The Erosion of Privacy
"If a nation values anything more than freedom, it will lose its freedom: and the irony of it is that if it is comfort or money that it values more, it will lose that, too." -- William Somerset Maugham
For years, Bruce Schneier has harped on about how all the pomp and show at airports is little more than security theatre. Any the research produced to date suggests that airport scanners do little to reduce the threat of terrorism or violence on flight travel. Schneier is one of the loudest (and loneliest) voices reasoning against spending millions of dollars on such an ineffective campaign which does little to provide any tangible benefit aside from the appearance of security.
Similarly, while Google’s raft of products with differing policies must have presented them with nightmarish overheads to manage, their recent policy shift does little to address a number of concerns raised in multiple countries and regions across the world. Furthermore, Google offers no option to contact them to discuss any concerns you might have, your only option if you wish to opt-out is to cancel their service. That's a nice way to treat customers you've spent years fostering (to dependency). God forbid they're a paying a customer.
The other day I had a friend point out he was receiving Amazon ads for a book we were talking about casually, and somehow, Amazon displayed the exact title to him a short time later. I'm not one to believe in blind coincidence (neither is my friend) and both being privacy advocates, this scared the hell out of us.
The fact is, society has already traded its privacy for freedom, and we're clearly failing to maintain either. What began one step at a time, so incrementally (at first) has snowballed and is rapidly forming an avalanche. What are you looking for? Simply punch it into this search engine and off you go. But the next thing you know, those search engines began mining that information, cross referencing it with all kinds of data — your geographic location, date/time stamp, referrer header and other basics. In the past, those mailing lists you were subscribed to on sold those subscriber lists (before consent was required) your information included. Today we’ve reached a point of companies selling anonymised data (whatever that means?) revealing your click patterns, search history, hobbies, interests, the shared interests of your friends, the articles you read and even your mistyped URLs and search efforts. In the words of Jeff Hammerbacher, a former Facebook employee and researcher, "The best minds of my generation are thinking about how to make people click ads. That sucks.” I'm not one to put on my tinfoil hat while searching for stuff but we're at a point in society where you literally can't read a webpage with a "+1" or a "like" button without wondering who else knows that we are reading it. Note the Washington Post has a Facebook app that tells your friends when you're reading an article? Am I the only one concerned by this?
One of the most profound white papers on privacy I’ve read was written by Daniel J. Solve called 'I've Got Nothing To Hide'. It really made an impression on my thinking. It is probably the most detailed discussion I've ever found on the subject of privacy, intended to address the lamest argument you'll ever hear hurled against privacy advocates. I encourage everyone to read it. If nothing else, I hope it encourages you to take a stand for what you believe in. A saying commonly referenced in privacy circles is, "We all know what happens when someone goes to the toilet - it's no secret, but it's still private." Think of that the next time someone tells you "I've got nothing to hide".
Sign up now »
Manage and visualize the security and compliance of VMware, physical, and hybrid-cloud infrastructure from the RSA Archer eGRC Platform.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.