Call 0845 485 1219
We love digital - Call and say hello - Mon - Fri, 9am - 5.30pm
by James Perrin on 3rd May 2011
The issue of online privacy and security has been hitting the headlines in recent weeks. The internet in general, smart phones and online gaming have come under scrutiny for playing their part in what is becoming known as the era of ‘steal everything’.
It’s become an all too familiar story in recent weeks. News is leaked of a security flaw with technology or that technology is being used to gather user information. Then a series of PR tricks ensue until we finally discover what’s been going on. However, as the media whip up a moral panic, I think it’s time to ask whether our privacy is being compromised?
Looking firstly at the security on the internet, websites and search engines, we can see that for some time criticism and scrutiny have been levelled at some major organisations. For example Google have found themselves in and out of court in Germany amid privacy concerns [See: Are Google trying to Appease the Germans?]. There have also been suggestions that the Google cars, which have merrily mapped the streets of the world, were apparently collecting personal data via unsecured wireless Internet networks.
Collecting data without the user’s knowledge is one thing. However, websites have also come under scrutiny, because they contain codes and cookies to find out what other sites have been visited. Furthermore, social networking sites also collect and reveal their users ‘likes’, ‘locations’ and ‘activities’. This is an entirely different issue, and something that should be differentiated from illicit/’accidental’ data gathering methods.
What is clear though is that a culture of surveillance is apparent. It’s all valuable data, and is useful too. For Internet security, the problem isn’t what they are gathering and why they are using it, as there are convincing arguments for this. It’s really down to educating the users so they are aware that the services and products they use can jeopardise their privacy. There are ways around this though, as @Impact_Alec discusses with his post: E-Privacy Directive on Cookies
Some organisations have taken a questionable approach to gathering data, for example news today has revealed that Google’s Korea office was visited by police after sources claimed they were illegally collecting data from users. There are growing worries about the methods deployed by Google, [See: Are Google Trying to Appease the Germans?] and the security of personal information as mobile devices such as smart phones become increasingly popular.
The most high profile concern regarding mobile phone security looks at Apple’s iPhone and the tracking of their users’ locations. This, if true, being an obvious breach of privacy; especially as users were unaware of it. But more worryingly it’s the fact their records are kept in an unencrypted form.
According to eMarketer, privacy and security when using Smartphones are major concerns. The same issues as with desktop computers (information security, privacy and being tracked) are applicable to smartphone users, especially in light of the recent controversy over the iPhone location tracking data.
However I think a line should be drawn between the collection of data, and the lack of security surrounding that data. For example, it’s not just the state and the corporations that want this information. We are entering an era of ‘steal everything’, as coined by David Emm, senior security researcher for Kaspersky Lab. Criminals who are technology savvy are just as focused at gaining this type of information, but instead of gathering it, they want to steal it.
Take the PlayStation Network debacle as an example – a huge company, collecting millions of users’ information, such as credit card and contact details, had their network hacked. News realised today reveals that another 25 million users, now totalling 77 million may have had their personal details stolen.
Security and usability do not go hand in hand, and so there is a trade off. So the question with this scenario is just how much data is actually needed? I mean, why do PlayStation users even share this information in the first place and why isn’t it fully encrypted? Well, it appears it’s not that easy if you want to use the latest technology.
Sony deliberately wants to make sure their users share this kind of information, not simply for the running of their service, but also for marketing purposes. This isn’t the issue; the issue is over how adequate Sony’s security measures are.
Regarding Online Gaming, a certain level of user data that should be entered, and it should be up to the user to provide consent if this information was to be used, just like with most marketing forms at the moment. It could be perceived that Sony and many other large corporations just want to get as much information as possible, to use as they wish, without backing it up with adequate security measures.
Before a mediated moral panic spills out, and all websites, Internet providers, search engines, smartphones, and online gaming technologies are painted with the same anti-privacy brush, I think a little bit of calm needs to be restored.
Gathering data, with the consent of users should never be compromised; it helps drive targeted adverts, provide personalised searches and generally makes things simpler, creating a better user experience. However as mentioned user experience and security is often traded off, which websites, search engines and smartphone users should be mindful of.
On the other hand, providing too much information, especially on networks that have weak security measures is a major concern. From here it is really down to corporations to make sure they get their security priorities in order and for users to think about compromising usability with security, before their privacy is compromised.