Consumerization of IT–How to address this
Bring Your Own Device or Consumerization of IT are fairly hot themes in a lot of customer organizations. When I talk to customers, there are typically different reactions, once we bring this up. Some tell us, that it is not part of their strategy; some tell us that they plan to do it but that they have a hard time figuring out, how to secure such an environment; very, very ...
10 Years of Trustworthy Computing at Microsoft
Before joining Microsoft a little bit more than 10 years ago, I ran a team at PricewarehoureCoopers on e-Business Risk Management – classical security consulting in the Internet bubble time. When I announced that I will leave PwC and join Microsoft, I got interesting reactions (and remember, this was 2001). Mainly they were along two lines: Oh, you are joining a desktop company? ...
10 Reasons to migrate off Windows XP
I would like you to sit back, close your eyes and think about the year 2001. Think about how you used technology back then, how you used the Internet. Now, let’s take it a little bit further back in history and think of the year 2000. Just after we realized that the Year-2000-Problem was handled very well by the industry. How you used technology, how you used the Internet, the ...
Office 365 Becomes First and Only Major Cloud Productivity Service to Comply With Leading EU and U.S. Standards for Data Protection and Security
A long title but this was the title of the official press statement yesterday. Compliance is always a key question in the public cloud space. Therefore it is very important for us that we now achieved three things: Office 365 is compliant with EU Model Clauses, Data Processing Agreements and ISO 27001 among other standards. Office 365 is the first and only major ...
Do We Really Want Privacy? By Roger Halbheer, on August 26th, 2010 I really love reading Kim Cameron’s Identity Weblog. Fairly often it is thought provoking…
He recently wrote about his experience with the new iPhone privacy policy: Apple giving out your iPhone fingerprints and location. He was one (probably of the very few) reading the privacy policy and found the following statement:
Collection and Use of Non-Personal Information
We also collect non-personal information – data in a form that does not permit direct association with any specific individual. We may collect, use, transfer, and disclose non-personal information for any purpose. The following are some examples of non-personal information that we collect and how we may use it:
- We may collect information such as occupation, language, zip code, area code, unique device identifier, location, and the time zone where an Apple product is used so that we can better understand customer behavior and improve our products, services, and advertising.
So, basically this says that they might collect everything from you, link it to your device identifier and do whatever they want with it. This is called “Privacy” policy.
What strikes me is, that a lot of people do not really see the challenges and risks behind this as this story shows: Non-Personal Information – like where you live?. If I know your device ID and if I have access to the location data of your device, how hard is it to find out who your are? Not really hard. You will be in certain locations more often than in others. In my case you could at least reduce it to four people living in the same household.
So, there is no such thing like “not being able to link a device ID to a person”. This is simply the price we seem to be willing to pay for our constant eagerness to get the coolest app and the best service. Does the consumer really care about privacy when he/she has to balance privacy vs. functionality? Unfortunately I think the more the less…
Roger
Related posts:
- Do you really want to move to the Cloud? Really?
- Virtual Keynotes – Do we always have to travel?
- A Detailed Analysis of an Attack – Do We Need an International Incident Sharing Database?
- How to circumvent Privacy Laws
- How we do IT: Direct Access
Leave a Reply
|
|
|
Your observation is not surprising. As technology evolves, this trade-off between privacy and functionality will continue. However, expecting (as some do) that we can ultimately come up with a technological fix that enables perfect privacy is both unrealistic and unhelpful.
Unhelpful because it is not privacy or the lack of it that is the problem. The problem is the ‘harm’ that may be done to me, you or anyone for that matter as a a result of privacy or the lack of it. It is the online asymmetry between my lack of privacy and your privacy that allows you to harm me with little or no consequence or vice versa.
It may be counter intuitive, but I come to think that less privacy, meaning an inability to act anonymously, is what’s necessary so that if someone does cause me harm I can apply civil and/or criminal laws in response. Right now the ability of some people to act anonymously actually encourages them to harm me because they believe the consequences are negligible. Full transparency, on the other hand, means there would be nowhere to hide from the consequences of your actions.
There will always be people who will want to do others harm. That’s why we invented laws, jurisprudence and jail time. However, the more private people believe they can be, the lower the perceived risk of operating inappropriately. FBI statistics point to a 2% conviction rate for cyber crime while overall online crime is rising exponentially. For many it seems the low online risk is something they are willing to accept. To counter this, people need to know that their actions can always be traced back to them, ie no privacy.
Hi Chris,
I partly agree, however only partly. Kaspersky’s view is that if we would have strong authentication for everybody, the problem is solved. However, the Internet has the great ability to act as a channel for people who would not be able to speak up otherwise. We have seen that happening in quite some places recently. Therefore I think we need to strike the balance here.
Roger