Privacy by design

How can businesses protect customers’ privacy, Intel Security’s Michelle Dennedy discusses how to bake privacy into your organisation

“Know your data” is the key tip for businesses concerned about privacy says Michelle Dennedy, Chief Privacy Officer for Intel Security, formerly McAfee.

“It’s really important to go back to basics,” says Michelle. “We’re trying to do bolt-on privacy, just like we did with security years ago. I think it’s time to take a good look at the policy side, which id called Privacy By Design, thinking about it at early states and being consumer-centric.”

“We at McAfee call it ‘Privacy Engineering’; looking at the tools. methodologies and standards from the past, adding current legislative requirements and business rules then turning them into functional requirement.”

Michelle, who is also co-author of the Privacy Engineering Manifesto, was speaking to Decoding The New Economy as part of Privacy Awareness Week.

A key part of the interview is how Michelle sees privacy evolving in a global environment, “if you’d asked me in 2000 where we’d be today I’d have told you it would be like the 1500s when we were dealing with shipping lanes. We would have treaties, it would harmonised and we’d understand that global trade is a hundred percent based upon sharing.”

“We have instead decided to become a set of Balkanized nations.”

For individual businesses “know thy data,” is Michelle’s main advice. “Know what brings you risk, know what brings you opportunity.”

In Michelle’s view, businesses need to balance the opportunities against the risks and treat customers data with respect as the monetisation policies of many online platforms don’t recognise users’ costs in time and data sold.

As businesses find themselves being flooded with data, protecting it and respecting the privacy of customers, users and staff is going become an increasing important responsibility for managers.

It’s worthwhile understanding the privacy laws as they apply to you and making sure your systems and staff comply with them.

Similar posts:

  • No Related Posts

Dropping off the grid

Can you drop off the grid and hide from Big Data? The results of one lady’s experiment aren’t encouraging.

Just how hard is it to hide from big data? ABC Newcastle’s Carol Duncan and I will be discussing this from 2.40 this afternoon.

Princeton University assistant professor of sociology Janet Vertesi decided she’d find out by trying to conceal her pregnancy from the internet.

She describes her experiences to Think Progress and the lessons are startling on how difficult it is to drop off the Internet and business databases.

While it’s easy to tritely say ‘don’t use the internet’, Janet found that using cash to avoid being picked up by bank databases raises suspicions while not using discount voucher or store cards meant she missed out on valuable savings.

For many people though dropping off the internet is not an option – not having a LinkedIn profile hurts most job hunters’ chances of finding work while if you want to participate in communities, it’s often essential to join the group’s Facebook page.

The amazing part of all is that Janet herself became a Google conscientious objector two years ago after deciding the company’s data collection methods were too intrusive. Yet she still found it hard to keep the news of her baby off the internet.

Ultimately her friends were the greatest risk and she had to beg them not to mention her pregnancy on Facebook and other social media channels lest the algorithms pick that up.

For Janet, it proved possible but it was really hard work;

Experience has shown that it is possible, but it’s really not easy, and it comes with a lot of sacrifices. And it requires some technical skill. So to that end, it’s my concern about the opt-out idea. I don’t actually think it’s feasible for everyone to do this.

So can you drop off the net? Do you know if you’re on it at all. Join us on ABC Newcastle with Carol Duncan from 2.40 to discuss these issues and more.

Filing cabinet image by ralev_com through SXC.HU

Similar posts:

  • No Related Posts

“He looks like a geek”

The media scrum around alleged Bitcoin founder Dorian Nakamoto is based on some flimsy thinking

The unseemly media scrum around alleged Bitcoin inventor Dorian Nakamoto has not been the press’ finest hour.

What’s more worrying though is a Business Insider interview with Sharon Sargent a ‘forensics analyst’ who was part of the Newsweek investigative team.

A systems engineer by training with experience in computing security, military protocol analysis, and artificial intelligence, Sergeant said everything she found converged on an individual with a background apparently similar to hers — and who ended up sharing a name with Bitcoin’s creator.

“I said, ‘I think I know this guy — he wears a pocket protector, he has a slide rule, he comes from that genre,’ which was very different from other characterizations,” she told BI by phone Friday.

He wears a pocket protector and uses a slide rule? Hell yeah, not only did he create Bitcoin but he’s probably a witch as well.

One hopes Newsweek have found the right man.

Picture courtesy of forwardcom through sxc.hu

Similar posts:

  • No Related Posts

On the internet, the Feds know what breed of dog you are

The downfall of Silk Road’s alleged founder is a lesson on how fragile our privacy and online security are

The arrest of alleged Silk Road founder Ross Ulbricht – also known as the Dread Pirate Roberts – has attracted plenty of media attention.

What’s particularly notable is the FBI is claiming Ulbricht made a basic mistake in posting to a website under his real name that gave his identity away.

If true, Ulbricht’s trivial mistake illustrates how easy it is for any determined investigator to find someone’s identity online from the trillion points of data we all create in the connected world.

Anyone who wants to be truly anonymous on the web has to work extremely hard to protect their identity. Most of us aren’t prepared to trade convenience for security, particularly given the massive effort required.

Even if we could protect our online habits, the use of credit cards, loyalty plans and even driving our cars still it almost impossible to escape the watch of a determined investigator.

In the early days of the web, it was said “on the internet, no-one knows you’re a dog.” Today the feds can figure out not only what breed of dog you are, but what your name is and your favourite brand of dog food.

The modern panopticon we live in is a very efficient machine and it’s difficult to hide from society’s gaze. It’s why we need to rethink privacy and information security.

Image of Presidio Modelo by Friman through Wikimedia.

Similar posts:

  • No Related Posts

Crumbling cookies

Internet cookies are dying, what will replace them?

On the last ABC radio spot we looked at how our data is being tracked, in the following 702 Sydney program with Linda Mottram we looked at the role of Internet cookies and online privacy.

Cookies – tiny text files that store visitors’ details on websites – have long been the mainstay of online commerce as they track the behaviour of web surfers.

For media companies, Cookies have become a key way of identifying and understanding their readers making these web tracking tools an essential part of an already revenue challenged online news model.

Cookies also present security and privacy risks as, like all Big Data, the information held within them can be cross-referenced with other sources to create a picture of and often identify an internet users.

These online data crumbs often follow us around the web as advertising platforms and other services, particularly social media sites, monitor our behaviour and the European Union’s Directive on Privacy and Electronic Communications is the first step by regulators to crack down on the use of cookies.

Similar moves are afoot in the US as regulators start to formulate rules around the use of Cookies, in an Australian context, the National Privacy Principles apply however they are of limited protection as most cookies are not considered to be ‘identifiable data’, the same get out used by US government agencies to monitor citizens’ communications.

Generally these rules promise to be so cumbersome for online services Google is looking at getting rid of cookies altogether .

Ditching cookies gives Google a great deal of power with its existing ways of tracking users and ties into Eric Scmidt’s stated aim of making the company’s Google Plus service an identity service that verifies we are who we say we are online.

Whether Google does succeed in becoming the web’s definitive identity service remains to be seen, we are though in a time where the questions of what is acceptable in tracking our online behaviour are being examined.

For the media companies and advertising, putting the control of online analytics in the hands of one or two companies may also add another level of middle man in a market where margins are already thin if not non-existent.

It may well be that we look back on the time when we were worried about  internet cookies tracking us as being a more innocent time.

Similar posts:

  • No Related Posts

A trillion points of data

As shopping centres, social media services and police forces collect greater amounts of information about us, we need to understand and manage the risks involved.

Last night, current Affairs program Four Corners had a look of the risks to families in the age of Big Data.

Earlier in the day I had the opportunity to speak on ABC 702 Sydney with the program’s reporter, Geoff Thompson, to discuss some of the issues and take listeners’ calls about Big Data and security.

What stood out from the audience’s comments is how most people don’t understand the extent of how data is being shared. The frightening thing is the Four Corners program itself understated the extent of how information is being distributed around the internet.

Looking beyond social media

Social media sites like Facebook are an obvious and legitimate area of concern with most people not understanding the ramifications of the terms and conditions of these services, however Big Data is a far more that what you share on LinkedIn or Instagram.

A major point of the program was how the New South Wales police force’s Automatic Number Plate Recognition (ANPR) equipment stores photographs of car license plates.

One of the applications of ANPR shown during the program was how an officer can be warned that a vehicle has owned by someone potentially dangerous or used in a suspicious situation, allowing them to be more cautious if they decide to pull a car over. Probably the greatest application is getting unregistered, uninsured or unlicensed drivers off the road.

Those sorts of usage is the positive side of Big Data and its role in reducing the road toll, the example also illustrates how data points are coming together with the internet of machines as traffic lights, road signs and cars themselves are communicating with each other and those police databases.

When that information is put together there’s a lot valuable intelligence and that’s why people are concerned that the NSW Police are storing millions of apparently useless images of car number plates with the time and location of the photographs.

These technologies aren’t just being used in shopping centres; instore mobile phone tracking combined with the same numberplate recognition the police use watching who is entering the carparks makes it possible to predict buying patterns and target offers to shoppers.

Couple that information with store loyalty cards and add in rapidly developing facial recognition, retailers have a very powerful way of monitoring how their customers behave.

“What instore analytics does is it takes the same kind of capablities that e-commerce sites have had for more than a decade and apply them to brick and mortar stores,” says Retail Next’s Tim Callen. Using the store’s CCTV system the company applies facial recognition software to track shoppers’ behaviour.

Securing the data feeds

The immediate concern is the security of this data, we’ve covered the hackable baby monitor and the Four Corners program examined Troy Hunt’s exposure of security flaws in Westfield Shopping Centres’ Find My Car App. Similar security concerns surround government databases like the NSW Police’s numberplate store.

As we’ve seen with the repeated data breaches of 2011, the management of big and small organisations like Sony or Stratfor don’t take security seriously. It’s hard to recall any senior public servant being held accountable for a security breach by their department.

A billion points of data

On their own, each of these data points means little but for a motivated marketer, tenacious police officer or determined stalker pulling those separate information sources together can pull together an accurate picture of a person’s private information, habits and beliefs.

Almost all the collectors of this data claim this information is anonymised or isn’t personal information, unfortunately there’s mismatch between the definition of private data and reality as number plates and mobile phone MAC addresses are not considered private, however they provide enough insight for an individual to be identified.

That aspect isn’t understood by most people, the final caller to the ABC Radio spot asked why she should be bothered worrying about privacy – it doesn’t matter.

As French politician Cardinal Richelau said in the Seventeenth Century, If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him

Today we each have six million points of data that can hang us, in a decade it could easily be a billion. We need to understand and manage the risks this presents while enjoying the benefits.

Similar posts:

  • No Related Posts

Microsoft’s China crisis

Microsoft’s Chinese partner is blocking Skype messages and possibly passing user details onto PRC authorities. This security concern could damage both Microsoft and Skype.

That the Chinese Public Security Bureau is blocking your messages – and may even be reading them – would make anyone pause before they used a service.

Bloomberg Businessweek reports Microsoft Skype is doing exactly this with its Chinese customers. Anything deemed inappropriate is censored and referred to servers belonging to TOM Online, the company that runs the Skype service on behalf on Microsoft in China.

The Bloomberg story goes onto detail how one Canadian researcher is reverse engineering the Chinese blacklists, giving us a wonderful insight into the petty and touchy minds of China’s censors and political leaders.

What raises eyebrows about this story is how nonchalant Microsoft is about this issue, in a wonderful piece of corporate speak the software giant answered Bloomberg’s question with the following bland statement;

“Skype’s mission is to break down barriers to communications and enable conversations worldwide,” the statement said. “Skype is committed to continued improvement of end user transparency wherever our software is used.”

Microsoft’s statement also said that “in China, the Skype software is made available through a joint venture with TOM Online. As majority partner in the joint venture, TOM has established procedures to meet its obligations under local laws.”

Microsoft have to fix this problem quickly, glibly saying the Chinese government eavesdropping on conversations is a matter for partners is not going to be accepted by most customers.

It would be a shame should Microsoft’s Skype investment fail – Skype is a very good fit for Microsoft, particularly when the technology is coupled with the Linc corporate messaging platform, so squandering goodwill over protecting users’ conversation seems counterproductive.

One of the great business issues of this decade is the battle to protect users’ privacy. Those who don’t do this, or don’t understand the imperatives of doing so, are going to lose the trust of the marketplace.

Twenty years ago, Microsoft could have risked this. Today they can’t as they struggle with a poor response to their Windows 8 operating system and their mobile phone product.

Losing the trust of their customers may be the final straw.

Similar posts: