Posted by: Robert Westervelt
An all out assault on privacy is taking place and some people are failing to see the problem.
Toronto – Many of the people who claim the death of privacy are profiting from it, according to a privacy expert who keynoted at the SecTor 2010 conference. “Privacy matters. Even if it doesn’t matter to you,” said Tracy Ann Kosa, a privacy impact assessment specialist with the government of Ontario.
Kosa laid out an extensive history lesson on why people need to begin considering the sum total of the choices they make and the actions they choose. “We don’t have to keep building systems that retain data or record all these transactions,” she said.
The statistics of who is freely giving up information are daunting. According to Kosa, 81% of children under the age of two have some kind of online presence. Seven percent of babies have an email address and 5% of toddlers have a social network profile.
“Security focuses on reliable and valid data, but we aren’t talking about data mining anymore, we’re talking about reality mining,” Kosa said.
While users of social networks and other services are freely giving up data, many of the companies behind the websites may not be handling the data properly, Kosa said. People are putting a lot of trust in the sites they use. A prime example is Facebook, which admitted recently that some of the applications were giving up information that could identify individual users of the social network to third-parties. Did a flaw in Facebook’s design enable third-party apps to give up identities? The identity leakage is not limited to Facebook. In fact, dozens of social networks are leaking user identities, according to a study by Worcester Polytechnic Institute.
Kosa said we have created an infrastructure that collects and logs vast amounts of data, yet when it comes to the security of that information, some companies are failing.
“The idea behind it is you comply with the rules of the system and [companies and governments] can provide you with assurance that the system works,” Kosa said. “The problem is when there is a breach.”
Kosa railed against the payment card industry data security standards for not working. She said 21% of the companies that experienced the breach were certified as compliant. If gaining validation is only a snapshot in time, “what’s the point?” she asked.
Kosa also cited Google for its recent streetcar fiasco. Google caused a stir among privacy advocates when it admitted that its streetcar collected snippets of data. Kosa said an investigation by Canadian authorities found many of those snippets to be user names and passwords, email messages and other data that most people would consider confidential.
Kosa also explained that closed-circuit television monitoring, which is virtually everywhere in the UK and is gaining use in the United States, is another assault on privacy. While many CCTV advocates say people shouldn’t care about their privacy if they don’t have anything to hide, Kosa said people should be asking: “If I’m not doing anything wrong, why are you watching me?” Making the point even more salient, Kosa said: “Who is watching the watchers?”
“It’s not about what we have to hide it’s the fact that we have the right not to be observed,” she said.
(You can follow Tracy Ann Kosa on Twitter)