Privacy 2012: I know what you did at 3:30 a.m.

For a peek into what experts expect this year and beyond when it comes to privacy, we turn to the Rebecca Herold (aka the Privacy Professor) for answers.

2011 saw a number of significant privacy events. From Facebook and Google Plus dueling over privacy policies to concerns over what information your mobile phone actually knows about you. However, technology keeps moving forward, and privacy issues are sure to follow. For a peek into what experts expect in the year and years ahead when it comes to privacy, we turned to Rebecca Herold (aka the Privacy Professor) for answers.

Herold is an information security, privacy and compliance consultant, is currently working on her 12th published book, and has written dozens of book chapters and almost 200 articles on privacy and security.

CSOonline: With a spate of data dumps as a result of security breaches, many security and privacy issues arising from mobile and cloud computing, what do you think 2012 has in store when it comes to privacy? the Carrier IQ incident.

I think 2012 is going to be a lot like 2011. We'll see more attacks on businesses and government agencies stemming from online activism. Probably more legal concerns and battling over what privacy means in the age of cloud computing and social networking. And I think we're going to see more issues of mobile computing, along the lines of

The Carrier IQ situation had touched a real nerve with a lot of folks, beyond the normal crowds interested in privacy. There are a lot of people I have known all my life, relatives and parents of classmates from elementary school, and everyone in between. It is interesting because they are not techie at all, but many were asking what handset and mobile companies were learning about them and what could be done to stop it.

Another area that I think will get more attention is the privacy around smart grid. That is going to be an ongoing concern. And as more states and utilities are rolling out their smart meters, I think you're going to see a lot more states trying to pass more smart grid privacy laws.

CSOonline: Smart grid privacy is an interesting topic, though I'm not sure many people understand why it may be so important. They wonder "What's the big deal if they can see when my electricity usage spikes?" NIST Interagency Report 7628 that came out last year identified a lot of the privacy issues. From a high level, with regard to privacy, is the fact that, historically, you had to be a meter-reader coming to a house and to take a reading. All everyone else would see is a spinning wheel. It didn't tell you very much more than sometimes it spun faster and other times it spun slower.

Yes. That's very understandable. The

Now, with smart meters, the data is going directly to the utilities, many times by Wi-Fi. The fact that somebody driving by might pick it up, and from the data they could gather all sorts of information regarding the types of appliances you are using, where you are in the house, and so on. So there are many different privacy issues related to this. What if appliance manufacturers get this information? Are they going to start trying to sell a household their product to replace their inefficient one that they see you still have?

CSOonline: It sounds like it's possible to find out much about a person and their household from their power usage.

Yes, the impact is broad. Consider divorce settlements. Will it be possible to prove that your spouse or ex-spouse was doing something they should not have at 3:30 in the morning in the hot tub based upon your energy consumption record? With the private electric vehicles, are you going to be able to tell exactly where somebody was at any point in time based upon their charging records?

By looking at the utility bill, would you be able to see when someone was traveling and so on? Would home insurance companies, by knowing whether or not you are using an inefficient appliance, potentially deny you coverage because they could show that you were using appliances that were in violation of the home insurance policy?

Then there are employers. What if you had something personal happen, and you told your employer that you were sick, and you lose because they could tell from your PEV -- your electric vehicle charging records -- that you were actually out in Las Vegas doing stuff that day. The examples are just unlimited, and more and more people are having concerns.

The NISTIR 7628 was a start, and we listed a number of important issues, and that work is continuing. Expect more work products from the group coming out very soon.

CSOonline: Are there other areas where you see potential privacy flaps in 2012?

Social media is always a concern, and I think the integration of social media use by businesses and other organizations is going to continue to raise new privacy concerns. For instance, hospitals and physicians and other groups are promoting the use of social networking sites by physicians to help their patients, which, of course, sounds like a great idea. But then you dig into what happens, especially when the physicians do not know how to use the social network very well, information about their patients gets posted for the whole world to see.

Here's a recent, and shocking, example. A vendor that provides hospital systems had a type of authentication device. And they were encouraging the hospital staff to just use their Facebook passwords so they could automatically link their Facebook account with their system. And this device provided access into the patient care system! "It would make it really easy to manage," they said. So this connection of social networking devices to non-public systems like that will be another area that is going to see increasing numbers of privacy concerns.

George V. Hulme writes about security and technology from his home in Minneapolis. You can also find him tweeting about those topics on Twitter at @georgevhulme.

Insider: How a good CSO confronts inevitable bad news
Join the discussion
Be the first to comment on this article. Our Commenting Policies