Computer Secruity, Computer Security, Cybersecurity, Tech Leadership, US Federal Government Oversight

Personal Privacy – A Mirage in today’s Tech World? Call to action to protect us!

Swami

Are we giving up our privacy for convenience without thinking about the consequences? It seems that we all desire data privacy, but our actions often seem to indicate otherwise!

We have always been calling for users to be careful of what they post online. My kids are familiar with my saying to them all the time “think before posting / texting / tweeting anything online… because once you do, it will stay there forever!”. It is our view that people do not fully appreciate how pervasive our online digital footprint is and the amount of information (related every aspect of our life) that can be extracted from these “aggregated datasets“.

Take for instance Amazon’s Alexa (or similar devices) – people love the fact that it understands their voice commands and responds to things like turning off the lights, playing their favorite song, changing the temperature in the room etc. However, do you know that for Alexa to work, this device in their house has to be listening all the time waiting for key word “Alexa”! Hence, did you know that everything said around Alex is being picked up, recorded and saved in servers somewhere? How long is this data stored and backed up? When is this deleted? It is our understanding that Amazon has never answered these questions fully! {Hence, we have resisted the temptation to buy these type of devices so far to maintain some semblance of privacy at home}.

In fact, a news item today stated that Google (Alphabet) have a microphone installed inside their NEST Smart Thermostats, but have not disclosed this until now to their customers. One wonders how long these NEST devices have been listening in the households without their knowledge? Have these recordings been stored somewhere etc.? This disclosure raises serious privacy concerns and I am sure we will hear more about this in the coming days.

It was reported recently, that during one of Taylor Swift’s Concerts in the West Coast, all concert goers faces were being recorded and processed through their Facial Recognition software – ostensibly look for her “stalkers”. Did you know that this is legal since concerts (even though you pay a fortune to get in) are classified as a private event and the promoters reserve the right to record you and do anything they wish to do with your video and audio among other things? This is further compounded by the fact that courts have established that there is no expectation of privacy here as the concert goer also “opted in” during ticket purchase! {Perhaps it is time to watch concerts at home on TV?}.

Another instance is the social media promoted “Selfie Challenge” where they want us to post our “before” (~10 Years ago) and current picture side by side for the stated reason to show how “we” have grown. However we believe there is another reason! Large companies, who have a tremendous amount of our aggregated personal data in their databases, are trying to improve “image progression” and refine their Facial Recognition Software algorithms to better handle age progression. This will make it very easy for them to go through their databases and “tag” photos over a period of time so that they now have streamlined libraries of our age progression. {I leave it to your imagination as to what they can do with this information – in our case, we have not provided these “Selfie Challenge” pictures to aid this effort!}.

Some time ago, it was reported that GSK (Glaxo Smith Kline) purchased “23 and Me” the well know site that would provide users information related to their ancestry based on DNA Samples provided. Consequently, GSK now has “tagged” Genetic Information from Millions of Users who used it trace their ancestry which  will ostensibly be used for tailored drug research to provide better patient outcome which is a good thing. However, now GSK has Genetic information on millions of users around the world which can now perhaps be sold to third parties such as Insurance Companies who can now use this genetic predisposition to certain disease to alter premiums or not cover individuals based on this information. Could this be the start of a path down a slippery slope?

If you think you’re a passive user of Facebook, think again! You may think that you are minimizing the data you provide to FB by not oversharing details of your life, you have probably underestimated the scope of its reach. It is understood that Facebook doesn’t just learn from the pictures you post, or the comments you leave: Facebook’s Artificial Intelligence (AI) Algorithms on this site learns from which posts you read and which you don’t; it learns from when you stop scrolling down your feed and how long it takes you to restart; it learns from your browsing on other websites that have nothing to do with Facebook itself; and it even learns from the messages you type out then delete before sending.

Also, Sean Parker one of the founders of Facebook, in a conference in Abu Dhabi a few weeks ago, said the intent of Facebook is to be addictive (like tobacco?) to the users since one of the metrics used to measure effectiveness in number of active users. We wonder what the impact FB and other social media will have on regular users 20 years from now psychologically and in terms of long term Health and other issues?

I often hear this very naïve comment in response to data privacy that ‘I don’t need to be worried about surveillance because I’ve done nothing wrong and I have nothing to hide.’ Wrong! Personal information allows corporations to make highly accurate predictions about a person’s life, using pile of aggregated data, including their spending, sexuality, potential health or psychological problems. This information can cause professional damage, personal harm and also be used for unlawful and unauthorized discrimination against individuals to deny employment, insurance coverage or other benefits . Hence, we need to be mindful of what we post on the internet and take our privacy concerns very seriously. One simple step to prevent some amount of accidental exposure is to cover the camera aperture on our laptops so that hackers are not taking our picture without us knowing about it. We have written extensively in earlier blog posts on how to protect ourselves  in cyberspace and I urge my readers to refer to it again.

We (Americans) tend to mistrust government and trust corporations. Europeans tend to trust government and mistrust corporations. This results in more controls over government surveillance in the U.S. than in Europe. On the contrary, Europe has more stringent privacy regulations on data being held by corporations and recently unveiled the GDPR (General Data Protection Regime) designed to increase safeguards on the storage and handling of personal data, which we feel is an admirable step in the right direction.

There are number of experts who advocate “Opting out” which in our opinion is not a feasible option. We cannot advise people not to carry a credit card or not to have an email address. And the old Latin adage “Caveat Emptor” (buyer beware) puts too much onus on the individual – consumers do not test their food for pathogens nor do they test airlines for safety – this is done by various Government agencies. In our opinion, almost every positive move by these internet giants such as Facebook, Google, Amazon the others, can be attributed to regulatory pressure from Government. Hence, we feel that Congress and our  government need to protect consumers (us) from internet companies and social media giants more effectively with more stringent oversight and appropriate regulation.

In the meantime, as  “security experts” we try not to be paranoid in this landscape of increasing personal privacy erosion, we just try to get a better understanding of the risk / reward tradeoff and act appropriately to leave as small a digital footprint as possible!

Leave a Reply

Your email address will not be published. Required fields are marked *