Monday, January 28, is Data Privacy Day, an internationally recognized 24 hours aimed at raising awareness and promoting best practices in the oft-shaky world of online security. As we "celebrate" this day, from social media and email accounts to personal and corporate security, privacy concerns seem more pointed than ever.
While the federal government continues to try to regulate the sector, the very nature of its process often puts it a step or two behind events in the real world. That leaves it up to the private sector - and us as individuals - to take charge of our online presence andprivacy. Unfortunately, the very structure of the Internet makes this an uphill battle.
Taking The Pulse
We're stuck in an era that security expert Bruce Schneier describes as digital feudalism, where people may be tethered to technology and online services that exploit them, often without their knowledge. And even when informed of potentially invasive practices, most people are too ingrained in their habits to do much about it. "We have to blindly trust that they will maintain our security," Schneier told ReadWrite in December.
"Privacy is not a luxury," adds Dan Kaminksy, noted security researcher and chief scientist at security firm DKH. "It's a core element of dignity. We've been willing to justify and allow too many things on the basis of 'well, what does it hurt?' Well, it hurts human dignity! And as it happens it's not a 'well, boo-hoo.'
"Apple phones were totally tracking your location all over the place," Kaminsky notes. "And the fix was 'OK, we'll have them only track it for a week.' Which is great until you realize they're still shipping all of the locations back to home base."
What You Can Do
If you really want to raise your security-IQ, there is one simple approach: Be aware of what services you sign up for, and actually read the privacy policies that govern them. Most people don't bother, and most sites make it difficult for those who do, with lengthy policies in dense legalese presented in tiny fonts.
Still, "People need to be aware of who they are giving their personal information to, why they are asking for that data, and how they can make sure that any other company only uses the data that they need," explains Shaun Dakin, the founder of Privacy Camp and the weekly Twitter privacy chat #PrivChat. "For most people Data Privacy Day should mean reviewing their Facebook Privacy settings... review each app and make sure you remember why you gave that app permission to access your personal data."
In that vein, digital identification service OneID's chief executive Alex Doll recommends people check the credentials to third-party websites that use their logins for social media sites.
"People, in their rush to adopt new tools, often forgot to look too deeply at how it really works, what (or) who is being trusted and what's happening with their data," Doll says. "Consumers either don't realize what using Facebook or Twitter login credentials for third-party websites actually mean or have simply given up, believing they have little control over their digital identities."
Some companies are trying to address the problem (others ironically noted for their questionable privacy practices like Facebook, Twitter, Google and AT&T are also championing Data Privacy Day). Most people don't want services like Google storing and tracking information based on their searches - 73% view it as invasion of privacy according to the Pew Research Center. One company, DuckDuckGo has created a site called FixTracking.com to detail search tracking methods and how to avoid them.
Virtual private network (VPN) services like HotspotShield can help make Web browsing more anonymous. David Gorodyansky, the chief executive of HotspotShield's parent company, AnchorFree, says awareness, mobility, and the cloud are the biggest issues facing privacy. "With constantly changing privacy settings, increasing use of mobile devices and the proliferation of shared Wi-Fi networks, how do you control the information you broadcast about yourself online," he asks. "We've been successful because savvy users want access to free tools that can help them protect their online privacy, security and freedom of access. But the general awareness of the need for protection is still extremely low."
In a world where even the director of the CIA has to worry about online privacy, we need help from our lawmakers. Today, EPIC, the Electronic Privacy Information Center - along with the The Electronic Frontier Foundation and others - is urging Secretary of State Hillary Clinton to begin the process of ratifying the Council of Europe Convention on Privacy. "January 28 also marks the day that EPIC, in 2010, urged the U.S. to sign on to the Council of Europe Privacy Convention," explained Marc Rotenberg, EPIC's executive director.
EPIC also named a privacy champion: Max Schrems, the Austrian privacy advocate and organizer of the site Europe v. Facebook. His efforts to obtain his personal data collected by Facebook inspired more than 40,000 global users to make similar access requests.
All of these efforts share one key element: They're all about getting people to pay attention - careful attention - to the issue.
"When I think about privacy, I think of a profoundly legitimate demand leading to a value that has been out of the public ability to discuss for far too long," Kaminsky says. "There's so many fronts to privacy and dignity in general, that when anything is found - good, bad, or indifferent - it gets this enormous amount of publicity, and nobody stops to say wait, is this particular thing real?"