Security Experts:

A Simple Guide to Privacy Outrage

The pitchforks are gleaming and torches burning bright, but it’s hard to figure out where the angry mob is marching. People are screaming “Privacy!” but it’s confusing who they’re screaming at. That’s why I thought I’d pen a timely guide to the current privacy outrage. Confusion stems from there being four plot lines going at the same time. The four protagonists for these sagas are:

1)   NSA (may include CIA, FBI, Exec branch)

 2)   Social Media (Facebook, Google+, Instagram)

3)   Portals/Email Providers (Google, Yahoo, Microsoft)

4)   Foreign Powers

Let’s take a look at each of these storylines to better understand the basis of outrage.

1) NSA

Internet PrivacyBackground: Turns out the NSA is tapping into call data and electronic messaging and using Big Data analytics to see who’s communicating with “bad guys” and what they might be up to.  And it looks like they’ve been doing this for a long time. They’re just supposed to look at folks outside of the U.S., but folks outside the U.S. sometimes talk to folks in the US.

Issue: Folks don’t trust their own government. While fine with the NSA tapping into foreigners’ communications, they take umbrage when it’s theirs being analyzed.

2) Social Media

Background: Facebook and the like make money by selling targeted advertising. You become a target when you or your friends show an interest in something. You like or mention a song so then it’s assumed you like the album, a band t-shirt and tickets to their concert next month, as so will your friends.

 Issue: Predictive marketing is creepy, ads are popping up more and more, and privacy policies and settings are a cat and mouse (if not bait and switch) game with social media companies pushing for increased sharing.

3) Portals/Email Providers

Background: Similar to social media, portals and email providers are advertiser supported. Where you go, what you say and who you communicate with help form a picture of what you want and are willing to part with cash to get.

Issue: The creepy meter pegs to red when it comes to email being scanned (see NSA above). And no one shares browsing histories. There’s a reason for the option to dump that log file at the end of each session.

4) Foreign Powers

Background: The Chinese and others hack into U.S. corporate and governmental information for political, military and economic gain. Ironically, public scrutiny pivots back to the U.S. Government with demands for greater security and possible retaliation.

Issue: Not so much a personal privacy issue as a piling on effect. Thrown into the privacy fervor as folks feel their own information is more vulnerable.

Analysis:

A common theme is that individuals don’t care for snooping and feel they have a right to their privacy. On the other hand, they don’t like being the target of cyber espionage or terrorist attacks. So we have a conflict. Resolution of that conflict lies in trust. People are concerned to different degrees with foreign powers, commercial business, or their own government.  Interestingly, their own government least appears to cause the most concern. Visions of “The Minority Report” and Watergate swim in their heads to the point that “surveillance state” is bantered around.

Everyone determines their personal level of trust based on experiences. I’ve worked with folks working for the CIA and NSA. None do it for the money. They are generally intelligent and patriotic but lousy at dinner conversation as the whole chat about work is off limits.  As a result, I have a decent level of trust that analysis of my communications by my government is done for a higher purpose and not designed to target me as an individual. Therefore, I don’t feel threatened.

As for social media and email services, my level of trust is lower. I feel I have fewer protections as a consumer as to commercial entities than I do as a U.S. citizen as to my government. This is exacerbated by ever changing privacy policies and settings designed to make me share more information.

Foreign powers are in another class. I don’t share anything with them and want my government to protect me from their intrusions.

So in the end, the different sources of surveillance are being lumped together to create a state of panic. But if you can sort out the different sources of concern and get a feel for your trust level on each, then the torches can be put away so that thought and reason can be applied to find your own level of trust.

view counter
Gant Redmon, Esq., is General Counsel & Vice President of Business Development at Co3 Systems. Gant has practiced law for nineteen years; fifteen of those years as in-house counsel for security software companies. Prior to Co3, Gant was General Counsel of Arbor Networks. In 1997, he was appointed membership on the President Clinton’s Export Counsel Subcommittee on Encryption. He holds a Juris Doctorate degree from Wake Forest University School of Law and a BA from the University of Virginia, and is admitted to practice law in Virginia and Massachusetts. Gant also holds the CIPP/US certification.