Welcome to Finextra. We use cookies to help us to deliver our services. We'll assume you're ok with this, but you may change your preferences at our Cookie Centre.
Please read our Privacy Policy.

Accept
Channels
Blog article
See all stories »

Channels

Security Regulation & Compliance
External | what does this mean?
This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Forget Privacy, Think Security

Everywhere you go there is a privacy advocate screaming to protect your privacy. Privacy advocates, bless them, are a dying breed. They fight for whatever privacy rights there are left and do their best to remain watchdogs. If your gig is privacy, my guess is you have lost all your hair and are popping Prozac to relieve the stress of todays anti-private society. And you are fully employed and very very busy.

My gripe, people are freaking about full body scanners at the airports and the privacy issues involved. This isn’t a privacy issue, it’s a security issue. If you have to show a black and white image of your bum bum to avoid the plane from being blown up, so be it. Otherwise don’t fly.

“Privacy is dead, deal with it,” Sun MicroSystems former CEO Scott McNealy was widely reported to have declared over a decade ago. Scott hit the nail on the head and shortly after Tila Tequila became a famous lesbian pinup on MySpace, the Real World of reality TV was born, and we’ve been tweeting tuna sandwiches ever since.

Mark Zuckerberg CEO of Facebook who was around 13 years old when McNealy made his statement recently re-affirmed it by saying  “… in the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that’s evolved over time.”

The fact is, “Privacy is an illusion, said Robert Siciliano CEO of IDTheftSecurity.com, “the focus today should be security, not privacy” he continued. That right there is a ready made quote for you to copy/paste and make me a sage like my two counterparts ~

Think of it like this: from birth you have a medical and birth record. These docs follow you everywhere in life and are filed and viewed by many. You can’t get admissions to schools, jobs or insurances without presenting these records. You are granted a Social Security number shortly after birth and that IS your National ID. Nine numbers that are connected to every financial, criminal and insurance record that makes up who you are and what you’ve done. But none of these docs are connected to you physically, which results in identity theft, a security issue.

Further, every time you visit a website with cookies enabled, use an ATM, credit card, RFID transponder on the highway toll, public transportation pass, make a call on a mobile phone, order a pizza over a home phone or simply use a computer to denote you ate that tuna, chances are – someone, somewhere – is recording that transaction and determining your location.

If you want to participate in society you have no choice but to give up your privacy. Fundamentally this is a trust issue. Humans lie and can’t be automatically trusted. We have considerable checks and balances in place to prevent lying from going unnoticed. Anonymity is dead due to the fact that bad guys try to hide or not pay. Transparency makes their chances of getting caught more likely. If you kill someone then drive down the highway, your chances of getting caught increase because your license plate is recorded through the toll. This is a good trade off for the family of the victim.

Knowing all this and understanding technologies impact on what you thought was privacy, should make you resigned to the fact that privacy is in-fact dead and an illusion. Now your focus needs to be security. Secure your financial identity so no-one can pose as you. Secure your online social media identity so no-one can pose as you. Secure your PC so no-one can take over your accounts.  And please, there is no sense in telling the world what you are doing and where you are every minute of the day. When you do this, you aren’t relinquishing privacy; you are compromising your personal security.

 

  • Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

     

     

    • 4098

    Channels

    Security Regulation & Compliance
    External | what does this mean?
    This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.
    Report abuse

    Comments: (14)

    Stephen Wilson
    Stephen Wilson - Lockstep Consulting - Sydney 21 January, 2010, 10:38Be the first to give this comment the thumbs up 0 likes

    Without fail, when someone tries to tell you that privacy is over -- whether they're a politician, law enforcer, technologist or security adviser -- they are trying to sell you something.  The privacy-security dichotomy is pure propaganda. 

     

    Report abuse
    Robert Siciliano
    Robert Siciliano - Safr.me - Boston 21 January, 2010, 12:26Be the first to give this comment the thumbs up 0 likes

    Without fail Steven, you succeeded again, in saying nothing of value.

    Report abuse
    Stephen Wilson
    Stephen Wilson - Lockstep Consulting - Sydney 21 January, 2010, 18:09Be the first to give this comment the thumbs up 0 likes

    Crikey, that's harsh Rob!

    OK ... yes my gig is privacy, but I haven't lost my hair.  What stresses me is the anti-private elements that are striving to sell something.  Like full body scanners. If you're in favour of this technology, then let's see an argument for it rather than an opening attack on privacy advocates. Incidentally I am not against  body scanners per se, just the casual and intellectually lazy dismissal of privacy as being the enemy of security.

    Privacy is far from dead.  See the reactions to Google Chrome's Ts&Cs?  Or Facebook's occasional forays into monetising users' personal information? Or the popularity of Ann Cavoukian?  Privacy is alive and well.

    My detailed views on privacy, and in particular my radical ideas that we can enjoy and should privacy and security at the same time, are freely available in my publications library.

    Cheers,

    Stephen Wilson.

     

    Report abuse
    Robert Siciliano
    Robert Siciliano - Safr.me - Boston 21 January, 2010, 18:19Be the first to give this comment the thumbs up 0 likes

    Steven, my post isnt selling anything other than awareness. And a suggestion as to what you should do because of a flawed system that allows this to happen. I didnt bash privacy advocates, I said they have an uphill battle because privacy is on life support. And when you boil down a well thought article into "selling something" I say CRIKEY! Propaganda? Its an observation. What am I lobbying for? Personal security and responsibility. Thats it.

    Report abuse
    Stephen Wilson
    Stephen Wilson - Lockstep Consulting - Sydney 21 January, 2010, 19:04Be the first to give this comment the thumbs up 0 likes

    Sorry Robert, I don't buy it. You say you're not selling something, but you align yourself with the chief of Sun and the founder of Facebook, and then feed us a cute sound grab that provocatively polarises security and privacy. Don't you have time to look at the nuance?  If not, why not? 

    McNealy and Zuckerberg are clearly selling something!  Anyone who cites Zuckerberg as an authority on privacy has been zucked in.  Are we to all re-calibrate our privacy expectations in line with Tila Tequilla?  Isn't the social networking phenomenon just a little bit too new to stand the test as a new "social norm"?  The Facebook population is dominated by the young, who tend to be risk takers.  We don't let 21 year old males set road safety policy, and we shouldn't let them set privacy policy either. 

    Report abuse
    Robert Siciliano
    Robert Siciliano - Safr.me - Boston 21 January, 2010, 19:35Be the first to give this comment the thumbs up 0 likes

    Stephen, why dont you start writing posts instead of slamming those who do.

    Report abuse
    Stephen Wilson
    Stephen Wilson - Lockstep Consulting - Sydney 21 January, 2010, 20:59Be the first to give this comment the thumbs up 0 likes

    Rob, come off it.  I do write lots of posts, and lots and lots of papers, mostly optimistic, mostly constructive (especially in respect of the possibility of having privacy and security at the same time).

    I don't usually slam others, in fact I let most of your own posts "go through to the keeper" as we say in the cricketing world. 

    I did slam your post and really, you should not be surprised.  Surely you set out to provoke people by caricaturing privacy proponents?  You talk about 'screaming privacy advocates'. You state baldy that "privacy is in-fact dead and an illusion".  I'm very happy to debate real issues.  Like whether or not full body scanners will be effective (Bruce Schneier as usual is strong and careful on this topic).  But your advocacy of body scanners perversely opens, not with a security analysis, but with ambit claims that privacy is dead.

    Your privacy analysis is naive, so much so that it seems to be ideologically driven. Your assertion that "If you want to participate in society you have no choice but to give up your privacy" flies in the face of decades of law making in the USA.  Your statement that your "social Security number ... IS your National ID" is technically wrong.  There are laws that try to stop the SSN being a national ID.  Sure the laws don't work all that well, but the way you energetically capitalise "IS your national ID" is polemic, isn't it?  You're clearly playing the role of advocate, urging us to get over a lack of privacy, rather than maybe strengthen the law.

    You don't give credit to the subtley and complexity of these issues.  This is a classic furphy: "If you kill someone then drive down the highway, your chances of getting caught increase because your license plate is recorded through the toll. This is a good trade off for the family of the victim." But that's just a bit selective.  A counter example is the ability for wrong doers to track their victims by raiding honey pots like traffic data.  In Australia there are cases of serious crimes (in one case murder) being facilitated by database administrators looking up the home address of ex girlfriends. 

    You can't just go and automatically log everyone's movements because now and then some extra data has been useful to the police.  Rather than anecdotes, let's see a threat analysis that shows the real benefits of e.g. recording all number plates on motorways, and an analysis that fairly looks at the likely evasive responses of your intended targets.  Like, maybe your fleeing murderer will think of using the backroads?

    Privacy 101 holds that personal information should not be collected without a reason.  Blithely ignoring this principle as you appear to, sets up just as many dangerous scenarios as good ones.

    Report abuse
    Robert Siciliano
    Robert Siciliano - Safr.me - Boston 21 January, 2010, 21:24Be the first to give this comment the thumbs up 0 likes

    Within 5 years my observation will ring true and be accepted by the masses. And privacy will be 8 track taped. The cattle dont care. They want fast, easy, convenient, now.

    Report abuse
    Stephen Wilson
    Stephen Wilson - Lockstep Consulting - Sydney 21 January, 2010, 23:47Be the first to give this comment the thumbs up 0 likes

    And that's not just propaganda, but it's astonishingly contemptuous to boot. Who are you to refer to people as "cattle"? 

    Do you seriously think that three years of Facebook plus another five years for your prediction is enough time to adjudge the death of privacy, one of the pillars of civilisation?  Or is it just self-evident that temporary inhibition on the part of selected exuberant twenty-somethings (lubricated by the sheer fun of online social networking) equates to the rest of society changing their deep values?

    Maybe you're right, in which case I expect to see on the Internet in 2016 the vote you cast in the Presidential Election, your salary, your census form, all your medical records, and the odd picture of you snapped through the bedroom window by the Google Streetview camera when you forgot to shut the curtains. 

    Seriously, to brand privacy as an "illusion" while putting the still embryonic Facebook experience on a social policy pedestal, is a fantastic double standard.

    Report abuse
    Robert Siciliano
    Robert Siciliano - Safr.me - Boston 22 January, 2010, 00:10Be the first to give this comment the thumbs up 0 likes

    MOOOOOOOOOOOO

    Report abuse
    Elizabeth Lumley
    Elizabeth Lumley - Girl, Disrupted - Crayford 22 January, 2010, 10:50Be the first to give this comment the thumbs up 0 likes

    Boys, keep it civil. Keep the farmyard animals out of it.

    Report abuse
    Stephen Wilson
    Stephen Wilson - Lockstep Consulting - Sydney 23 January, 2010, 23:51Be the first to give this comment the thumbs up 0 likes

    If I may, I'd like to keep debating the substantive issues in what was held up to be a 'well thought' blog post. These are important issues, I'm sure all would agree.

    "Forget privacy, think security" Rob loudly proclaimed before going gleefully to the latest poster-child for the privacy-is-dead movement: full body scanners.

    ... people are freaking about full body scanners at the airports and the privacy issues involved. This isn’t a privacy issue, it’s a security issue. If you have to show a black and white image of your bum bum to avoid the plane from being blown up, so be it. Otherwise don’t fly.

    But if we run with scanners as a security issue, we don't get very far.  In a recent exercise in Germany, a scanner failed to detect explosives secreted on a subject's body. Bruce Schneier's conclusion: "Full-body scanners: they're not just a dumb idea, they don't actually work".

    And so it seems privacy really is the issue after all.  The example of the full body scanner was used as a Trojan Horse to deliberately polarise the debate, to make privacy advocates appear as though they have their priorities wrong.  

    These privacy-vs-security strawmen arguments turn out to be pointless when the security doesn't actually work.  National security advocates do have a point that privacy should not trump safety, but nobody ever said it should.  What privacy advocates call for is genuine risk analysis, and a skeptical, less trigger-happy approach to each new gadget.

    I say security theatre should not be allowed to automatically trump human rights.

     

    Report abuse
    Robert Siciliano
    Robert Siciliano - Safr.me - Boston 24 January, 2010, 01:47Be the first to give this comment the thumbs up 0 likes

    security theatre should not be allowed to automatically trump human rights.

    Agreed.

    " Bruce Schneier's conclusion: "Full-body scanners: they're not just a dumb idea, they don't actually work"."

    Neither you, I or Schneier are experts in body scanners. But to say they dont work without a conclusive extraneous study is unacceptable. Nothing works 100%. Maybe body scanners 1.0 dont work that great. In 5 years maybe they will. Technology gets better. 

    My point wasnt about a single gadget, my point was that going back at least 10-15 years, we have become a culture that lives in the fishbowl, a far from embryonic 300-400 million Facebookers are content with it. And when people scream they want privacy, but give up all their data to get a 10% discount at a shoe store, they contradict themselves, show their ignorance, then vote privacy and make the job of the security professional difficult. And in some cases impossible.

    Too much security isnt implemented because of privacy issues.

    REAL ID Act is a perfect example. Politicians pander to voters privacy fears and stall implementation of identification standards. REAL ID isnt a privacy issue. Its a security issue. But the masses dont understand the issue and listen to an even less informed politican.

    I work diligently to shield my privacy (my family for example), but not for the sake of privacy, I do it for security.

     

     

    Report abuse
    Stephen Wilson
    Stephen Wilson - Lockstep Consulting - Sydney 25 January, 2010, 04:58Be the first to give this comment the thumbs up 0 likes

    Thanks Rob.

    Re body scanners, you say: "Nothing works 100%. Maybe body scanners 1.0 dont work that great. In 5 years maybe they will. Technology gets better."

    You might be right (and I sincerely hope you are; I am all for improved airport scanning).  But if scanners today "don't work that great", then I think it's incumbent on you to be more cautious about their potential adverse effects.  The way you used body scanners to condemn privacy advocates seemed to be based on a presumption that the technology today is working perfectly.

    My point was that going back at least 10-15 years, we have become a culture that lives in the fishbowl, a far from embryonic 300-400 million Facebookers are content with it. And when people scream they want privacy, but give up all their data to get a 10% discount at a shoe store, they contradict themselves, show their ignorance, then vote privacy and make the job of the security professional difficult ...

    Well I think you're exagerating a bit that people will "give up all their data" for that discount; many shoppers are more canny than that, and will consciously manage the stories they tell retailers about themselves. Also, Facebook users are not all "content"  Many of them get pretty shirty when the organisation exploits their information.

    Having said that, I do agree that people are all over the place.  As Daniel Solove wrote, "Privacy is a concept in disarray. Nobody can articulate what it means".  Not that privacy is dead mind you.  

    So I have three observations to offer on the above paragraph.  First, it's still early days isn't it?  A lot more research needs to be done before we know what the Facebook experience means for social policy.  300-400 million looks like a big number, but what does it really mean?  Is this cohort representative of society at large?

    Second, if we're living in a fish bowl, then it is not entirely by choice.  Generally speaking, nobody has asked for their number plates to be logged, for Google to publish photos of their houses and street numbers (together with their cars and boats), for their bus tickets to be linked to their credit cards, or for their different financial data streams to all be joined up.  The idea that consenting Facebook users care less about privacy (even if it's true) is totally separate from the rise of surreptitious and un-consented surveillance.

    And third, a lot of this points to the rich complexity of the human condition! People are contradictory.  I would agree that the majority of Internet users probably don't have much of a clue about what's going on under the covers, but my response is that they need better protection, including protection from themselves.

     

    Report abuse
    Join the discussion
    Robert Siciliano

    Robert Siciliano

    Security Analyst

    Safr.me

    Member since

    04 Feb 2009

    Location

    Boston

    Blog posts

    839

    Comments

    62

    More from Robert

    Community
    See all blogs »
    Fintech 

    How innovation in encryption is helping secure the credit card approval process

    Ghazi Ben Amor

    Ghazi Ben Amor

    Operational Risk Management 

    DORA – Navigating the EU’s Operational Resilience Landscape

    Antony Fung

    Antony Fung

    Fintech 

    The importance of risk management in trading

    Kate Leaman

    Kate Leaman

    Digital Identity Management 

    Navigating the digital identity landscape: A blueprint for financial services competitiveness

    Adam Preis

    Adam Preis

    Now hiring

    See more