Recently I had the
exciting opportunity to meet Retired General Hayden, the former head of the National
Security Agency (NSA) and the Central Intelligence Agency (CIA). He was discussing
some of the trends he is seeing, as well as, the global developments that are
taking place with regards to security. There were a lot of questions from the
audience regarding privacy and espionage; whether state/governments or corporations
were responsible; in addition to a discussion around understanding the
evolution towards cyber security. Ultimately, an interesting discussion, however
I left the event asking myself one simple question – “Who is now responsible
for our privacy?”
In the good ole’ days,
before the time of the Internet and social media and “cloud services”, we were
confident that our governments could and were protecting our privacy, whether
that was our home address, phone number, or banking details. All of this
information was under strict government policies to ensure a countries citizens
were protected. Of course, in many of
these instances, we had to opt in, i.e. to remove our phone number from the
directory or to ensure our address didn’t appear in the phone book. But, it was definitely a simpler time and one
in which we felt secure in the geographic boundaries that our country protected.
Fast forward back to
today and oh how the world has changed. Our home phone and home address have
become the least of our concerns as our online identities are increasingly
coming under threat. The knowledge that is available on each of us today is
like nothing we have ever seen - your credit card details, your email address,
your social media contacts and even what you store in the cloud. All of this information is now worth much more
than our home phone number ever was.
It is interesting then that
the responsibility of our Privacy is moving away from our respective governments
and into the hands of local and global corporations. When we contemplate what that means for each
of us we may feel a shiver of fear or doubt, I know I did. Consider for a
moment your purchases online or simple sharing of your hobby’s or interests
with your friends in social media gatherings… Where does that data go? Who sees it? Do you use a tablet or smart
phone - guess where you’re phone numbers and any personal data is backed up?
Certainly your local government has no involvement in the storage and safe
keeping of this data. So, at what point did we start relying on
corporations – or in many cases “Over The Top” providers – to ensure our
privacy and protect our identities? What do you think happens to that
data? Where does it go? Who can see it? What can they do with it? What will they do with it? I could go on, but I think you get the point.
I am not sure about you,
but I don’t recall being provided a location as to where all of this
information was going, or being assured it was even remaining in my country of
origin… We need to remind ourselves that
these are businesses, not governments. There
has been no signing of a memorandum between our governments and these
businesses to officially hand over responsibility and accountability for the
maintaining of our privacy. Therefore, there
is no assurance that any of our data is not being used to create profiles or not
being shared with others – ever heard of people’s photo’s being hijacked for
other uses?
I recently shared with a
group of people the fact that it is easy to find out a whole raft of
information about someone’s profile. They
were a little surprised at the ease with which I could get the data and one of
them said that is why he doesn’t have an online presence – well at least one
that he wasn’t aware of! These online businesses we are now relying on to
protect our privacy, are in fact providing some privacy services (some of these
we even pay for) however, you will actually find that many of them, in their
fine print, inform you they are not responsible for your data and if this
information is stolen or “lost” they will attempt to retrieve it but cannot
promise anything.
There have been some
interesting cases recently where regulatory bodies have attempted to reign in
these businesses, either in terms of how they are using our information, or how
they were trying to access more. But
ultimately, what do you do when that business operates on a global scale? Given
today’s environment, I am not surprised that we are hearing more and more about
governments trying to tap into the Internet to listen and read what is going on.
As I am sure you all know, we are really no longer sending letters via post
office or making fixed line phone calls, in fact almost everything we use in
terms of communications is somehow connected to the Internet.
Interestingly, one
business has recently been talking about the “connectedness of everything”,
where we expect there to be some 50 billion devices connected to the “internet”
in the next 5-7 years. Consider for a moment, 50 billion devices, which would
include your car, refrigerator, TV, home security, washing machine, even our
children (this actually happens today where a Sim card, combined with GPS, is
used to track a child’s movements). Do
we really think all of this data will simply go onto a storage device in our
homes? Of course not! Many of these devices being connected to the Internet
will be incredibly useful to us. Just
think about it… knowing what to buy at the supermarket when you have forgotten
your list or knowing when your car needs service –without worrying that
something might break before you service or repair it. So, with the convenience
and help that all of these devices can bring us, the concern still remains - what
else would this data be used for? Where
will it go? Who will see it? What will they do with it?
This is where I come
back to the original question, who is responsible for our privacy? Well
ultimately we are. We need to ensure we
are always checking the policy of the online providers we are using and
understand what the fine print means. We need to ensure we are lobbying
regulatory bodies and governments to ensure they only issue business licenses
for online services to those providing clarity on what our data is used for and
more importantly, for those who are intending to share our data that they MUST
have an “opt-in” clause so we know what we are getting ourselves into. I don’t
know exactly when governments became no longer responsible for our privacy, but
ultimately we need to be aware of what we are signing up to and using the
Internet for.
Now some of you will be
thinking – ok Nathan, so what are you saying turn off the Internet and resort
back to mailing letters and using the landline phone for communication? Not at
all! We are already far down the path to an Internet enabled world, and there
is not much we can do about that. What I am saying though, is that we need to
be aware of the risks, understand what we are signing up for, read the fine
print and always think about what we are posting online or sharing with our
online communities. At the end of the
day, we are now responsible for how we interact with our online world more so
than ever before, and we need to ensure we do not assume that someone will
protect our privacy or our governments will come riding in on white horses to
save the day.
Our information has
moved online and we must define our own individual policies. We choose how to interact with “the net”. We protect ourselves. This is the new reality of privacy.