Who knows your business? Well, if you're on the Internet, use a cellphone, or rely on electronic records of any sort, you're pretty much an open book. And there's more malice afoot than the passive footprints of Web browsing or wireless roaming might suggest.
Hospital employees, phone company personnel, and Chinese intelligence are just a few of the parties with a keen interest in you, and if you're a celebrity or government employee, you're even more of a catch.
None of this will come as news to privacy advocates or those who track eavesdropping headlines. What's noteworthy is that access to personal or even classified data seems to get easier all the time -- and more valuable.
Take, for example, the former healthcare worker who recently admitted to selling info to the National Enquirer from the medical files of Farrah Fawcett and Britney Spears. Lawanda Jackson made at least $4,600 from the tabloid and now faces up to 10 years in prison and a $250,000 fine for her tattling.
Curiosity didn't kill any phone company employees, but in a recent case, it did get them fired. Verizon Wireless acknowledged an unspecified number of employees viewed the usage records on the inactive account of President-elect Barack Obama, in violation of the Telephone Records and Privacy Protection Act. The wireless carrier at first put the employees on leave, then fired them right before Thanksgiving, though there was no evidence they sold or profited from the info they found.
Sniffing and hoovering of wireless devices isn't new or unique either, but BlackBerries have become sufficiently integrated into the business fabric that White House staff must turn off their BlackBerries -- and leave them off -- when they're in China. Though intra-staff communications are reportedly all encrypted, security officials are apparently concerned about the flypaper quality of Bluetooth and the prospect of eavesdropping malware that could get deposited on the handhelds, malware that's notoriously hard to detect.
Still feeling smug and protected? "I've never won a Grammy or been appointed to a blue-ribbon anything," you may tell yourself. For a measly $10, these folks can tell an interested third-party all sorts of things about you; for $40, they may also be able to discern your mother's maiden name, your pet's name, your Social Security number, where you went to elementary school -- all those fun password questions.
How soon before we see some backlash, coupled with demands for an anonymous Web? Sometime in the new year? Don't hold your breath -- but if you do, we're all sure to know about it.
This blog is part of Internet Evolution's Security Clan, which examines the future of Internet security and the changing nature of risks and vulnerabilities. Register here to join the Security Clan and for a chance at all kinds of free stuff.
I was not trying to dispute Terry's post, but was trying to point out that whether you may have a choice or not, that still doesn't protect you from unintended uses. I don't believe I was contradicting Terry's post.
While I see the validity in what you are trying to say about choices, I don't think it is as simple as that. There are areas where there is a choice and there are those where there is not. I agree that users should be aware of the "intended" uses of their data, as you point out in your post about choices. My bigger concern is unintended use.
Sure you can choose not to give your personal information to your local grocery store and not get the added savings in exchange for their collection of data on your shoppng trends. You can not register your software, because you don't like the fact that the vendor says they can share marketing information (though most state anonymously).
However, what choice does a veteran have when applying for veteran's benefits? What choice does a student have when applying for federal aid? Though you may decide not to bank online, your information is still stored with the bank.
I would argue that those areas where you don't really have the choice collect more damaging information than the others. Does opting out of those less necessary services really increase my privacy.
So, given that my local veteran's administration needs this information to process my benefits and I need my benefits, what expectation of privacy should I have?
Terry's blog was just that, about information that can be gleaned from the Internet not necessarily information lost to a breach. However, regarding you concerns about information loss to breaches, let's discuss.
My prior post discussed the choices that you can make to increase your privacy. Let's use a different analogy.
Choosing a bank. When you are looking for a place to put your money, you would not put it in a bank that was all over the news as not being sound or secure.You would want assurances that your money is safe. We may not be as concerned today regarding our money's safety because of the FDIC. However, I know that I am concerned that my bank will be there in the future.
Terry's concern about not having any real privacy is not a necessarily a new one. Sun Chairman Scott McNealy is quoted as saying "you have no privacy -- get over it," back in 1999. Maybe we should just admit that privacy as we used to know it is dead.
The items you mention only apply to the "intended" use of your information and not the "accidental" disclosure that takes place when the company is breached, a laptop is lost/stolen, or a backup tape is missing.
Those cases are not normally covered in the privacy policy or EULA. As users we have a certain expectation of privacy with regards to how are data is used. We agree it is acceptable to use in accordance with the privacy policy or EULA (whether we actually read it or not).
That being said, we should not be so naive as to not expect the risk of exposure of our private information. We expect that a company conducts due diligence in protecting that information. Especially those of use in the security field, we know that nothing is 100% secure. At that point it comes down to whether the incident/breach was a result of negligence.
You have the choice to read the EULA when you install a new application and either uninstall or follow though.
You have the choice to read the privacy statement from the site you visit prior to divulging any personal information.
You have the choice to connect to that free wifi while at Starbucks or just enjoy your beverage with a good book.
The choices that you make decide on the level of privacy you will have. Let's not complain about the lack of privacy we get when we are all responsible for our own actions.
Our data , personal identity which we keep posting to register to any site, taking surveys , etc are no more remains confidential. They are selling our identities to third parties without even letting us know what they are going to do about our data.
These data who knows going to illegal hands doing crimes on our names. so we have to keep an eye on all those who are giving our data to any third party.
If these ISPs , or agencies give our data to any other party there should be a record and we should get acknowledgement for the same.
there's really good stuff out here this morning,-- kudos to all!
one of the things I note for interested folks these days is that even if you are not an internet user your personal identity is probably circulating in the underground/cybercrime information sales windows
we should all proceed with life based on the note that our information has most likely been compromised by careless business people and is now in the hands of the cyber-criminals
as a result each of us needs to attend our personal defense. Life-lock or Privacy Guard (I have mine through Chase) is probably a good idea in today's world and I advise my friends to avail themselves of such service in addition to the customary Best Practices that we all apply to our personal lives already.
the key here is that we all need to go on about our lives on the basis that our identities have already been stolen -- perhaps just not used yet by the cyber crooks
we are supposed to reflect upon the Future of the Internet here, at least from time to time and so I'll do that just a bit here this morning
as soon as we are able to embarass our vendors into providing effective computer secuurity computer based data transmissions will become secure and our personal information will be MUCH safer online than it ever was on paper media
our grandchildren will look back on the Days of Cowboy Computing and wonder "How did those guys make it?"
Many organizations are learning the hard way about the security controls they need to have in place. The concepts of physical security and least privilege need to be considered much more often. Where are the medical records stored? Who has access to those areas? What prevents people without legitimate access to those areas from coming in? Did the Verizon employees who accessed Obama's records have a need for access to records of that type? And so forth...
And then there are those backup tapes that go missing or fall off the truck...
There's enough information out there on most people these days, it is trivial to get. Common ones include.
1) Facebook and MySpace, etc.. It's not just what you post, but what your friends may post.
2) LinkedIn - no different, and perhaps even worse. I recently pulled my LinkedIn profile. As a security professional I woke up to the fact that the profile was more of a security risk than it was a valuable networking tool.
3) Public records - more and more public records are finding their way online.
4) Online newsletters - I was able to find a long lost friend by searching for his name and his profession. I found him in a newsletter where he was given an award for his printing services. From this newsletter, I was able to track down his employer and eventually connected with him.
5) Employees using work email to send to groups/forums/etc... This is my petpeeve. I was guilty of it once in my early days. It's really bad when the employee posts questions to forums about their business problems with technology (especially vulnerabilities and how to patch them) - not privacy per se, but along the same lines.
6) Dumpster diving is still a valid tool - don't knock it. People throw away their snail mail and printouts with sensitive information all the time. I recently received a credit card statement that appropriately had the first 12 digits of my credit card number portrayed as Xs. I then noticed that at the bottom of the payment stub there was a long line of numbers in MICR font - within the middle of that string was the full credit card number - uh, can you say PCI?
Perhaps one of the scariest breaches of our information is just how much of government is being privatized. Everything from IRS collections to welfare payments. It's not that I believe that government is such a good protector of privacy, it's just that once personal data is sent from the government, which has a reasonably clear Constitutional duty to safeguard personal data, to the hands of the minimum wage worker of a private company, well, the Constitutional guarantees and duties become pretty murky in their application.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
If you were serious about good dental hygiene, you wouldn't floss, brush, then gargle only to tear into a package of Oreos five minutes later. Why, then, are so many of the world's biggest companies essentially doing the same thing where enterprise security is concerned?
Since security startups that scan baggage and passengers are all the rage now, this is probably as good a time as any to reconcile ourselves to racial profiling and other stereotyping that will come with them.
Google (Nasdaq: GOOG) is engaging in some very high-stakes gamesmanship, and it's picked an appropriately formidable opponent in the shape of the Chinese government.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
Techies are going crazy over the possibility that Google might design and sell its own Android phone. Some writers say it's a very big deal. Reiter questions whether it will happen and, if it does, whether it even matters.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
More companies are trolling social networks to find and vet potential job candidates. Beware the pitfalls of blurring the line between personal and professional lives.
It is 20 years since the invention of the World Wide Web, and the Internet has changed beyond recognition since then. Steve Saunders peers into the future to predict what the Web will look like in another 20 years time – and he doesn’t like what he sees.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
