‘Privacy is dead!’
This seems to be what we are continually told these days. Whether it is completely dead is questionable of course. It has certain taken some strong body blows over the last few decades; some of these unexpected and some that were essentially self inflicted.
The concept of privacy as we know it today has been around for some time. It can be traced back to an 1890 article in the Harvard Law review (‘The right to privacy’, Warren and Brandeis, 1890)
At that time, the essay cited political, social and economic changes at the time that led to a recognition of privacy as being the right to be left along. Since then, privacy has become generally universally recognised, if not universally practiced. From privacy policies for most websites and companies through to inclusion in the United Nations Universal Declaration of Human Rights.
This article is by EFA member, Daryl Sheppard.
How private are you?
According to Dr Alan Westin’s Privacy Segmentation Index [PDF], individuals can be classified into three categories:
Privacy Fundamentalist (Why do you need to know that? I’m not telling you that!). These are individuals who basically don’t trust any organisation that asks for personal information. They are worried about that happens to that information, how accurate it is and who can gain access to it. People in this category are strongly in favour of new laws and regulations governing all aspects of privacy.
Privacy Pragmatist (Not happy about it really, but I’ve assessed the risk and I think it is minor so here you go). These are individuals who weigh the benefits to them in terms of services provided by an organisation versus the increased risk of privacy intrusion in relation to the information being handed over. For people in this group they will usually weigh the risks and consequences on each occasion.
Privacy Unconcerned (Here, take my information!). These are individuals who trust organisations collecting the personal information and are ready to forgo most or all privacy claims for the benefits the organisation will bring them.
I suspect most people will fit into different areas along the spectrum of fundamentalist through to unconcerned at different times and for different things. Even the supposedly unconcerned Millennials who live on social media will draw the line somewhere (hopefully!).
Can’t see the problem?
Privacy used to be simple to manage. If you had information that you considered private, you simply kept it to yourself or only shared it with people you wanted to. If the information was contained in a document, you kept it locked away in an appropriately secured box or safe.
Today’s world we live in is a little more complex. Your private information is more likely to be electronic rather than physical documents or photographs etc. The act of sharing this information is no longer face to face or person to person. It will use intermediaries such as email, social media, file-sharing, instant messages etc. All these services make use of some form of cloud storage that is accessible not only by the person you intended to receive the information, but also to potentially any of the following groups.
- System administrators responsible for maintaining the infrastructure of the system you are using
- Third party service organisations who may be involved in supply of infrastructure to the service you are using
- Government entities of any of the countries that your data may reside in or pass through
- Malicious attackers who try to exfiltrate all data they can obtain from the service you are using
- Malicious attackers who are trying to exfiltrate your specific information
Along Comes Social Media
Just when you think it can’t get any worse, social media comes onto the scene. Social media organisations such as Facebook, Twitter and the like use personal information as an asset. The more you share the more valuable you are to them as their product.
While involvement in these sites is option, it can become difficult to avoid with many social groups and businesses moving to the platform to promote and share their information. For example, in some industries the traditional CV is now taking second place to the LinkedIn profile as a way or recruiters to find new hires for their companies.
Privacy Self Check
While the above paints a somewhat concerning picture of the safety of digital information, there are some protects of course.
Most companies will have policy and procedures relating to privacy of the information they collect. All Australian-based businesses are required to comply with the Privacy Act as well as the Australian Privacy Principles (APPs). The Office of the Australian Information Commissioner also has advice and a mechanism where you can raise a complaint against companies that you believe have not met their responsibilities in the protection of your information.
Additionally, all companies should have in place procedures to deal with data exfiltration from malicious attackers. For the most part, there is usually enough information available for you to make a ‘privacy pragmatic’ decision about what you do with your private information.
In terms of social media, both Twitter and Facebook offer you tools to allow you to do a privacy check on exactly what type of information you are sharing.
Hidden (well, not necessarily apparent) in the settings is the ability for you to download everything you have shared on Facebook. This will allow you to critically review what your profile says about you and allow you to remove anything that you feel is not appropriate to share. While all users generally make a conscience decision about what they share, if you have had your profile active for a number of years, the information you shared at 16 may no longer be something your 26 year old self wants to have available. Particularly to potential employers who are starting to examine social media accounts belonging to their applicants.
To download your profile:
- Click the downward pointing triangle at the top right of your Facebook page and select settings
- Click Download a copy of your Facebook data at the bottom of General Account Settings
- Click Start My Archive
Depending how long you have had your account and how much you generally post to it, this may take some time. The end result of this process will be a zip file containing a hyperlinked collection of all your posts, images and comments that you have shared all in a single spot.
Just like Facebook, the same can be achieved with Twitter accounts:
- Go to you account settings by clicking on the profile icon at the top right of your Twitter page and select Settings from the drop down menu
- Click Request your archive
- Once the archive is ready, an email will be sent to you with the download link to the address associated with your account
- The download will contain a zip file with a hyperlinked copy of all your Twitter postings
As with Facebook, depending up how long you have had your account and how much you use it, the archive may take some time to compile.
Additional Twitter Tool
A tool developed by the Max Planck Institute for Software Systems allows you to take a bit more of a deep dive into your account and does some further analysis of your Twitter account as well as what other tweets have been made that can be associated with you (e.g. another account retweets you).
Note that this is a third party API tool that doesn’t belong to Twitter and will require you to log in. While the organisation would appear reputable and the use of the Twitter API is governed by Twitter, you will be entering your credentials into a third-party site. I would advise ensuring you are comfortable with the potential risks before using this tool.