cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

Is privacy an oxymoron?

I am thinking through a presentation, I have to give on GDPR, and I wonder whether "privacy is an oxymoron".  For example:  https://www.floridatoday.com/story/money/business/2017/04/27/scott-tilley-online-privacy-oxymoron/10... "There is a constant tug of war between the positive benefits afforded by new technology and the trade-offs that society is prepared to accept to realize those benefits. Privacy is a prime example of that conundrum. For example, if you enjoy using Facebook, you should be aware of how much personal information you are releasing online. Your digital footprint is significant, even if you’re not fully aware of making the impression. And unlike real footprints, the online version never goes away.

 

For some people, privacy is very important. For others, the line between private and public vanished long ago. Scott McNealy, the past CEO of Sun Microsystems, was famously quoted as saying, “You have zero privacy anyway. Get over it.” I believe this statement is becoming increasingly accurate. You don’t even have to go online to become part of the big data collection – you just have to live."

 

So how do we on one hand, expect new innovation and technology to come about, where the vendors create and sell new expectations, and organisations readily purchase it.  And then comes along GDPR and other previous legislative mandates, which have been around for some time like PIPEDA.  How do we balance this equation of digital disruptive tranformation and the need for trust and assurance.   If we think on the dark web, the criminals are actively trading most important asset in the world "data", which has a higher value than oil.  

 

So is privacy an oxymoron or not?  What do you think?   Can we balance out the equation of privacy and new economics using data in the commercial world, whilst protecting individuals rights?

 

 

 

 

9 Replies
Early_Adopter
Community Champion

Bottom line up front No, and yes.

 

At it's most fundamental level it's the right to be left alone.

 

Security by design, privacy by design are basically the same concept and coupled with legislation provide the proper controls to safeguard privacy.

 

The online version can be made to go away, and to the example, to the example if Facebook(no one is saying at this stage they are bad, in fact, they have a vested interest in maintaining privacy) kept getting fined 4% of global turnover per breach of the GDPR either clever engineers will be put on the case or Facebook will lose the market it created(at least in Europe). Criminals can be prosecuted, and criminal enterprises sanctioned.

 

Throwing your hands up and saying it's to complex, is missing the fact we are not automatically infantilized by technology or society's use of it, we are here working in tech on Security, QED. Moreover, anyone advocating zero privacy as a paradigm is essentially opening society up to a world in which manipulation of people based on mass profiling is accepted, the downstream of this leading to weak societies that can be made to believe pretty much anything.

 

 

 

 

Caute_cautim
Community Champion

Thanks, it is interesting outside of USA, my understanding is that America has always had an "opt-out" system. I I have read and seen that on average the number of pieces of information known about American individuals is approximately 5,000 pieces of information, even with them being totally aware this is happening.  Whereas Europe, Canada, Australia and New Zealand have adopted an "opt-in" approach.  

 

We are definitely in the information age, however, someone somewhere wants to make money out of our data regardless of whether it is legitimate or not. 

Early_Adopter
Community Champion

Yeah, it comes down to ownership of personal data in the US its the controller, almost everywhere else it's the subject.

 

I would expect(personal opinion) that the 'Explicit Consent' for highly limited defined purpose with no pre-checked tick boxes, right to withdraw will become the norm globally, and eventually the US will follow suit, especially if it adopts the view that the subject own's their personal data(PI/PII in American Money).

 

Not doing so will leave US citizens very exposed as attackers will go after the entities that aggregate the data, mandating the right controls will help a bit, especially if encryption is used with top keys on HSMs.

 

But the business drivers are already there, especially if you look at attempts by people to monetize breaches of their data in the US:

 

https://sanfordheisler.com/case/equifax-class-action/

 

'In addition to named plaintiffs in various states, there is also a “nationwide class,” which comprises all persons residing in the U.S. whose personal data Equifax collected and stored and whose personal information was placed at risk and/or disclosed in the recent breach.'

 

I'd say that if you combine this with the fact that the market in the US for information service is 350M people, and externally it's 7-8B of which probably about 3B of which are in a position to care right now, then for google FB etc it's clear that being able to address the global market is going to be more important, so they will build the controls and put toggles and limiters in that can be used based on legislation. 

 

Bertikus
Newcomer III

Companies spend millions a year on security and still get hacked.  People plug in a Linksys router and think they are safe?  Privacy is with out a question an Oxymoron.  In your home, there is and should be an expectation of privacy but when you "enter the cloud" you are not home, your data has left the building.  Right or Wrong is not the question but the fact is you are exposed to the risk of someone finding it.  The larger your profile the larger the risk.  No one will spend 6 months hacking a person to get nothing.  Scott McNealy may have been blunt but he was not wrong.  When you drive you car you risk an accident.  When you set up an online bank account you risk someone trying to take it.  If you post personal pictures to the cloud then, someone will eventually look at them.  Either the network admins for the servers or a hacker or something.  I know a little about security and a little about people.  Someone will always try and there is not perfect security.  The most we do is make it harder to get in.  Eliminate the Script kitties, to reduce risk.  Sorry if it sounds negative but our job is to look for the negative and try to make it better. 

Early_Adopter
Community Champion

I still disagree on that point, as privacy will only be respected by lawful actors. Saying privacy is an oxymoron is a pretty crude use rhetoric and just serves to mask the problem.

 

Overall spend on Information security is around a hundred billion dollars(93B USD according to Gartner). The global economy is around one hundred and twenty-five trillion dollars. If data is more valuable than oil, I would expect to see more spending, bluntly we haven't been trying very hard.

 

If the controls are not good enough, then the controls are not good enough. Eventually, this will have a 'Darwinoing' of the organizations that can process PI/PD as those organizations that have too many breaches will be driven out of business by fines, lawsuits or just market sentiment.

 

 

Caute_cautim
Community Champion

A healthy debate and different points of view or perspective are all good in my book.   I agree, it does indicate we simply have not been trying hard enough, if we want the digital economy to thrive and evolve, we simply have to grow and learn how to handle data appropriately to maintain individuals trust or they will simply vote with their hands and feet. 

 

Some excellent points.  Any more views?

 


@Early_Adopter wrote:

I still disagree on that point, as privacy will only be respected by lawful actors. Saying privacy is an oxymoron is a pretty crude use rhetoric and just serves to mask the problem.

 

Overall spend on Information security is around a hundred billion dollars(93B USD according to Gartner). The global economy is around one hundred and twenty-five trillion dollars. If data is more valuable than oil, I would expect to see more spending, bluntly we haven't been trying very hard.

 

If the controls are not good enough, then the controls are not good enough. Eventually, this will have a 'Darwinoing' of the organizations that can process PI/PD as those organizations that have too many breaches will be driven out of business by fines, lawsuits or just market sentiment.

 

 


 

Caute_cautim
Community Champion

It would be interesting to see what the actual spend is on data security or privacy in comparison with the numbers you have offered up. 

 

Caute_Cautim


@Caute_cautim wrote:

A healthy debate and different points of view or perspective are all good in my book.   I agree, it does indicate we simply have not been trying hard enough, if we want the digital economy to thrive and evolve, we simply have to grow and learn how to handle data appropriately to maintain individuals trust or they will simply vote with their hands and feet. 

 

Some excellent points.  Any more views?

 


@Early_Adopter wrote:

I still disagree on that point, as privacy will only be respected by lawful actors. Saying privacy is an oxymoron is a pretty crude use rhetoric and just serves to mask the problem.

 

Overall spend on Information security is around a hundred billion dollars(93B USD according to Gartner). The global economy is around one hundred and twenty-five trillion dollars. If data is more valuable than oil, I would expect to see more spending, bluntly we haven't been trying very hard.

 

If the controls are not good enough, then the controls are not good enough. Eventually, this will have a 'Darwinoing' of the organizations that can process PI/PD as those organizations that have too many breaches will be driven out of business by fines, lawsuits or just market sentiment.

 

 


 


 

Early_Adopter
Community Champion

Well, you can always run a study.

 

I pulled from Gartner and used PPP from Wikipedia, the broad brushstroke here is that we don't spend as a species as if data was as important as we say it is. Now it's also lumpy, so some might be doing enough.

Early_Adopter
Community Champion

Well, you can always run a study... 😉

 

I pulled from Gartner and used PPP from Wikipedia, the broad brushstroke here is that we don't spend as a species as if data was as important as we say it is. Now it's also lumpy, so some might be doing enough.