Riverbank Ruminations
Observations from the banks of the technology river
Privacy – How much do you really have?
1999 –
The Chief Executive officer of Sun Microsystems said Monday that consumer privacy issues are a “red herring.”
“You have zero privacy anyway,” Scott McNealy told a group of reporters and analysts Monday night at an event to launch his company’s new Jini technology.
“Get over it.”
The above quote raised many eyebrows as privacy was already in the news. McNealy’s comments came only hours after competitor Intel (INTC) reversed course under pressure and disabled identification features in its forthcoming Pentium III chip.
Fast forward to 2020 and what threats do we see to privacy and personal data?
No tech – a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships that result when these relationships go bad.
Low tech – Data breach of a social media site exposed the information of 350,000 ‘influencers’
High tech –
- Network injections allow for the automatic and invisible redirection of targets’ browsers and apps to malicious sites under the attackers’ control, most likely unknown to the victim. These will rapidly leverage software vulnerabilities to compromise and infect the device. The cited case talks about how the victim’s phone was compromised and then forced to web sites of the attacker’s choosing.
- Eavesdropping used to require either proximity to the speaker, planting some sort of microphone/recording device, and more recently using a laser to read the vibrations of a pane of glass in the room being monitored. Now your conversation can be recorded as long as the attacker has a line of sight access (via a telescope) to a light bulb in your room.
- Your security camera may be telling an observer whether you are at home, and are you moving around and where. This attack does not even require the attacker to be able to see the data your camera is recording and uploading to the cloud.
- If you have a newer car with a camera that helps with blind-spot warning, automatic emergency braking, lane departure, or other safety features, you may be a data feed to a company called Mobileye.
And let’s not forget about data breaches in general. Did you know that according to the Verizon data breach report there were 540 data breaches affecting 163,551,023 individuals between January and June of 2020?
What Does ‘Privacy’ Even Mean?
Scott McNealy was more correct than he knew but for different reasons. Privacy has taken on quite a different meaning in the last few years. Old-timers like myself think of privacy in terms of “Why do you need to know that?”. Today you see people (not just millennials) putting all kinds of information voluntarily on the internet that really shouldn’t be there.
We all are much more willing these days to give up personal information in return for some perceived gain. I fall into this category. I have an affinity card for the grocery store. In exchange for allowing them to know what I buy, they give me discounts on food and gas. I hesitate to think about how well the store knows me, but if my preference for baked potato chips becomes public, I am not so concerned.
The challenge comes when we give up our privacy without a thought. Every time we sign up for something, a little more information gets vacuumed up into the data universe and we don’t know who is going to get it or what they are going to do with it. Giving away personal data is so widespread, most of us think little about it. The downside of this is not apparent until there is the inevitable data breach and we have a problem because we provided so much data and now it is public.
One place this shows up is in spear-phishing (also whaling). Spear phishing and whaling attacks rely on sending convincing emails that contain enough actual details to appear legitimate. They may reference personal details, company details, or details of specific business transactions. This all becomes possible when the attacker can violate the privacy of the individual or company.
There is not much point in telling people to be miserly with the information they give out. We are long past the point where that is advice that will be followed. What we need to do is realize that since we have next to no privacy and that our personal information can be used against us, it is incumbent upon us to be very careful. Don’t blindly trust emails, no matter who the source is. Email accounts can be compromised. Voice mails are no better. (Think of the ones that start “This is the IRS calling. You have a problem”). Data breaches have shown that no matter who has the data, it can be exposed. Since we don’t have actual privacy we will have to rely on being alert enough to react when things go wrong.
Concerned about the security of your network and/or data? Give Ashton Technology Solutions a call to learn more about keeping the bad guys out of your network and away from your data. You can always find us at 216 397-4080