3 privacy violations you shouldn't worry about
Real privacy invasions abound, but people are freaking out about three so-called privacy violations that simply aren't
Computerworld - In the past few years, the public has been confronted with hitherto unimaginable levels of personal privacy invasions.
We've learned that the NSA has been aggressively scooping up phone metadata and even building a giant data center in Utah called "Bumblehive" for the purpose of recording every phone call and much more. The facility is so massive that it will be able to store a yottabyte of surveillance data -- an amount of data so large you may not have heard of the number before. (A yottabyte is 1 trillion terabytes.)
And we learned this month that a flaw called Heartbleed in the security layer of two-thirds of all encrypted websites potentially puts all of our information at risk of being exposed -- and that includes our passwords and even our encryption certificates.
And we just learned this week that the FBI's face-recognition database is on an incredible growth spurt. The database contained 13.6 million images last summer and is on track to contain 52 million by next year. The database links faces to names, addresses, phone numbers and other personal data. Law enforcement agencies will be able to take pictures from store security systems or ATMs -- or any photo -- and run it through the database and know exactly who you are. The FBI's own documents show that millions of these images have nothing to do with crimes or criminals.
So the people who are worried about threats to their privacy are justified in their anxiety.
The trouble is, far too many people are freaked out about the wrong things.
I'm going to give you examples of three technologies that are regarded as threats to our privacy -- technologies that a great many people seem to be vexed about, but only because of muddled or misinformed thinking -- and then I'm going to spell out why they're nothing to worry about.
Here they are:
1. Apple iBeacon
Apple's iBeacon, also known as "indoor GPS," is designed to provide very accurate information about a user's location, indoors or outdoors, for a variety of purposes. Apple, for example, uses iBeacon with its Apple Store app. If you're standing in the iPad section, it can pop up information and promotions for iPads.
Museums are using iBeacon for guided tours via smartphone. Stadiums are using iBeacon to tell people stuck in long beer lines where they can find a shorter line. And, of course, department stores are using it to promote products and provide customer information and customer service.
Beacon technology in general, and Apple's iBeacon in particular, doesn't get the attention and mindshare that it deserves. It's a transformative idea that will change everything. But to the extent that people do pay attention, they tend to oppose it as yet another encroachment upon our personal privacy.
The unexamined myth about iBeacon is that it senses the presence of your smartphone, from which it learns your identity, then records or transmits this information to who knows where.
But that's not how iBeacon, or any beacon technology, works. The systems work with low-cost, low-power beacons that are placed at specific locations and use Bluetooth LE to broadcast identifiers over short distances.
Here's why it's not the privacy invasion people think it is: Beacons can't receive data; they can only send data.
If the user has voluntarily downloaded and installed an iBeacon-supporting app (on either iOS or Android, by the way), and has granted permission for the app to interact with beacons, then the phone will receive the beacon data and the app can do things with that information.
As an oversimplified example, a beacon at Macy's department store might sit there and transmit data that essentially says: "Hi, this is Macy's beacon No. 13." If the Macy's app receives that information, it will learn both the beacon's location and the distance between the phone and the beacon. The creators of that app know where Macy's beacon No. 13 is in the store. And the app could, of course, relay this location information to a remote server.
It's an important distinction to understand that the smartphone is perceiving the beacon, not the other way around. It's the smartphone connecting with the outside world, not the beacon tracking the user's phone. It's the user who controls this activity, not the beacon or the store that installed the beacon.
A real privacy violation is a situation where you're not in control. But with iBeacon systems, you are in control of your own participation with the application.
Besides, the knowledge that you're in the shoe department at Macy's isn't significantly more of a privacy violation than the knowledge that you're at Macy's generally -- information that is already being collected by, at a minimum, your wireless carrier.
2. Gmail scanning
Google this week updated its terms of service to clarify the longstanding practice of scanning Gmail messages in order to provide customized advertising. The new document is Google's attempt to satisfy critics -- and Judge Lucy H. Koh, who told Google that its terms of service and privacy policies weren't explicit enough.
The idea that specific messages in Gmail may be accompanied by ads that reflect the content of those messages can freak people out.
Say you're planning a camping trip with a friend via email, and right next to your message is an ad for tents and sleeping bags. You might say, "Google is reading my email!"
Microsoft capitalized on this hysteria in its "Scroogled" marketing campaign. "Don't Get Scroogled by Gmail," Microsoft declared, boasting that its Outlook email doesn't scan messages for the purpose of delivering custom ads. (The company may have canceled the "Scroogled" campaign this week.)
- NSA defends collecting data from U.S. residents not suspected of terrorist activities
- Groups fear bill would allow free flow of data between private sector and NSA
- Google's move into home automation means even less privacy
- Bill to require warrant for email searches gains ground in House
- Coming soon to a fridge near you -- targeted ads
- Snowden leaks prompt tech firms to tout privacy, transparency policies
- License reader lawsuit can be heard, appeals court rules
- Is EU's 'right to be forgotten' really the 'right to edit the truth'?
- Tails 1.0: A bootable Linux distro that protects your privacy
- Privacy jitters derail controversial K-12 big data initiative
- Combating Identity Theft in a Mobile, Social World Offering identity theft protection and remediation allows businesses to give their workforce the confidence to efficiently engage while bringing financial reward to the...
- After a Breach: Managing Identity Theft Effectively This white paper from LifeLock Business Solutions notes that FIs in addition to managing fraud should strive to turn a negative event for...
- Combating Identity Fraud in a Virtual World This slide presentation reveals findings from the Javelin Strategy & Research 2012 Identity Fraud Report about mobile and social trends, the real risks...
- Cloud Computing Drives IT and Business Agility Hybrid Cloud Accelerates Time to Value What is the main focus for IT in your organization - cost or agility? Many IT discussions today focus on cost controls rather...
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now
- Cloud BI in Action: Recorded Webinar of Customer, Kony, Inc. See how Kony, Inc., a leading enterprise mobility company, is using TIBCO Jaspersoft for Amazon Web Services and Redshift to achieve embedded analytics... All Privacy White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!