Cybersecurity Awareness: Forgotten

No small irony that the same time we are dealing with the exposure of hundreds of thousands of private, supposedly “disappeared” Snapchat photos is the time that Europeans have chosen to begin exercising their “Right to be Forgotten”. And of course, let us not forget the iCloud celebrity nude selfie debacle. Where to begin…

The Snapchat episode, apparently resulting from a hack against a third party web site that stored Snapchat photos, is the most egregious. Not only does the SnapChat teenage demographic raise issues of child pornography, the entire service is designed around a promise to protect privacy by deleting information before it gets loose in the wild. Use of a variety of mechanisms to defeat that deletion process, including the current offending SnapSaved.com site (since taken down), indicate the extent to which we have become conflicted about privacy. Of course use of the service for underage sexting indicates the extent to which we have also failed to educate school kids in basic cyber-citizenry. While Snapchat was not directly responsible for this event, they also were hacked in January, resulting in a significant compromise of account information.

Some reports indicate the hackers in this event were the same ones behind the celebrity selfie breach, although that attribution seems rather vague. It is encouraging that the celebrity episode finally generated some significant public push-back against the hackers, with a strong sentiment that people should have the right to privacy of their information regardless of content or the physical storage location. Seems as though it shouldn’t be too hard for service and app providers to implement something like that.

One issue in public use of the internet is that people have lost track (or, never knew) where and how their information is stored. The old paradigm that my information is stored on my physical hard drive in my physical location has long since been blurred beyond recognition. The result is that people cling to old notions of privacy and security when the reality is that personal information is routinely and transparently stored in some indeterminate external location (you know…the cloud), by companies whose top priority is not protection of privacy.

Maybe the Europeans have it right. In May, a European Court ruled in favor of the Right to be Forgotten, meaning the right to request that links to some types of personal information be deleted. Last week Google reported some preliminary numbers, including 150,000 requests (about 1,000 per day) and agreement to remove about 40% of the requests, totaling 500,000 links. To be sure, the process is expensive and controversial, including charges of censorship and subjectivity. But, it is the first real law that clearly returns some control over content to the individual. Sadly, it will never be perfect or perfectly implemented. Far better if we could just figure out going forward how to draw a firm, clear line between information that is private and the rest, and make Google and Snapchat and everyone else legally responsible and liable to protect the private information.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s