GDPR

If You Want More Privacy, Stay Off The Internet

That may seem like an aggressive statement, but the only way you will ever get the privacy you want is if you don’t put anything out there. No mobile phone, no email, no Facebook, no Twitter, and no browsing. Nothing. Shop at brick-and-mortar, do your banking in person, and if you want to talk to someone, call from a land-line. Maybe you can write them a letter, if you can trust the Post Office.

As I have already said in a number of posts, if you want ANY of the convenience that your mobile phone or the Internet provides, you pay a price in loss of personal privacy. Did you really think it was free? Or worse, do you actually EXPECT it to be free? You want all the benefits and none of the downside?

We have an expectation that it’s the government’s responsibilities to protect its citizens, from either external aggressors, or internal threats. How do you expect them to do that if they don’t at least TRY to do the same things the bad guys do? It’s called testing. As far as I am concerned, they can take whatever data of mine they like, as long as they do nothing with it other than work out how to plug the holes.

And if you’re worried that the government might use your data against you, what exactly are you doing?

Should there be more oversight? More transparency? Probably, but do you WANT to let the bad guys know how we’re catching them?

Question: Whom would you rather find a cancerous tumor in your body, a doctor, or a coroner? The doctor will be every bit as invasive, but will do so to save your life. You trust them, right?

OK, so that’s a little dramatic, and the other side of the analogy is excessive, but I think it makes the point. I WANT the government to find the holes before the bad guys do, because the bad guys have no rules whatsoever. They will steal from you, ruin your life, or whatever takes their fancy, and then not give you another thought unless it’s to laugh about how you made things so easy for them.

Businesses hire ‘bad guys’ all the time to test their systems, they are called ethical hackers. Same mind-set as a bad guy with one twist; they are there to help fix the problem, not exploit it.

Was Prism so different? They have no choice BUT to sift through everyone else’s data to find the ones who are doing bad things. Can you think of a better way of doing it? Seriously, if you can, I’d love to hear it, it will have far-reaching impact on the way security professionals think / work and should be heard.

It’s fairly clear which side I’m on, and this really is a issue with only 2 sides; for, and against the monitoring our private information. What’s needed now is a guest post from someone who is on the other side of the fence, maybe even a lawyer, and that’s all I can tell you about them or they’ll beat me up.

Let the debate begin!!

[If you liked this article, please share! Want more like it, subscribe!]

Prism

Prism is OUR Fault …Mostly

Humans as an entire species are never going to agree 100% on anything, ever.  I don’t care if it’s religion, politics, privacy, or margarine over butter.  There will ALWAYS be people on either side of every fence.  Try to imagine the worst thing in the world, and there will be someone out there doing it, or cheering on those who do.

At best, we can come to a majority agreement, but that will only ever be regionalised by either geographic location, or racial beliefs and bias.

So why has Prism caused such a stir?  Are you actually surprised this was going on? There are those who want access to data, and those who want to protect it.  There are those who want to use the data for the common good, and those who want to use it for their own profit, or worse.  And “Some men just want to watch the world burn.”

I’m not overly interested in your opinion, just as you’re not overly interested in mine.  I’m OK with that.  The only time we have an interest in this stuff is either when people totally agree with us, or – in our arrogance – we feel like trying to change the opinions of others.  Like we’re the ones who are right.

In the end, the bad guys (in whatever form ‘bad’ is for you) only have access to what we gave them.  An exception to that rule is when an organisation loses stuff they should be protecting.  Like in a breach for example.  Preventing this from happening is what I, and many others, have devoted our careers to, but the most we can ever achieve is a slight reduction in the risk to your privacy, and possibly some form of compensation for you if your privacy is lost.

Yes they should protect data, and should be liable for not doing so, but if a thief wants it, it’s gone.

While you have every right to expect privacy, and I agree with the laws and regulations supporting that privacy, you cannot EXPECT privacy given the bad elements.  Analogy; the law protects me against being mugged, but I don’t put myself in places or situations where mugging is more likely.  I may be the victim, and have all the rights of the victim, but I’m still missing my wallet.

This will not apply to the Prism case, where there will be no class action suit against the government, and whatever smoke and mirrors they come up with to reassure you that it will never happen again, it’s just that, smoke and mirrors.

The key to your personal privacy has always, and will always, rest with you.  You are responsible for your data, and whinging about governmental abuse of power is not going to change the fact that you posted stuff on FB, you took inappropriate pictures, and YOU chose to share your bank account details to an online provider of services etc.

Do I think the NSA was right in what they did, or if that moron Edward Snowden was right in what HE did?  That’s irrelevant, because I have nothing online in any form that would embarrass me if it were revealed, or unprotected (by deferred lability) if it was stolen.

Can you say the same?

[If you liked this article, please share! Want more like it, subscribe!]