6 Ways We Gave Up Our Privacy

Here's how privacy went the way of the dinosaur, how we let it happen and how we might be able to get some of it back

Privacy has long been seen as a basic, sacred right. But in the Web 2.0 world, where the average user is addicted to Google apps, GPS devices, their BlackBerry or iPhone, and such social networking sites as Facebook and Twitter, that right is slowly and willingly being chipped away. In fact, some security experts believe it's gone already.

Adding to this sobering reality is that public and private entities have a growing array of tools to track our movements, habits and choices. RFID tags are on more of the items we take for granted. Those discount cards you use at the grocery store offer companies an excellent snapshot of the choices you make. And in the post 9-11 world, the government has greatly expanded its power to spy on you with such laws as The Patriot Act.

"Your credit card company and your loyalty card program memberships track your purchases, travels, expenditure levels, and blend that into offers that meet your lifestyle profile," said John Zurawski, vice president of Authentify Inc. "Firms sell GPS devices specifically to be hidden in vehicles permitting anyone to track your movements. The RFID Tollway passes states offer to speed you through their toll roads know where you've been and how fast you drove."

Based on an informal survey of privacy and security experts, here are six examples of how we've willingly allowed our privacy to be taken away, and how we might be able to get some of it back.

1. Google

Google apps such as Gmail and Google calendar allow individuals and organizations to bring order to the hectic process of scheduling and communicating. But when you input company agenda items into the applications along with other proprietary information and potentially embarrassing things like an upcoming doctor's appointment, you're giving up privacy to Google, said Chicago-based business consultant Mark Cummuta, who specializes in compliance, security and CIO challenges.

"When Google first started, it said it would only use that information internally, to get a sense of the things you like and talk about," he said. "All that information used to be gathered in a way where you explicitly gave permission, through things like surveys. But Google can easily poke around without seeking permission, and they don't explain to you how they know what they know."

2. Social networking

It's getting increasingly harder NOT to find someone on LinkedIn, Facebook, Twitter or all of the above. Then there's Myspace and a lot of lesser-known social networking sites. If you use these programs -- and you probably do -- chances are pretty good that you give up a lot of your privacy every day, willingly and even happily. Security experts have spent a lot of time ringing the alarm bell over this lately, because bad people can easily take the personal tidbits you post and use it against you, for everything from marketing to blackmail.

"Privacy is evaporating because Facebook, Myspace, Twitter and blogs are raising a generation of kids and adults who have no concept of privacy or the ability to truly understand that nothing digital is ever forgotten or destroyed," said Raj Goel, owner of security compliance consultancy Brainlink International Inc. "Ten years from now, kids will be Googling their mommy's spring break pictures and their daddy's Facebook profile, if they don't do so already."

3. RFID tags and loyalty cards

In this fast-paced world, people use special transponders to blow through highway toll stations without stopping and pay for gas without having to swipe a credit card. Then there are those cards you present at the grocery store for discounts. All have technology that can be used to track your movements and habits, right down to the time of day you typically go through a toll plaza each morning on the drive to work.

"Let's add RFID chips, the Real ID Act and the PASS Act to the list as well. How about chips in passports? We're lulled into a false sense of security and people aren't realizing that they are simply giving those rights to privacy away," said Julie Davis Friend, president of Gemstone Partners, a firm that advises organizations on issues surrounding identity theft and new legal requirements."

4. The Patriot Act

Given all the debate about the evils of The Patriot Act and how it gave the government a ridiculous amount of power to spy on people, we often forget that citizens were perfectly comfortable giving away privacy in the immediate aftermath of 9-11, when people were consumed with the desire to stop the next terrorist attack from happening. [See also: Eight Years After 9-11: Better Security or Just Luck?] Many a security expert will argue that the law did indeed improve our safety and prevent more attacks. In other words, enacting it was the right thing to do. But it's also universally accepted that civil liberties were eroded under the law.

Notes Zurawski: "The Patriot Act granted broad powers to law enforcement to enter your home with 'probable cause' and no warrant."

5. GPS

GPS navigation used to be a luxury item. Now most of us use the technology. It's relatively inexpensive to buy a GPS device that's bolted to the dashboard. Higher-end cars come with built-in GPS. And there are plenty of free navigation apps available for the BlackBerry and iPhone. The flip side to fewer people getting lost is that the providers of those systems can track your whereabouts without breaking a sweat.

6. The Kindle

Here's one you may not have seen coming. The increasingly popular Kindle allows us to tear through books on the go. But the device also "keeps track of what you read, how quickly you read it, what you may have read over several times, and can delete content you've paid for without your knowledge should it become 'necessary,'" Zurawski said.

Getting back some privacy

The good news in all of this is that there are steps people can take to protect more of their privacy. Educating younger folks on what they are giving away is a good place to start, those polled said. Businesses should steer clear of something like Gmail if they have sensitive data to send someone. And consumers can demand that government agencies crack down on the privacy-stealing practices of private-sector companies.

"The FTC could take on Facebook, Myspace and other sites that target kids the same way they expanded HIPAA's scope and brought online health care databases under their purview," Goel said. "When my government grows up, I want them to be the FTC -- the only national agency that's done anything meaningful about consumer privacy and security in the past decade."

Join the CSO newsletter!

Error: Please check your email address.

Tags securityprivacy

More about BlackBerryFacebookFTCGoogle

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Bill Brenner

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place