A big 'Thank you' and round of applause to Facebook and Cambridge Analytica, because of them we have started paying more attention to privacy breaches, digging through old content and thinking twice about posting information online. They have ignited a new industry with companies crawling out of the woodwork offering everything from consulting to training and even technology. The news since the leak hasn’t gotten any better, but it does bring into question how much privacy the average user needs or should want, what’s okay to share, and whether the services we use will keep our information safe. So let’s start with a few privacy basics.
Every time someone says that they 'have nothing to hide', gets me raising my eyebrows, rolling my eyes and mumble in the back of my mouth words that are clearly not acceptable in public. Having "nothing to hide" doesn't cut it anymore. We must all do whatever we can to safeguard our personal privacy. Taking the steps outlined below can not only give you some sanctuary from spreading surveillance tactics but also help keep safe from cyberattackers.
Privacy ? huh ?
Since the dawn of time, from the hunter-gatherer culture to current day indigenous tribes in remote corners of the Amazonian forests to the Samoan jungles; it can be well asserted that privacy is not considered in these cultures. With omnipresent dangers in the villages and forests from carnivorous animals to wild fires; everyone in the community is expected to keep an eye on everyone and everything to ensure that everyone is safe and sound and close by at all times. This is akin to a surveillance state ensuring that safety is only possible if there is an absence of privacy. This was a survival tactic and has nothing to do with present day 'snooping'.
Of course, as time progressed, the villages started to grow, along with the population and lack of availability of food and humans began to move out of these large collective communities and into smaller groups and eventually into big city life as nucleus families. The pressure of being watched [for their own good] all the time also played a big role in this shift of consciousness.
"The road to hell is paved with good intentions"
Back in the 80s and 90s as the internet and other computing technology was emerging, all tech and internet companies were always about free services, specially the likes of Google were so bent on providing quality free services that they kept offering 'search' for free. However, someone needs to pay for the party and the easiest access to revenue was [and is] the 'Ad-Based 'model. When Google started to adopt this model, it proved to serve them really well.
However, the challenge with the 'Ad-based' model is that you need to be really precise about who is receiving the advertising, or the whole venture is an exercise in futility. It was in the interest of Google to intimately understand who their target audience is; they needed to prove to the people paying for the party that their marketing budgets are, in-fact reaching the intended audience. This led to the advent of data hoarding and mining and eventually analytics and in present day surveillance of who is doing what online.
On the other hand, our friends over at the intelligence agencies such as NSA [USA], GCHQ [UK], CBI [India] and other 'Law Enforcement', have been stuck in a time lapse of sorts. With passing years, most cities around the world have had a transformation in the surveillance and police monitoring sector. The ever-improving technology has aided the development of sophisticated systems that have helped in crime prevention and terrorism fighting. Surveillance cameras have been fitted to most public places and on buildings to keep track of whatever could be happening and suspicious scenes, noted and addressed.
Cities like, London with an estimated 60,000 CCTV cameras across the city, New York with 50,000 and Beijing around 40,000 [or less], are amongst the most surveilled cities in the world. This being all under the pretence of safety and security. It is needless to mention that the hunter-gatherer community would be extremely grateful to the NSA for what they claim to offer.
Bring these two worlds together and one can clearly see 'The Orwellian Prophecy' is now becoming a reality.
So, Now What?
Protecting privacy is considered an essential human right, crucial and important to the protection of liberty. Although privacy is such a massive part of our lives, today’s technology is threatening the safety and privacy of many people. Cell phones, CCTV, social media, government, and other forms of technology threaten the lives of many both in their personal life and their life in the workplace. We must start to consider ways to help protect privacy more efficiently to protect the lives of people all across the globe.
In modern times, there’s a significant incentive for bad actors to spread Fear, Uncertainty, and Doubt or 'FUD' about privacy and what it means. Privacy is not about keeping everything secret forever, it’s the ability, or option, not to share what doesn’t need to be shared for as long as it is advantageous and legal to do so. And the benefits are clear: less harassment, less identity theft and other targeted crime, fewer complications with employment and encounters with law enforcement. These are just a sample of the reasons why hundreds of millions of people use privacy tools and practice only sharing what’s necessary to pursue their goals.
Privacy is the ability to maintain what or who can access and see your personal content and information. With that, the idea of privacy is different amongst different cultures and countries, while they all differ, they share common characteristics. The act of sharing ones own personal information is decision one must make on their own. Privacy is a right that all people should have and the government has the responsibility of maintaining that right. Data such as personal emails, bank details, medical records, and passwords need to remain safe and secure to ensure privacy is not invaded.
When we talk about invasion of privacy; this can mean many things, starting from computer hackers stealing someones identity or governments listening into private conversations, or a local photographer taking random pics and posting them online, 'you' just happen to be in some of them.
In some countries you can go to prison for just carrying around a camera in public. Saudi Arabia for instance was not allowing camera phones to be brought into the country well into the 2000s, the security in the airport would stop you, check for camera phones and break the camera lens on the spot and return your phone. This makes it an interesting case study, as it is difficult to say exactly who is invading who's privacy in this scenario.
By 2020, everyone in China will be enrolled in a vast national database that compiles fiscal and government information, including minor traffic violations, and distils it into a single number ranking each citizen. The ambition is to collect every scrap of information available online about China's companies and citizens in a single place – and then assign each of them a score based on their political, commercial, social and legal “credit.” Post something negative about the government and you may not be able to renew your passport.
China's Great Firewall and the UK's Snooper's Charter, the US' mass surveillance and bulk data collection -- compliments of the National Security Agency (NSA) and Edward Snowden's whistleblowing -- Russia's election meddling, and countless censorship and communication blackout schemes across the Middle East are all contributing to a global surveillance state in which privacy is a luxury of the few and not a right of the many.
Time for Change
Data is a vague concept and can encompass such a wide range of information that it is worth briefly breaking down different collections before examining how each area is relevant to your privacy and security. While governments and hackers play this cat and mouse game with public data, it is the majority of the population that requires the system to be operational to be able to function well.
Personally Identifiable Information - Known as PII, this can include your name, physical home address, email address, telephone numbers, date of birth, marital status, Social Security numbers [US] /National Insurance numbers [UK], Aadhar [India], and other information relating to your medical status, family members, employment, and education.
Internet activity is constantly monitored by an Internet Service Provider (ISP) and can be hijacked. While there is little consumers can do about attacks at this level, the web pages you visit can also be tracked by cookies, which are small bits of text that are downloaded and stored by your browser. Browser plugins may also track your activity across multiple websites.
Cookies are used to personalize internet experiences and this can include tailored advertising. However, such tracking can go too far, as shown when the unique identifiers added to a cookie are then used across different services and on various marketing platforms. Such practices are often considered intrusive.
Our email accounts are often the pathway that can provide a link to all our other accounts, as well as a record of personal communications. If an email account acts as a singular hub for other services, a single compromise can snowball into the hijack of many accounts and services.
When a transaction is done online, this information includes credentials for financial services, or credit card information including card numbers, expiry dates, and so on. Hackers who steal financial services credentials through phishing and fraudulent websites, eavesdrop on your transactions through Man-in-The-Middle (MiTM) attacks or utilize card-skimming malware can steal these details when they are not secured.
A relatively new entrant to the mix, hospitals now often make use of electronic records, and home DNA services store genetic information belonging to their users. The loss of medical information, which is deeply personal, can be upsetting and result in disastrous consequences for everyone involved. When it comes to DNA, however, the choice is ours whether to release this information -- outside of law enforcement demands -- and it is often the use of ancestry services that release this data in the first place.
Things you can do today to protect your privacy
- Stay away from Social Media.
- Be paranoid about sharing any personal information.
- Lock your computers at all times - no one [but you] should use your computer.
- Always use private browsing/incognito mode.
- Move away from usernames and passwords - Learn more about this technology.
- Lie when setting up password security questions
- Use privacy based search engines such as www.duckduckgo.com
- Deactivate location based services on your phone for as long as possible.
- Refrain from using Siri, Alexa, Google Assistant and similar services.
- Do not activate 'Biometric Authentication' on your phone and other devices. this captured data can be shared with the parent company which may be hacked eventually.
- Encrypt all your messages, swap out GMAIL and WhatsApp with privacy based apps such as Signal Messenger and Proton Mail.
Businesses that handle data belonging to their customers are being scrutinised more and more with the arrival of regulatory changes such as the EU's General Data Protection Regulation, designed to create a level playing field and stipulate adequate security measures to protect consumer privacy and data. Companies will often encrypt your information as part of the process, which is a way to encode information to make it unreadable by unauthorised parties. But this still does not prevent the government from spying on private conversations.
Although technology can help safe guard our data, it is also the cause of this mess. Privacy begins with being conscious and aware of ones actions and not sharing information blindly online and offline.
#privacy #infosec #security #data #digitalprivacy #surveillance #dataveillance
Irfan Khan is a Digital Economist and the Founder of Hypermine, a technology and research organisation that builds secure digital economies