Matt Tett is the Managing Director of Enex TestLab, an independent testing laboratory with over 22 years history and a heritage stemming from RMIT University. Matt holds the following security certifications in good standing CISSP, CISM, CSEPS and CISA. He is a long standing committee member of the Australian Information Security Association (AISA), Melbourne branch, and is also a member of the Information Systems Audit and Control Association (ISACA). Enex TestLab can be found at http://www.testlab.com.au blog at http://enextestlab.blogspot.com and can be found on twitter as @enextestlab.
One of my previous blogs touched upon the Australian Federal Government’s proposed data retention laws and the inevitable storm raised by those opposed - big brother all over again. The digital Australia card. However, some individuals are voluntarily and publicly releasing personal information of far greater value than a list of the internet sites they visit. Indeed the information released is encouraged to be used by marketing and advertisers to characterise an individual and target promotions straight to their screen.
There are so many social media platforms available these days - both professional ones and personal ones - not to mention sites for dating and other specialist forums. If you want to participate, you either construct a highly fanciful persona or one give up some of your actual private information.
This may be all well and good, but what happens when these sites start collecting and aggregating personal data? It may be an effective revenue model for these sites (the cost to individual participants is personal data, however the true dollar cost is covered by those with a desire access that information and target their advertising).
This is all well and good as most people understand this trade off, and some encourage this by tailoring their internet experience based on information they have released.
It is, however, concerning when this private information is accessed by those with malicious intent. When aggregated they have a powerful data set, used often in identity fraud.
Or say you have a few “secrets” that you wouldn't necessarily be happy to be attributed to – especially, for example, law enforcement agencies. You know that video you uploaded of yourself doing a motorbike wheelie at 140kph on a public motorway? Rumour has it that Raytheon has entered the social media aggregation and intelligence business, and I would assume it is not for the purposes of advertising.
Yet another reason to either, destroy your own identity online before someone else does (and have fun doing it) or to double up your privacy protection and anonymisation techniques.