Cyber Security
"According to the 2015 Pew' survey, few individuals would appear to do anything tangible to protect their Cyber Privacy. For instance, very few individuals would have adopted effective privacy protection measures such as encryption of their
Are we doing much with the options we have? According to the 2015 Pew' survey, few individuals would appear to do anything tangible to protect their Cyber Privacy. For instance, very few individuals would have adopted effective privacy protection measures such as encryption of their communications, hereby accepting - if not ignoring - the risk of compromise of their private communications and data.
communications..."
How achievable is it to attain enough Cyber Privacy?
corporate data. Such a privilege is increasingly subject to the deployment and operation of enterprise security agents on personal devices. For instance, I recently had 2 enterprise mobile security agents deployed on my personal mobile phone as an enforced security requirement to my enjoyment of work email and calendar access from my device. My knowledge of what those agents were doing on my device, what personal data they might be capturing and what they were doing with it was rather limited. We can also appreciate a level of trade-off for state and citizens' security purposes. However, the extent to which we can and do really appreciate the privacy risks we are trading-off with is really questionable.
The Pew survey partly answers why we may not do much about better managing our privacy risks. The report refers to the following quote from some information scholars, which may well summarise the high *cost* of attaining privacy: “privacy is not something one can simply ‘have,’ but rather is something people seek to ‘achieve’ through an ongoing process of negotiation of all the ways that information flows across different contexts in daily life”. The referred ongoing process of negotiation may imply a high effort of discipline to achieve better privacy and it may simply be too hard to do to achieve great cyber privacy. We are clearly concerned about our online privacy, but we don't do much about it. We trade-off privacy for the sake of convenience, opportunity and security without measuring the implications of it. Technology options exist to better manage some privacy risks, but we also don't use them much (too hard) and they are themselves the subject of risks. The focus and the development of cyber safety education programs may however provide the best opportunity for improvement longer term, especially as they start with young children. Such programs may provide the key to achieving, in time, enough Cyber Privacy.
What do we do about our Cyber Privacy? There are options to improve the security of personal data and communications. For a start, personal data management practices can be improved through education and the application of further caution online about privacy. For example, in Australia, we can highlight the program ThinkUKnow, which is oriented toward children cyber safety, as one of the great initiatives sponsored by the Government and industry partners. Such programs are growing and I hope will change behaviours over time. Technology is also available to reduce some privacy risks, such as for example (amongst many): • VPNs for private web-browsing (a myriad of service providers, but which to trust?), • Anonymous web browsers, such as the TOR browser, • Encryption toolkits such as PGP to protect communications such as emails, • Applications to secure mobile communications, such as Wickr and WhatsApp (both of which have been reported to be used by leading Australian political figures), Signal, and ChatSecure just to name a few, • Applications positioning a more identity centric view of privacy, such as SudoApp. While some of those options appear to be growing in popularity, they are not of widespread use. They are also the subject of a relative privacy protection due to technology vulnerabilities and also the increasing pressure from some
38 | Australian Security Magazine
law and intelligence agencies to tap into those technologies, sometimes through backdoors that would also present a risk of exploitation by malicious parties.
About the Author Gui is a Cyber Security Advisor who delivers businessfocused Cyber Security and Technology services. He is passionate about the issues of Security & Privacy, and the process to address them in both business and personal contexts. As the General Manager for Pirean in Australia & New-Zealand, Gui leads Pirean’s business development in the region with Identity and Access Management technology and services.