The Erosion of Privacy

Jarrod Loidl

Jarrod is an information security & risk professional whose core experience resides in security management, architecture and penetration testing. He has worked with a number of different sectors including financial services, government, advertising, education and telecommunications. His qualifications include a Bachelors degree in Computing, CISSP, CRISC, CISM, SABSA Certified Architect (SCF), Certified Penetration Tester (CPT) and very slowly chipping away at obtaining a Masters in Business Administration.

"If a nation values anything more than freedom, it will lose its freedom: and the irony of it is that if it is comfort or money that it values more, it will lose that, too." -- William Somerset Maugham

Privacy is a funny thing. We don't appreciate it until it's gone. We all have differing ideas on what is private, and everyone else places different values on it. So it should come as no surprise when government can't legislate for it properly, let alone enforce the legislation. Corporations don't really know how to manage it and most people have no idea how much they need it.

Whenever I read an article about privacy and how it's all going down the toilet, I either shake my head or I get mad. Google simplifying its privacy policy (read: shafting its user base indiscriminately) is one example that gets a response.

The Australia Government legislation to push airport scanners (already facing huge public backlash due to misuse in the US) is another.

It all amounts to a simple issue, people trading their privacy for "convenience" or a perceived benefit such as "security".

For years, Bruce Schneier has harped on about how all the pomp and show at airports is little more than security theatre. Any the research produced to date suggests that airport scanners do little to reduce the threat of terrorism or violence on flight travel. Schneier is one of the loudest (and loneliest) voices reasoning against spending millions of dollars on such an ineffective campaign which does little to provide any tangible benefit aside from the appearance of security.

Similarly, while Google’s raft of products with differing policies must have presented them with nightmarish overheads to manage, their recent policy shift does little to address a number of concerns raised in multiple countries and regions across the world. Furthermore, Google offers no option to contact them to discuss any concerns you might have, your only option if you wish to opt-out is to cancel their service. That's a nice way to treat customers you've spent years fostering (to dependency). God forbid they're a paying a customer.

The other day I had a friend point out he was receiving Amazon ads for a book we were talking about casually, and somehow, Amazon displayed the exact title to him a short time later. I'm not one to believe in blind coincidence (neither is my friend) and both being privacy advocates, this scared the hell out of us.

The fact is, society has already traded its privacy for freedom, and we're clearly failing to maintain either. What began one step at a time, so incrementally (at first) has snowballed and is rapidly forming an avalanche. What are you looking for? Simply punch it into this search engine and off you go. But the next thing you know, those search engines began mining that information, cross referencing it with all kinds of data — your geographic location, date/time stamp, referrer header and other basics. In the past, those mailing lists you were subscribed to on sold those subscriber lists (before consent was required) your information included. Today we’ve reached a point of companies selling anonymised data (whatever that means?) revealing your click patterns, search history, hobbies, interests, the shared interests of your friends, the articles you read and even your mistyped URLs and search efforts. In the words of Jeff Hammerbacher, a former Facebook employee and researcher, "The best minds of my generation are thinking about how to make people click ads. That sucks.”

I'm not one to put on my tinfoil hat while searching for stuff but we're at a point in society where you literally can't read a webpage with a "+1" or a "like" button without wondering who else knows that we are reading it. Note the Washington Post has a Facebook app that tells your friends when you're reading an article? Am I the only one concerned by this?

One of the most profound white papers on privacy I’ve read was written by Daniel J. Solve called 'I've Got Nothing To Hide'. It really made an impression on my thinking. It is probably the most detailed discussion I've ever found on the subject of privacy, intended to address the lamest argument you'll ever hear hurled against privacy advocates. I encourage everyone to read it. If nothing else, I hope it encourages you to take a stand for what you believe in.

A saying commonly referenced in privacy circles is, "We all know what happens when someone goes to the toilet - it's no secret, but it's still private." Think of that the next time someone tells you "I've got nothing to hide".

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: privacy

Show Comments

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Media Release

More media release

Market Place