as Facebook come home to roost, people will do what they always do—namely, demand that the politicians pass more laws that further reduce everyone’s freedom of choice, rather than take responsibility for their own bad choices.
“It’s possible of course that the genie is already long gone: if nobody can reasonably protect all of their private data then data privacy really is an out of date concept.”
Privacy is not an out of date concept. Privacy is a choice. You can choose to have your own life rather than have it revolve around (and be exploited by) Facebook. You can choose not to broadcast your date of birth, and every other detail that makes you an easy target. In other words, you can take responsibility for your privacy.
You don’t need money to do that. Those with more money have always been able to afford more privacy than those with less. But even rich people can be fools. Only those with the maturity to use their wealth wisely seek to avoid the glare of publicity. Those who have wisdom do not seek fame. Unfortunately, we live in a culture that breeds stupidity, not wisdom.
Note that I posed the question about the genie being out of the bottle and then said I didn’t think it was.
I agree that people need to take responsible privacy choices but my point was that if nobody can reasonably protect their privacy then they have no privacy choices.
The genie is out of the bottle if and when no amount of being responsible with your data helps.
When it comes to Facebook you might have the choice not to broadcast your date of birth but you don’t have the choice to prevent somebody else from broadcasting it.
You don’t have the choice to prevent a company from discovering things you didn’t share by aggregating data you did share in ways you weren’t expecting.
You don’t have the choice to prevent a hacker from leaking a compromised database plucked from a company you trusted your data to.
You could make all the best privacy choices in the world and still lose control of your private data.
well put.
“I posed the question about the genie being out of the bottle and then said I didn’t think it was… The genie is out of the bottle if and when no amount of being responsible with your data helps… You could make all the best privacy choices in the world and still lose control of your private data.”
I don’t follow you, Mark. If even the best privacy choices in the world won’t protect your private data, then by your own definition, the genie is already out and gone. If no amount of being responsible makes any difference, then it’s game over. Your reply (above) certainly seems to make that case.
Anyhow, I’m not arguing the point. Until I’m convinced that there’s nothing I can do that will make any difference in securing my private data, I will continue to do everything I can to protect my privacy.
It’s a matter of what’s probable vs what’s possible and I see it as a race against time.
Right now making good privacy choices, choices like not sharing your birth date on Facebook, is a good idea because whilst it’s *possible* that your privacy could be undermined even if you do make good choices like that it is not yet *probable*.
Unfortunately no innovation or new behaviour is required in order for it to become probable – it only requires an escalation in the kind of data leaks we see already.
My hope is that in the time it might take for that escalation to occur we will see an improvement in the general level of security – better educated individuals, better standards and regulations and better industry practices.
how can you ‘choose’ to be private…every business / merchant / retailer / bank and credit card co., etc. that you do business with (and some you don’t aka third parties) is selling our data… including DOB.. poppycock!!!!
In regard to young people posting information about their location,where they go to school,& where they live, the terms “child-molester,& home-invasions come to mind.
The practice of putting personal details online, and the kick I’m sure many folks derive from it, reminds me of the scene in the Steve Martin film The Jerk when his character get’s a thrill from seeing his name in the White Pages.
Facebook and other SNS is a much higher-tech route to such whimsical, trivial narcissm. Is such openness really the future for personal data, or is it just fad that will dissipate as the novelty of SNS wears off? – As it already appears to be doing (Google ‘facebook decline’ for a plethora of news articles).
Indeed, once the Facebook generation are old codgers like me, will the new young generation look upon SNS as old-fashioned, and ask that just because we have the technology to reduce personal privacy does it necessarily mean we should use it?
Something very useful unless you are currently attempting to get credit is to block electronic access to your SSN. Once blocked, you must physically go into a Social Security office to have it unblocked. I’ve done this for my children to help prevent Identity Theft. When they are old enough to be getting credit, etc. they can unblock it but until they need it, no one has access to their information either via phone or internet. Here’s the link: https://secure.ssa.gov/acu/IPS_INTR/blockaccess
See my comment on the other post. I’m more in agreement with this post but I think the debate is weakened by leaving the definition of privacy implicit. Privacy is not about secrecy or keeping information hidden; it’s about who controls information about you. It’s about transparency and accountability. It’s about balancing interests. It’s about the power relationship of individuals to the state, corporations and institutions.
The value of privacy isn’t changing. If anyone thinks it is, please show me the people who value loss of control and helplessness.