Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Privacy Series - Overview

Privacy Series - Overview

by phiber on March 21st, 2001 There has been a lot of news and noise about privacy online lately. Some people seem to be getting very concerned that their online activities might be monitored. As with many public issues, the focus is on the simple and mostly harmless aspects of the problem. The really nasty issues are quietly being largely ignored; in fact, most people are blissfully unaware of them. This is unfortunate because as privacy erodes, people will become used to the process, thus allowing it to erode further. This is the first article in a series that I plan to work on over the next few weeks or months.





Who Wants Privacy?

Generally speaking, individuals want privacy. Companies, government and other organizations generally want to violate individuals' privacy. This is often done in the name of marketing, law enforcement, child protection or any number of excuses. The sad fact is that the organizations who want to violate individuals' privacy are generally the groups with money or the ability to get legislation passed.



The people who want to protect privacy tend to be individuals. While there are some pro-privacy organizations (the EFF for example), they are generally a lot smaller and less effective than major corporations or governments. In addition, your average person is not overly concerned with privacy. When pushed about privacy, people typically answer with "but I have nothing to hide." As long as there are no cameras in the bedroom, most people are not too concerned.





Anonymity vs. Privacy

These are two items that are often confused for each other, which is understandable because they overlap significantly. From dictionary.com:





Privacy

a. The quality or condition of being secluded from the presence or view of others.



b. The state of being free from unsanctioned intrusion: a person's right to privacy.



The state of being concealed; secrecy.





Anonymity

The quality or state of being unknown or unacknowledged.



One that is unknown or unacknowledged.



Privacy would be going to your doctor and having an HIV test (more on medical information later); anonymity would be going to a clinic that uses a double-blind method to ensure that patients cannot be identified. Anonymity can be used to reinforce privacy. However, most of the data collected on people is useless or worth much less if it cannot be attributed to a certain individual. If you want to buy sex toys, you may think you have more privacy by going online and purchasing them, but you would be better off in most cases going to a physical store and purchasing them with cash (assuming you don't run into your parents).





Data Collection

This is usually the first stage of having your privacy violated. If the information doesn't exist or isn't recorded (video surveillance tapes, purchase records, etc.), then it's pretty hard to violate people's privacy. You would have to go out and somehow collect this information and store it yourself. This is of course exactly what many companies now do. Club cards at Safeway are one example. Instead of your shopping being anonymous with them, they can now easily tie purchase data to an individual.



This is done on a larger scale in Canada with Air Miles, every time you purchase something and use your Air Miles card, you gain Air Miles you can later redeem. Of course, it also means that Air Miles knows exactly what you bought, when you bought it, and where you bought it, among other things. Air Miles makes the majority of its money (almost all of it) by selling this purchase data.



Surveillance cameras are now increasingly common. In Britain, for example, many ventral areas in towns and cities have literally been blanketed with CCTV, the official reason being to prevent and prosecute crime. The technology to automate data collection is only getting cheaper and smaller.



Another factor of all this automation (and the sheer volume) is the lack of error checking. If bad data makes it into the system, it is virtually impossible to remove it. There are often no physical records to check against, and companies are more likely to believe their database than you.





Data Retention

Slowly but steadily, more information about our daily lives is being recorded and stored. This was only possible recently, as storage costs have plummeted (you can now buy 1 terabyte of disk space for around US$50,000). This data can be backed up onto long-term storage such as tapes.



While there is a ridiculous amount of volume of data, storage costs keep plummeting. Data such as purchase histories, medical records, and insurance claims is likely to live on forever, meaning it can affect you at any point in the future, and potentially affect your children and other associates as well. (We have determined that bad driving is genetic. We have to raise your rates because your father once had an accident, Mr. Smith.)



Data is not likely to be destroyed accidentally or otherwise because it is valuable now, and could be even more valuable in the future. It is a simple task for a modern company to squirrel a few hundred terabytes of data somewhere (magazine advertisements for a single-rack tape library holding 83.2 terabytes recently caught my attention).





Data Interpretation/Analysis

This is where things get especially worrisome. Turning data into information is difficult, especially with huge volumes of data. However, computers are getting ever more powerful and software is increasingly sophisticated. Databases capable of storing billions of records now exist, allowing you to profile the stock market, or customer purchases.



Pattern recognition software has made huge advances. Commercial voice recognition software is now reasonably useful. I have personally used IBM ViaVoice with a high degree of success for everyday types of dictation. I'm sure there is faster and more accurate software available now.



Fingerprints are no longer matched by humans. Instead, computers can churn through millions of fingerprints in a few seconds. The same goes for DNA. Facial recognition software was recently used at the Super Bowl. The face of every crowd member was captured and analyzed, and 19 known criminals were found. Already we are seeing DNA evidence used to prove or disprove old crimes. How long until video surveillance is collected centrally by police, and scanned for the faces of known criminals to solve old crimes?





The Possibilities

Like almost any technology, surveillance can be used for good or bad (these are of course very subjective terms). Technologies that can violate privacy are especially difficult since there are legitimate occasions for violating the privacy of individuals (such as taking a DNA sample from an accused criminal). As a result, the technology will be available for use.



Of course, there are always people that feel that the technology should be used more often. In Britain there is talk of building a national DNA database which would make solving crimes much simpler (if you find any skin/hair/saliva/semen, simply run it through the computer to get a name). If you haven't seen the film Gattaca, I suggest you do so.


By Kurt Seifried ([email protected]) for SecurityPortal


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »