Editor's note: Tomorrow, we continue this report with a podcast featuring Chicago-based business consultant Mark Cummuta, who specializes in compliance, security and CIO challenges.
Privacy has long been seen as a basic, sacred right. But in the Web 2.0 world, where the average user is addicted to Google apps, GPS devices, their BlackBerry or iPhone, and such social networking sites as Facebook and Twitter, that right is slowly and willingly being chipped away. In fact, some security experts believe it's gone already.
Adding to this sobering reality is that public and private entities have a growing array of tools to track our movements, habits and choices. RFID tags are on more of the items we take for granted. Those discount cards you use at the grocery store offer companies an excellent snapshot of the choices you make. And in the post 9-11 world, the government has greatly expanded its power to spy on you with such laws as The Patriot Act.
- Facebook, Twitter, LinkedIn: Security Pros Warm to Web 2.0 Access
- Slapped in the Facebook: Social Networking Dangers Exposed
- Four Questions On Google App Security
- The 5 Myths of RFID
"Your credit card company and your loyalty card program memberships track your purchases, travels, expenditure levels, and blend that into offers that meet your lifestyle profile," said John Zurawski, vice president of Authentify Inc. "Firms sell GPS devices specifically to be hidden in vehicles permitting anyone to track your movements. The RFID Tollway passes states offer to speed you through their toll roads know where you've been and how fast you drove."
Based on an informal survey of privacy and security experts, here are six examples of how we've willingly allowed our privacy to be taken away, and how we might be able to get some of it back. 1. Google
Google apps such as Gmail and Google calendar allow individuals and organizations to bring order to the hectic process of scheduling and communicating. But when you input company agenda items into the applications along with other proprietary information and potentially embarrassing things like an upcoming doctor's appointment, you're giving up privacy to Google, said Chicago-based business consultant Mark Cummuta, who specializes in compliance, security and CIO challenges.
"When Google first started, it said it would only use that information internally, to get a sense of the things you like and talk about," he said. "All that information used to be gathered in a way where you explicitly gave permission, through things like surveys. But Google can easily poke around without seeking permission, and they don't explain to you how they know what they know."
2. Social networking
It's getting increasingly harder NOT to find someone on LinkedIn, Facebook, Twitter or all of the above. Then there's Myspace and a lot of lesser-known social networking sites. If you use these programs -- and you probably do -- chances are pretty good that you give up a lot of your privacy every day, willingly and even happily. Security experts have spent a lot of time ringing the alarm bell over this lately, because bad people can easily take the personal tidbits you post and use it against you, for everything from marketing to blackmail.
"Privacy is evaporating because Facebook, Myspace, Twitter and blogs are raising a generation of kids and adults who have no concept of privacy or the ability to truly understand that nothing digital is ever forgotten or destroyed," said Raj Goel, owner of security compliance consultancy Brainlink International Inc. "Ten years from now, kids will be Googling their mommy's spring break pictures and their daddy's Facebook profile, if they don't do so already."
3. RFID tags and loyalty cards
In this fast-paced world, people use special transponders to blow through highway toll stations without stopping and pay for gas without having to swipe a credit card. Then there are those cards you present at the grocery store for discounts. All have technology that can be used to track your movements and habits, right down to the time of day you typically go through a toll plaza each morning on the drive to work.
"Let's add RFID chips, the Real ID Act and the PASS Act to the list as well. How about chips in passports? We're lulled into a false sense of security and people aren't realizing that they are simply giving those rights to privacy away," said Julie Davis Friend, president of Gemstone Partners, a firm that advises organizations on issues surrounding identity theft and new legal requirements."
4. The Patriot Act Eight Years After 9-11: Better Security or Just Luck?] Many a security expert will argue that the law did indeed improve our safety and prevent more attacks. In other words, enacting it was the right thing to do. But it's also universally accepted that civil liberties were eroded under the law.
Given all the debate about the evils of The Patriot Act and how it gave the government a ridiculous amount of power to spy on people, we often forget that citizens were perfectly comfortable giving away privacy in the immediate aftermath of 9-11, when people were consumed with the desire to stop the next terrorist attack from happening. [See also:
Notes Zurawski: "The Patriot Act granted broad powers to law enforcement to enter your home with 'probable cause' and no warrant."
GPS navigation used to be a luxury item. Now most of us use the technology. It's relatively inexpensive to buy a GPS device that's bolted to the dashboard. Higher-end cars come with built-in GPS. And there are plenty of free navigation apps available for the BlackBerry and iPhone. The flip side to fewer people getting lost is that the providers of those systems can track your whereabouts without breaking a sweat.
6. The Kindle
Here's one you may not have seen coming. The increasingly popular Kindle allows us to tear through books on the go. But the device also "keeps track of what you read, how quickly you read it, what you may have read over several times, and can delete content you've paid for without your knowledge should it become 'necessary,'" Zurawski said.
Getting back some privacy
The good news in all of this is that there are steps people can take to protect more of their privacy. Educating younger folks on what they are giving away is a good place to start, those polled said. Businesses should steer clear of something like Gmail if they have sensitive data to send someone. And consumers can demand that government agencies crack down on the privacy-stealing practices of private-sector companies.
"The FTC could take on Facebook, Myspace and other sites that target kids the same way they expanded HIPAA's scope and brought online health care databases under their purview," Goel said. "When my goverment grows up, I want them to be the FTC -- the only national agency that's done anything meaningful about consumer privacy and security in the past decade."