Tuesday 23 July 2013

The reality of privacy


Recently I had the exciting opportunity to meet Retired General Hayden, the former head of the National Security Agency (NSA) and the Central Intelligence Agency (CIA). He was discussing some of the trends he is seeing, as well as, the global developments that are taking place with regards to security. There were a lot of questions from the audience regarding privacy and espionage; whether state/governments or corporations were responsible; in addition to a discussion around understanding the evolution towards cyber security. Ultimately, an interesting discussion, however I left the event asking myself one simple question – “Who is now responsible for our privacy?”
 In the good ole’ days, before the time of the Internet and social media and “cloud services”, we were confident that our governments could and were protecting our privacy, whether that was our home address, phone number, or banking details. All of this information was under strict government policies to ensure a countries citizens were protected.  Of course, in many of these instances, we had to opt in, i.e. to remove our phone number from the directory or to ensure our address didn’t appear in the phone book.  But, it was definitely a simpler time and one in which we felt secure in the geographic boundaries that our country protected.
 Fast forward back to today and oh how the world has changed. Our home phone and home address have become the least of our concerns as our online identities are increasingly coming under threat. The knowledge that is available on each of us today is like nothing we have ever seen - your credit card details, your email address, your social media contacts and even what you store in the cloud.  All of this information is now worth much more than our home phone number ever was.
 It is interesting then that the responsibility of our Privacy is moving away from our respective governments and into the hands of local and global corporations.  When we contemplate what that means for each of us we may feel a shiver of fear or doubt, I know I did. Consider for a moment your purchases online or simple sharing of your hobby’s or interests with your friends in social media gatherings… Where does that data go?  Who sees it? Do you use a tablet or smart phone - guess where you’re phone numbers and any personal data is backed up? Certainly your local government has no involvement in the storage and safe keeping of this data.   So, at what point did we start relying on corporations – or in many cases “Over The Top” providers – to ensure our privacy and protect our identities? What do you think happens to that data?  Where does it go?  Who can see it?  What can they do with it?  What will they do with it?  I could go on, but I think you get the point.
 I am not sure about you, but I don’t recall being provided a location as to where all of this information was going, or being assured it was even remaining in my country of origin…  We need to remind ourselves that these are businesses, not governments.  There has been no signing of a memorandum between our governments and these businesses to officially hand over responsibility and accountability for the maintaining of our privacy.  Therefore, there is no assurance that any of our data is not being used to create profiles or not being shared with others – ever heard of people’s photo’s being hijacked for other uses? 
 I recently shared with a group of people the fact that it is easy to find out a whole raft of information about someone’s profile.  They were a little surprised at the ease with which I could get the data and one of them said that is why he doesn’t have an online presence – well at least one that he wasn’t aware of! These online businesses we are now relying on to protect our privacy, are in fact providing some privacy services (some of these we even pay for) however, you will actually find that many of them, in their fine print, inform you they are not responsible for your data and if this information is stolen or “lost” they will attempt to retrieve it but cannot promise anything.
 There have been some interesting cases recently where regulatory bodies have attempted to reign in these businesses, either in terms of how they are using our information, or how they were trying to access more.  But ultimately, what do you do when that business operates on a global scale? Given today’s environment, I am not surprised that we are hearing more and more about governments trying to tap into the Internet to listen and read what is going on. As I am sure you all know, we are really no longer sending letters via post office or making fixed line phone calls, in fact almost everything we use in terms of communications is somehow connected to the Internet.
 Interestingly, one business has recently been talking about the “connectedness of everything”, where we expect there to be some 50 billion devices connected to the “internet” in the next 5-7 years. Consider for a moment, 50 billion devices, which would include your car, refrigerator, TV, home security, washing machine, even our children (this actually happens today where a Sim card, combined with GPS, is used to track a child’s movements).  Do we really think all of this data will simply go onto a storage device in our homes? Of course not! Many of these devices being connected to the Internet will be incredibly useful to us.  Just think about it… knowing what to buy at the supermarket when you have forgotten your list or knowing when your car needs service –without worrying that something might break before you service or repair it. So, with the convenience and help that all of these devices can bring us, the concern still remains - what else would this data be used for?  Where will it go?  Who will see it?  What will they do with it?
 This is where I come back to the original question, who is responsible for our privacy? Well ultimately we are.  We need to ensure we are always checking the policy of the online providers we are using and understand what the fine print means. We need to ensure we are lobbying regulatory bodies and governments to ensure they only issue business licenses for online services to those providing clarity on what our data is used for and more importantly, for those who are intending to share our data that they MUST have an “opt-in” clause so we know what we are getting ourselves into. I don’t know exactly when governments became no longer responsible for our privacy, but ultimately we need to be aware of what we are signing up to and using the Internet for.
 Now some of you will be thinking – ok Nathan, so what are you saying turn off the Internet and resort back to mailing letters and using the landline phone for communication? Not at all! We are already far down the path to an Internet enabled world, and there is not much we can do about that. What I am saying though, is that we need to be aware of the risks, understand what we are signing up for, read the fine print and always think about what we are posting online or sharing with our online communities.  At the end of the day, we are now responsible for how we interact with our online world more so than ever before, and we need to ensure we do not assume that someone will protect our privacy or our governments will come riding in on white horses to save the day.

Our information has moved online and we must define our own individual policies.  We choose how to interact with “the net”.  We protect ourselves.  This is the new reality of privacy.

2 comments:

Anonymous said...

Hi Nathan,

I can only agree except for one thing, Landlines in the old days were not as safe as many believe!

Dieter

Nathan Bell said...

Fair point Dieter, but I would imagine it was harder back then to track millions of people than it is today ... :)