The Erosion of Privacy

Jarrod Loidl
"Independent Security Consultant Jarrod Loidl is an independent information security consultant with over seven years industry experience. He has worked in a number of different verticals such as education, gaming, advertising, financial services, professional services, not-for-profit and healthcare. His specialities are security management, risk and architecture and penetration testing. Though most of his experience lies in management end of security, he's trying to get back to his roots and stay in the technical game. He is an active member of the Australia Information Security Association (AISA) and ISACA and has presented at both the local Melbourne AISA and OWASP chapters. He is an avid, life long learner. His qualifications include a Bachelors degree in Computing, CISSP, CRISC, CISM, SABSA Certified Architect (SCF), Certified Penetration Tester (CPT) and very slowly chipping away at obtaining a Masters in Business Administration."

"If a nation values anything more than freedom, it will lose its freedom: and the irony of it is that if it is comfort or money that it values more, it will lose that, too." -- William Somerset Maugham

Privacy is a funny thing. We don't appreciate it until it's gone. We all have differing ideas on what is private, and everyone else places different values on it. So it should come as no surprise when government can't legislate for it properly, let alone enforce the legislation. Corporations don't really know how to manage it and most people have no idea how much they need it. Whenever I read an article about privacy and how it's all going down the toilet, I either shake my head or I get mad. Google simplifying its privacy policy (read: shafting its user base indiscriminately) is one example that gets a response. The Australia Government legislation to push airport scanners (already facing huge public backlash due to misuse in the US) is another. It all amounts to a simple issue, people trading their privacy for "convenience" or a perceived benefit such as "security".

For years, Bruce Schneier has harped on about how all the pomp and show at airports is little more than security theatre. Any the research produced to date suggests that airport scanners do little to reduce the threat of terrorism or violence on flight travel. Schneier is one of the loudest (and loneliest) voices reasoning against spending millions of dollars on such an ineffective campaign which does little to provide any tangible benefit aside from the appearance of security.

Similarly, while Google’s raft of products with differing policies must have presented them with nightmarish overheads to manage, their recent policy shift does little to address a number of concerns raised in multiple countries and regions across the world. Furthermore, Google offers no option to contact them to discuss any concerns you might have, your only option if you wish to opt-out is to cancel their service. That's a nice way to treat customers you've spent years fostering (to dependency). God forbid they're a paying a customer.

The other day I had a friend point out he was receiving Amazon ads for a book we were talking about casually, and somehow, Amazon displayed the exact title to him a short time later. I'm not one to believe in blind coincidence (neither is my friend) and both being privacy advocates, this scared the hell out of us.

The fact is, society has already traded its privacy for freedom, and we're clearly failing to maintain either. What began one step at a time, so incrementally (at first) has snowballed and is rapidly forming an avalanche. What are you looking for? Simply punch it into this search engine and off you go. But the next thing you know, those search engines began mining that information, cross referencing it with all kinds of data — your geographic location, date/time stamp, referrer header and other basics. In the past, those mailing lists you were subscribed to on sold those subscriber lists (before consent was required) your information included. Today we’ve reached a point of companies selling anonymised data (whatever that means?) revealing your click patterns, search history, hobbies, interests, the shared interests of your friends, the articles you read and even your mistyped URLs and search efforts. In the words of Jeff Hammerbacher, a former Facebook employee and researcher, "The best minds of my generation are thinking about how to make people click ads. That sucks.” I'm not one to put on my tinfoil hat while searching for stuff but we're at a point in society where you literally can't read a webpage with a "+1" or a "like" button without wondering who else knows that we are reading it. Note the Washington Post has a Facebook app that tells your friends when you're reading an article? Am I the only one concerned by this?

One of the most profound white papers on privacy I’ve read was written by Daniel J. Solve called 'I've Got Nothing To Hide'. It really made an impression on my thinking. It is probably the most detailed discussion I've ever found on the subject of privacy, intended to address the lamest argument you'll ever hear hurled against privacy advocates. I encourage everyone to read it. If nothing else, I hope it encourages you to take a stand for what you believe in. A saying commonly referenced in privacy circles is, "We all know what happens when someone goes to the toilet - it's no secret, but it's still private." Think of that the next time someone tells you "I've got nothing to hide".

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: privacy

Comments

Post new comment

Users posting comments agree to the CSO comments policy.

Login or register to link comments to your user profile, or you may also post a comment without being logged in.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Email Security and Data Protection

Encrypt your sensitive email

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.