Image from Unsplash |
It's
crazy that as a citizen you have to worry about your privacy. In the past, when
Roger Moore still was James Bond, you only had to worry about external interest
in your doings if you were a special company or a government. But nowadays?
Everything has a privacy policy these days. And that means that your privacy is
at stake everywhere. Otherwise that policy would not be necessary.
Well,
the tone has been set for European Privacy Day, January 28. Apparently that day
is necessary, too. Witness also this musing of Omri Elisha, professor of
anthropology in New York:
We
memorized phone numbers.
We memorized driving directions.
No one knew what we looked like.
No one could reach us.
We were god.
In
those days, as a child you played outside with your friends, randomly ringing their
doorbells or finding them somewhere outside. As a boy you wore rubber boots and
preferred to play at the local mud puddle. At most you had a watch and a time
when your mother told you to be home (and hopefully there was time taken into
account to get you to the table clean). Yes, we were those gods, we just didn't
realize it.
As a
parent I look at this differently. It's quite nice to have your children under
the digital button - at least when they respond to you. Are you worried because
they are not home yet, or do you want them to run an errand? Sending an app
usually works wonders. Are they going somewhere? They can then text that they
have arrived safely, or they share their live location so that you know where
they are in case of emergency. It also works the other way around: if help is
needed, mom and dad are easily accessible. The price for this comforting
technology is privacy. But because the children of this century don't know any
better, they don't miss it.
Nowadays
one hardly buys any device with a power plug that is not subject to a privacy
policy. If you do not agree to it, you cannot use it. Not a soul reads it,
everyone blindly agrees. If only because they are always those long, tough
stories. You almost wish it just said: All data that this product collects
about you and your environment may be used at the sole discretion of the
manufacturer and all its business partners. I know of one case where this
actually happens. If you travel to the US and come from a friendly country, you
do not need a visa. Instead, you can simply apply for an ESTA (Electronic
System for Travel Authorization) online. If you enter that process, you will
receive an unmistakable security notification, which starts as follows:
You
are about to access a Department of Homeland Security computer system. This
computer system and data therein are property of the US Government and provided
for official US Government information and use. There is no expectation of
privacy when you use this computer system. The use of a password or any other
security measure does not establish an expectation of privacy.
It's
that simple: don’t expect any privacy when using this system. Even security
measures that might give the impression of privacy are not there for your
privacy. It reminds me of the greeting of the Borg in Star Trek (see this
Security (b)log). Fortunately, how
different things are with our own government, where people generally do their
utmost to guarantee our privacy.
I
recently wanted to return a product. The webshop was to send me a DHL shipping
label. I received an email from DHL containing not only my shipping label, but
also those of a few other customers. The webshop itself had not received those
labels. It’s just a small thing, but it does indicate how easily personal data
can leak.
The
drained weight is stated on vegetable jars - how many grams of vegetables are
in it, without the liquid? Perhaps websites should also place such a notice:
given our security level, there is a 5/25/50/75/100% chance that your data will
go down the drain.
And in the big bad world...
This section contains a selection of news articles I came across in the
past week. Because the original version of this blog post is aimed at readers
in the Netherlands, it contains some links to articles in Dutch. Where no
language is indicated, the article is in English.
- A tool like this makes all privacy policies pretty worthless.
- privacy
officers are
having a
hard time. [DUTCH]
- Microsoft gives us a glimpse into a state actor attack on their systems.
- the British mapped out the impact of AI on cybersecurity.
- the Russians are spying on both Microsoft and HP.
- American investigators had a murderer's face reconstructed using DNA, and then they wanted to run it through facial recognition.
- at the end of the last century, the NSA feared the Furby.
- Many security products need a better user interface.
- the
University of Twente researched the decision-making process of ransomware
victims. [DUTCH]
- Click here for the full report. [DUTCH]
- finding security vulnerabilities is not always appreciated.