Privacy 2012: I know what you did at 3:30 a.m.

2011 saw a number of significant privacy events. From Facebook and Google Plus dueling over privacy policies to concerns over what information your mobile phone actually knows about you. However, technology keeps moving forward, and privacy issues are sure to follow. For a peek into what experts expect in the year and years ahead when it comes to privacy, we turned to Rebecca Herold (aka the Privacy Professor) for answers.

Herold is an information security, privacy and compliance consultant, is currently working on her 12th published book, and has written dozens of book chapters and almost 200 articles on privacy and security.

CSOonline: With a spate of data dumps as a result of security breaches, many security and privacy issues arising from mobile and cloud computing, what do you think 2012 has in store when it comes to privacy?I think 2012 is going to be a lot like 2011. We'll see more attacks on businesses and government agencies stemming from online activism. Probably more legal concerns and battling over what privacy means in the age of cloud computing and social networking. And I think we're going to see more issues of mobile computing, along the lines of the Carrier IQ incident.

The Carrier IQ situation had touched a real nerve with a lot of folks, beyond the normal crowds interested in privacy. There are a lot of people I have known all my life, relatives and parents of classmates from elementary school, and everyone in between. It is interesting because they are not techie at all, but many were asking what handset and mobile companies were learning about them and what could be done to stop it.

Another area that I think will get more attention is the privacy around smart grid. That is going to be an ongoing concern. And as more states and utilities are rolling out their smart meters, I think you're going to see a lot more states trying to pass more smart grid privacy laws.

CSOonline: Smart grid privacy is an interesting topic, though I'm not sure many people understand why it may be so important. They wonder "What's the big deal if they can see when my electricity usage spikes?"Yes. That's very understandable. The NIST Interagency Report 7628 that came out last year identified a lot of the privacy issues. From a high level, with regard to privacy, is the fact that, historically, you had to be a meter-reader coming to a house and to take a reading. All everyone else would see is a spinning wheel. It didn't tell you very much more than sometimes it spun faster and other times it spun slower.

Now, with smart meters, the data is going directly to the utilities, many times by Wi-Fi. The fact that somebody driving by might pick it up, and from the data they could gather all sorts of information regarding the types of appliances you are using, where you are in the house, and so on. So there are many different privacy issues related to this. What if appliance manufacturers get this information? Are they going to start trying to sell a household their product to replace their inefficient one that they see you still have?

CSOonline: It sounds like it's possible to find out much about a person and their household from their power usage.Yes, the impact is broad. Consider divorce settlements. Will it be possible to prove that your spouse or ex-spouse was doing something they should not have at 3:30 in the morning in the hot tub based upon your energy consumption record? With the private electric vehicles, are you going to be able to tell exactly where somebody was at any point in time based upon their charging records?

By looking at the utility bill, would you be able to see when someone was traveling and so on? Would home insurance companies, by knowing whether or not you are using an inefficient appliance, potentially deny you coverage because they could show that you were using appliances that were in violation of the home insurance policy?

Then there are employers. What if you had something personal happen, and you told your employer that you were sick, and you lose because they could tell from your PEV -- your electric vehicle charging records -- that you were actually out in Las Vegas doing stuff that day. The examples are just unlimited, and more and more people are having concerns.

The NISTIR 7628 was a start, and we listed a number of important issues, and that work is continuing. Expect more work products from the group coming out very soon.

CSOonline: Are there other areas where you see potential privacy flaps in 2012?Social media is always a concern, and I think the integration of social media use by businesses and other organizations is going to continue to raise new privacy concerns. For instance, hospitals and physicians and other groups are promoting the use of social networking sites by physicians to help their patients, which, of course, sounds like a great idea. But then you dig into what happens, especially when the physicians do not know how to use the social network very well, information about their patients gets posted for the whole world to see.

Here's a recent, and shocking, example. A vendor that provides hospital systems had a type of authentication device. And they were encouraging the hospital staff to just use their Facebook passwords so they could automatically link their Facebook account with their system. And this device provided access into the patient care system! "It would make it really easy to manage," they said. So this connection of social networking devices to non-public systems like that will be another area that is going to see increasing numbers of privacy concerns.

George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter at @georgevhulme.

Read more about data privacy in CSOonline's Data Privacy section.

Join the CSO newsletter!

Error: Please check your email address.

More about CarrierFacebookGoogleSmart

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by George V. Hulme

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place