Privacy: Is it dead or just being renegotiated?

Personal privacy was a hot topic at RSA this year. And while there was universal agreement that it is a problem, not everybody thinks it is completely dead

It would have been hard to find anybody at this past week’s RSA conference who doesn’t think privacy is a problem. The topic even had its own track, with more than six dozen sessions.

There is a bit less agreement, however, on how big a problem. It is not a large divide, but two presentations illustrated it well.

The first view is that the loss of privacy is reaching a catastrophic level. According to Theodore F. Claypoole, a partner at Wombie Carlyle, modern technology is not only eroding your privacy. It is eroding the legal standard for your “reasonable expectation” of it.

That unsettling message came with an equally unsettling title: “The gasping death of the reasonable expectation of privacy.”

Claypoole offered stark examples. He said at present, the police cannot legally burst through your door unannounced, or even monitor what you are doing in your home through the use of heat and power signals – at least not without a warrant – because that would violate the current “reasonable expectation” standard.

[ MORE FROM RSA: See all the news happening at the show ]

“But the legal standard used by the government to protect your privacy is withering away,” he said.

“What’s making it wither? The things we’re using, from a Hello Barbie doll to your car, smartphone and cell towers and more. What reasonable person would expect privacy when all this is around us?” he asked.

Theodore F. Claypoole, a partner at Wombie Carlyle

The withering of privacy, he said, is illustrated in things like the FBI taking the DNA of a person without consent or a warrant, like bosses reading the emails of their employees or police demanding to take a person’s mobile phone.

The Fourth Amendment, which protects, “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures …” provides a framework for privacy, he said, “but the Supreme Court hasn’t come up with standard about what that means to your stuff.”

And with ubiquitous tracking systems that not only collect metadata on where we are, who we call and our online life but also have improved facial and voice recognition, “there are better records of everything we do,” he said, adding that there is, “constant pressure from law enforcement to get deeper and deeper into accessing that information.

Claypoole said it is at the point where the options are to lose privacy entirely, or for the nation’s elected leaders to set a new standard for it. He called for, “certain acts, matters and behaviors to be declared private when they are done in a private space, and that government is excluded from collecting and viewing data about those behaviors without a warrant.

“Don’t let Hello Barbie take away your rights,” he said.

[ ALSO: 'Serious risk' that Apple-made iPhone cracking code will leak  ]

J. Trevor Hughes is also concerned about privacy. As president and CEO of the International Association of Privacy Professionals (IAPP), he ought to be.

But his message, in a talk titled “The Future of Privacy,” is that we have been here before, many times.

Beginning with images of famous works of art – the first was a sculpture of the naked goddess Venus surprised while bathing – he said privacy is “baked into the DNA” of people. And it is constantly being “renegotiated” as culture and technology changes.

He noted that the late Supreme Court justice Louis Brandeis co-wrote one of the “seminal articles” for the Harvard Law Review while a student there called “The Right to Privacy,” in which he argued that privacy was dead as a result of the flexible film camera, which allowed it to be small, portable and surreptitious, and helped the mass media to illustrate the activities of society’s elites. And that was 126 years ago, in 1890.

Decades later, in the 1960s, with the advent of mainframe computers, there were again declarations that privacy was dead. Thirty years later, in 1997, the cover of Time magazine declared “The Death of Privacy.” It declared basically the same thing in 2013 with a cover on, “The Surveillance Society.”

The point, Hughes said, is that technology keeps raising the issue. “Smartphones have an average of 30 apps, and therefore service providers,” he said, “which means that on any given day, you could have data relationships with hundreds of entities. That is a complex data ecosystem, and our laws are ill equipped to deal with it.”

That issue needs to be addressed, he said, with laws and compliance standards, with accountability of organizations to their employees and customers and by building “privacy by design” into products.

“When we are being observed, we are not truly free,” he said. “But to say privacy is dead,” he said, “is to say what was being said more than 100 years ago.

“No, it isn’t dead,” he said. “What we see is an age-old process, where society renegotiates the boundary.”

Join the CSO newsletter!

Error: Please check your email address.

Tags rsa

More about AppleFBIRSA

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Taylor Armerding

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts