Is anything private in Web 2.0?

The answer to this question is simple: no. With the developments in social media and two-way communication channels such as Twitter, Facebook and YouTube, it has made social privacy somewhat non-existent.

With regards to corporate/organisation privacy, the most complex computer system in the world is now capable of being breached. With sensitive information out of a business’s complete control there is a much greater risk for error, negligence or cybercrime. Another big problem is the rogue employees that may defame the business via blogs or use of social networking that can publish at will.

According to the Ponemon Institute, a leading organisation dedicated to independent research and education, stated:

  • 85 per cent of businesses have experienced a data security breach
  • 46 per cent of businesses fail to implement encryption solutions even after suffering a data breach.
  • 82 per cent do not seek legal counsel prior to responding to the incident despite not having a prior response plan in place
  • 95 per cent of businesses suffering a data breach were required to notify data subjects whose information was lost or stolen.

To understand the reasons for this, it’s important to establish the make-up of Web 2.0. Since the crash of the dot com era in 2001, fear broke out that the Web would crash. Instead new applications and websites began to grow, develop and expand across the Web. Since then an advance in computer software and the push for a better user experience has evolved across the Web. The transition from Web 1.0 to Web 2.0 was complete almost overnight; this was the start of the technological age and the beginning of the end of privacy as we know it.

Almost any information can be attained if it is in high enough demand or is deemed valuable to the public. Take the WikiLeaks scandal, for example. Information about equipment expenditures, holdings in the Afghanistan war and corruption among other highly controversial, political and private issues were released across the Web. Founder, Julian Assange published submissions and news leaks from anonymous news sources and whistle blowers.

The Wikileaks scandal highlights the ease at how information can be exposed. It’s important to understand how information is released and private documents are breached as this is just one extreme example, but computer systems are breached on a daily basis.

Web 2.0

Web 2.0 is made up of three main components: Rich Internet Application (RIA), Service Orientated Architectures (SOA) and the social Web. It’s important to add cloud computing, social networking and virtualisation as they are also bringing about new exposure to privacy issues to the fore.

The first part of Web 2.0 is RIA, some buzz words that come to mind are Flash and Ajax. Flash is a multimedia platform, providing vivid animation and interactivity to animations. It is commonly used for videos, games and other interactive Web page content. Ajax is used for creating interactive Web applications; it combines HTML, JavaScript and CSS to build the layout and page content, to obtain the business data from the server.

RIA is how the experience from the desktop into the browser, whether it’s from a graphical or usability perspective, is established. A good example of this is the drag and drop that everybody is used to from the desktop.

SOA is another key part of Web 2.0. This includes buzz words such as feeds, RSS, Web services and mashups. What SOA is all about is how Web 2.0 applications expose their functionality so that other applications can leverage and integrate their functionality providing much richer applications including the infamous mashups. This integration process has led to numerous privacy breaches in the past. When taking information from other sources it’s important to be vigilant and ensure privacy rights are protected.

The area of most controversy when it comes to privacy is the social Web. Web 2.0 applications tend to interact much more with the end user. The end user is not only a user of the application but he or she is a participant. Whether by tagging the content, contributing to the wiki or doing podcasts or blogging, as part of the social nature of these applications the end user is an integral part of the data of the application providing feedback, allowing the application to leverage the users that are using it. Therefore, the power of privacy is down to the person who has last been given the information as it is that person’s decision as to what he or she will do with the information.

This is simply bad news. More than likely that last person is in fact last persons, meaning more people have this information, and as there are an infinite number of sharing tools available; the temptation to share information has become increasingly difficult to resist. The combination of the social Web and human nature leaves privacy a difficult concept to grasp for the vast majority of people and the only question left to ask is how long can an issue stay private? Examples have shown: not long.

With regards to business privacy, a good way to gauge the level of trust organisations have in Web 2.0 is to look at a stereotypical business cyber policy. In this rapidly changing world of technology there is increased exposure and liability. Unauthorised access or use of a computer system is usually the first coverage in a cyber-insurance policy this can include theft or destruction of data, hacker attacks or denial of service attacks and malicious code. Liability exposure can grow even more from using outsourced service providers such as Web hosting, document storage, call centres and credit card processing. Other growing threats include data breaches, especially in the areas of sensitive health care and financial data. For example, in April Visa had to remove Global Payments from a list of credit-card processors as 1.5 million credit card numbers and other important information were stolen.

Web 2.0 is a dream world for hackers, law breakers and social parasites looking to exploit and take advantage of the privacy of individuals and organisations for their personal benefit. Take note: An FBI crime and security survey found that 71 per cent of American companies are endangering their financial stability by not having insurance that will cover Internet liability.

Olan Ahern has a keen interest in social media and online issues. He works on behalf of ASOS an online e-commerce based fashion retailer.

Tags internet securityWeb 2.0

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.