24 August 2017
Robert Siciliano

Identity Theft Expert

Robert Siciliano - IDTheftSecurity.com

739Posts 2,014,506Views 62Comments

Forget Privacy, Think Security

21 January 2010  |  3661 views  |  8

Everywhere you go there is a privacy advocate screaming to protect your privacy. Privacy advocates, bless them, are a dying breed. They fight for whatever privacy rights there are left and do their best to remain watchdogs. If your gig is privacy, my guess is you have lost all your hair and are popping Prozac to relieve the stress of todays anti-private society. And you are fully employed and very very busy.

My gripe, people are freaking about full body scanners at the airports and the privacy issues involved. This isn’t a privacy issue, it’s a security issue. If you have to show a black and white image of your bum bum to avoid the plane from being blown up, so be it. Otherwise don’t fly.

“Privacy is dead, deal with it,” Sun MicroSystems former CEO Scott McNealy was widely reported to have declared over a decade ago. Scott hit the nail on the head and shortly after Tila Tequila became a famous lesbian pinup on MySpace, the Real World of reality TV was born, and we’ve been tweeting tuna sandwiches ever since.

Mark Zuckerberg CEO of Facebook who was around 13 years old when McNealy made his statement recently re-affirmed it by saying  “… in the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that’s evolved over time.”

The fact is, “Privacy is an illusion, said Robert Siciliano CEO of IDTheftSecurity.com, “the focus today should be security, not privacy” he continued. That right there is a ready made quote for you to copy/paste and make me a sage like my two counterparts ~

Think of it like this: from birth you have a medical and birth record. These docs follow you everywhere in life and are filed and viewed by many. You can’t get admissions to schools, jobs or insurances without presenting these records. You are granted a Social Security number shortly after birth and that IS your National ID. Nine numbers that are connected to every financial, criminal and insurance record that makes up who you are and what you’ve done. But none of these docs are connected to you physically, which results in identity theft, a security issue.

Further, every time you visit a website with cookies enabled, use an ATM, credit card, RFID transponder on the highway toll, public transportation pass, make a call on a mobile phone, order a pizza over a home phone or simply use a computer to denote you ate that tuna, chances are – someone, somewhere – is recording that transaction and determining your location.

If you want to participate in society you have no choice but to give up your privacy. Fundamentally this is a trust issue. Humans lie and can’t be automatically trusted. We have considerable checks and balances in place to prevent lying from going unnoticed. Anonymity is dead due to the fact that bad guys try to hide or not pay. Transparency makes their chances of getting caught more likely. If you kill someone then drive down the highway, your chances of getting caught increase because your license plate is recorded through the toll. This is a good trade off for the family of the victim.

Knowing all this and understanding technologies impact on what you thought was privacy, should make you resigned to the fact that privacy is in-fact dead and an illusion. Now your focus needs to be security. Secure your financial identity so no-one can pose as you. Secure your online social media identity so no-one can pose as you. Secure your PC so no-one can take over your accounts.  And please, there is no sense in telling the world what you are doing and where you are every minute of the day. When you do this, you aren’t relinquishing privacy; you are compromising your personal security.

 

  • Get a credit freeze. Click on the preceding link and follow the steps for your particular state. This is an absolutely necessary tool to secure your credit. In most cases, it prevents new accounts from being opened in your name. This makes your Social Security number useless to a potential identity thief.

     

     

  • TagsSecurityRisk & regulation

    Comments: (14)

    Stephen Wilson
    Stephen Wilson - Lockstep Group - Sydney | 21 January, 2010, 10:38

    Without fail, when someone tries to tell you that privacy is over -- whether they're a politician, law enforcer, technologist or security adviser -- they are trying to sell you something.  The privacy-security dichotomy is pure propaganda. 

     

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Robert Siciliano
    Robert Siciliano - IDTheftSecurity.com - Boston | 21 January, 2010, 12:26

    Without fail Steven, you succeeded again, in saying nothing of value.

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Stephen Wilson
    Stephen Wilson - Lockstep Group - Sydney | 21 January, 2010, 18:09

    Crikey, that's harsh Rob!

    OK ... yes my gig is privacy, but I haven't lost my hair.  What stresses me is the anti-private elements that are striving to sell something.  Like full body scanners. If you're in favour of this technology, then let's see an argument for it rather than an opening attack on privacy advocates. Incidentally I am not against  body scanners per se, just the casual and intellectually lazy dismissal of privacy as being the enemy of security.

    Privacy is far from dead.  See the reactions to Google Chrome's Ts&Cs?  Or Facebook's occasional forays into monetising users' personal information? Or the popularity of Ann Cavoukian?  Privacy is alive and well.

    My detailed views on privacy, and in particular my radical ideas that we can enjoy and should privacy and security at the same time, are freely available in my publications library.

    Cheers,

    Stephen Wilson.

     

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Robert Siciliano
    Robert Siciliano - IDTheftSecurity.com - Boston | 21 January, 2010, 18:19

    Steven, my post isnt selling anything other than awareness. And a suggestion as to what you should do because of a flawed system that allows this to happen. I didnt bash privacy advocates, I said they have an uphill battle because privacy is on life support. And when you boil down a well thought article into "selling something" I say CRIKEY! Propaganda? Its an observation. What am I lobbying for? Personal security and responsibility. Thats it.

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Stephen Wilson
    Stephen Wilson - Lockstep Group - Sydney | 21 January, 2010, 19:04

    Sorry Robert, I don't buy it. You say you're not selling something, but you align yourself with the chief of Sun and the founder of Facebook, and then feed us a cute sound grab that provocatively polarises security and privacy. Don't you have time to look at the nuance?  If not, why not? 

    McNealy and Zuckerberg are clearly selling something!  Anyone who cites Zuckerberg as an authority on privacy has been zucked in.  Are we to all re-calibrate our privacy expectations in line with Tila Tequilla?  Isn't the social networking phenomenon just a little bit too new to stand the test as a new "social norm"?  The Facebook population is dominated by the young, who tend to be risk takers.  We don't let 21 year old males set road safety policy, and we shouldn't let them set privacy policy either. 

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Robert Siciliano
    Robert Siciliano - IDTheftSecurity.com - Boston | 21 January, 2010, 19:35

    Stephen, why dont you start writing posts instead of slamming those who do.

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Stephen Wilson
    Stephen Wilson - Lockstep Group - Sydney | 21 January, 2010, 20:59

    Rob, come off it.  I do write lots of posts, and lots and lots of papers, mostly optimistic, mostly constructive (especially in respect of the possibility of having privacy and security at the same time).

    I don't usually slam others, in fact I let most of your own posts "go through to the keeper" as we say in the cricketing world. 

    I did slam your post and really, you should not be surprised.  Surely you set out to provoke people by caricaturing privacy proponents?  You talk about 'screaming privacy advocates'. You state baldy that "privacy is in-fact dead and an illusion".  I'm very happy to debate real issues.  Like whether or not full body scanners will be effective (Bruce Schneier as usual is strong and careful on this topic).  But your advocacy of body scanners perversely opens, not with a security analysis, but with ambit claims that privacy is dead.

    Your privacy analysis is naive, so much so that it seems to be ideologically driven. Your assertion that "If you want to participate in society you have no choice but to give up your privacy" flies in the face of decades of law making in the USA.  Your statement that your "social Security number ... IS your National ID" is technically wrong.  There are laws that try to stop the SSN being a national ID.  Sure the laws don't work all that well, but the way you energetically capitalise "IS your national ID" is polemic, isn't it?  You're clearly playing the role of advocate, urging us to get over a lack of privacy, rather than maybe strengthen the law.

    You don't give credit to the subtley and complexity of these issues.  This is a classic furphy: "If you kill someone then drive down the highway, your chances of getting caught increase because your license plate is recorded through the toll. This is a good trade off for the family of the victim." But that's just a bit selective.  A counter example is the ability for wrong doers to track their victims by raiding honey pots like traffic data.  In Australia there are cases of serious crimes (in one case murder) being facilitated by database administrators looking up the home address of ex girlfriends. 

    You can't just go and automatically log everyone's movements because now and then some extra data has been useful to the police.  Rather than anecdotes, let's see a threat analysis that shows the real benefits of e.g. recording all number plates on motorways, and an analysis that fairly looks at the likely evasive responses of your intended targets.  Like, maybe your fleeing murderer will think of using the backroads?

    Privacy 101 holds that personal information should not be collected without a reason.  Blithely ignoring this principle as you appear to, sets up just as many dangerous scenarios as good ones.

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Robert Siciliano
    Robert Siciliano - IDTheftSecurity.com - Boston | 21 January, 2010, 21:24

    Within 5 years my observation will ring true and be accepted by the masses. And privacy will be 8 track taped. The cattle dont care. They want fast, easy, convenient, now.

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Stephen Wilson
    Stephen Wilson - Lockstep Group - Sydney | 21 January, 2010, 23:47

    And that's not just propaganda, but it's astonishingly contemptuous to boot. Who are you to refer to people as "cattle"? 

    Do you seriously think that three years of Facebook plus another five years for your prediction is enough time to adjudge the death of privacy, one of the pillars of civilisation?  Or is it just self-evident that temporary inhibition on the part of selected exuberant twenty-somethings (lubricated by the sheer fun of online social networking) equates to the rest of society changing their deep values?

    Maybe you're right, in which case I expect to see on the Internet in 2016 the vote you cast in the Presidential Election, your salary, your census form, all your medical records, and the odd picture of you snapped through the bedroom window by the Google Streetview camera when you forgot to shut the curtains. 

    Seriously, to brand privacy as an "illusion" while putting the still embryonic Facebook experience on a social policy pedestal, is a fantastic double standard.

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Robert Siciliano
    Robert Siciliano - IDTheftSecurity.com - Boston | 22 January, 2010, 00:10

    MOOOOOOOOOOOO

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Elizabeth Lumley
    Elizabeth Lumley - Girl, Disrupted - Crayford | 22 January, 2010, 10:50

    Boys, keep it civil. Keep the farmyard animals out of it.

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Stephen Wilson
    Stephen Wilson - Lockstep Group - Sydney | 23 January, 2010, 23:51

    If I may, I'd like to keep debating the substantive issues in what was held up to be a 'well thought' blog post. These are important issues, I'm sure all would agree.

    "Forget privacy, think security" Rob loudly proclaimed before going gleefully to the latest poster-child for the privacy-is-dead movement: full body scanners.

    ... people are freaking about full body scanners at the airports and the privacy issues involved. This isn’t a privacy issue, it’s a security issue. If you have to show a black and white image of your bum bum to avoid the plane from being blown up, so be it. Otherwise don’t fly.

    But if we run with scanners as a security issue, we don't get very far.  In a recent exercise in Germany, a scanner failed to detect explosives secreted on a subject's body. Bruce Schneier's conclusion: "Full-body scanners: they're not just a dumb idea, they don't actually work".

    And so it seems privacy really is the issue after all.  The example of the full body scanner was used as a Trojan Horse to deliberately polarise the debate, to make privacy advocates appear as though they have their priorities wrong.  

    These privacy-vs-security strawmen arguments turn out to be pointless when the security doesn't actually work.  National security advocates do have a point that privacy should not trump safety, but nobody ever said it should.  What privacy advocates call for is genuine risk analysis, and a skeptical, less trigger-happy approach to each new gadget.

    I say security theatre should not be allowed to automatically trump human rights.

     

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Robert Siciliano
    Robert Siciliano - IDTheftSecurity.com - Boston | 24 January, 2010, 01:47

    security theatre should not be allowed to automatically trump human rights.

    Agreed.

    " Bruce Schneier's conclusion: "Full-body scanners: they're not just a dumb idea, they don't actually work"."

    Neither you, I or Schneier are experts in body scanners. But to say they dont work without a conclusive extraneous study is unacceptable. Nothing works 100%. Maybe body scanners 1.0 dont work that great. In 5 years maybe they will. Technology gets better. 

    My point wasnt about a single gadget, my point was that going back at least 10-15 years, we have become a culture that lives in the fishbowl, a far from embryonic 300-400 million Facebookers are content with it. And when people scream they want privacy, but give up all their data to get a 10% discount at a shoe store, they contradict themselves, show their ignorance, then vote privacy and make the job of the security professional difficult. And in some cases impossible.

    Too much security isnt implemented because of privacy issues.

    REAL ID Act is a perfect example. Politicians pander to voters privacy fears and stall implementation of identification standards. REAL ID isnt a privacy issue. Its a security issue. But the masses dont understand the issue and listen to an even less informed politican.

    I work diligently to shield my privacy (my family for example), but not for the sake of privacy, I do it for security.

     

     

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Stephen Wilson
    Stephen Wilson - Lockstep Group - Sydney | 25 January, 2010, 04:58

    Thanks Rob.

    Re body scanners, you say: "Nothing works 100%. Maybe body scanners 1.0 dont work that great. In 5 years maybe they will. Technology gets better."

    You might be right (and I sincerely hope you are; I am all for improved airport scanning).  But if scanners today "don't work that great", then I think it's incumbent on you to be more cautious about their potential adverse effects.  The way you used body scanners to condemn privacy advocates seemed to be based on a presumption that the technology today is working perfectly.

    My point was that going back at least 10-15 years, we have become a culture that lives in the fishbowl, a far from embryonic 300-400 million Facebookers are content with it. And when people scream they want privacy, but give up all their data to get a 10% discount at a shoe store, they contradict themselves, show their ignorance, then vote privacy and make the job of the security professional difficult ...

    Well I think you're exagerating a bit that people will "give up all their data" for that discount; many shoppers are more canny than that, and will consciously manage the stories they tell retailers about themselves. Also, Facebook users are not all "content"  Many of them get pretty shirty when the organisation exploits their information.

    Having said that, I do agree that people are all over the place.  As Daniel Solove wrote, "Privacy is a concept in disarray. Nobody can articulate what it means".  Not that privacy is dead mind you.  

    So I have three observations to offer on the above paragraph.  First, it's still early days isn't it?  A lot more research needs to be done before we know what the Facebook experience means for social policy.  300-400 million looks like a big number, but what does it really mean?  Is this cohort representative of society at large?

    Second, if we're living in a fish bowl, then it is not entirely by choice.  Generally speaking, nobody has asked for their number plates to be logged, for Google to publish photos of their houses and street numbers (together with their cars and boats), for their bus tickets to be linked to their credit cards, or for their different financial data streams to all be joined up.  The idea that consenting Facebook users care less about privacy (even if it's true) is totally separate from the rise of surreptitious and un-consented surveillance.

    And third, a lot of this points to the rich complexity of the human condition! People are contradictory.  I would agree that the majority of Internet users probably don't have much of a clue about what's going on under the covers, but my response is that they need better protection, including protection from themselves.

     

    Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
    Comment on this story (membership required)

    Latest posts from Robert

    What Was Scary About Blackhat 2017?

    02 August 2017  |  5616 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Black Hat 2017 was an Amazing Event

    29 July 2017  |  6245 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Blackhat Hackers Love Office Printers

    28 July 2017  |  4919 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Getting Owned or Pwned SUCKS!

    13 June 2017  |  5588 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Parents Beware of Finstagram

    27 April 2017  |  5083 views  |  0 comments | recomends Recommends 0 TagsSecurity

    Robert's profile

    job title Security Analyst
    location Boston
    member since 2010
    Summary profile See full profile »
    Security analyst, published author, television news correspondent. Deliver presentations throughout the United States, Canada and internationally on identity theft protection and personal security....

    Robert's expertise

    Member since 2009
    732 posts62 comments

    Who's commenting on Robert's posts

    Ketharaman Swaminathan
    Adedeji Olowe