The death of privacy
Ireland's Data Protection Commissioner Billy Hawkes
A better understanding of privacy is required at all levels of society, writes John Kennedy. He warns that 21st-century technology will stretch the limits and our notions of privacy.
Most civilised people would know that at its most basic level privacy means affording others the right to be left alone.
But in the past decade and over the next 10 years our notions of privacy and what constitutes privacy and safety will have become so distorted that the time is now to debate what it really means.
On the one hand hundreds of millions of people – including more than 45pc of the Irish population – are on social networking sites like Facebook, sharing our photos and videos via apps like Instagram and Viddy, and we let the world know when we’re going on holidays via Twitter.
Yet we will recoil in horror if it was suggested our private data is used by businesses or governments intent on knowing what we are doing, or if burglars or other criminals use these bits of information to steal from us.
That is the conundrum we find ourselves at in 2012.
Every year, Ireland’s Data Protection Commissioner publishes an annual report and every year a who’s who of popular brand names is on that list for marketing offences alone. In 2011, the number of complaints by Irish citizens reached an historic high.
Debating digital rights
At a Digital Rights Forum debate last Friday at the Science Gallery, it was clear to all who attended that Ireland’s Data Protection Commission (DPC) is doing a diligent job in the face of challenges on a scale few other bodies with a similar responsibilities have to face.
For one thing, the DPC, headed by Billy Hawkes, is in the unusual position of having to police data protection of not only Irish citizens but citizens across the world. This is thanks to the presence of the international headquarters of some of the biggest internet companies in the world in Ireland, such as Google, Twitter and Facebook.
Last year’s privacy audit of Facebook that arose from 22 complaints lodged by Austrian lobby group Europe Versus Facebook sucked up 25pc of the DPC’s resources alone. In December, the DPC and Facebook agreed to 'best practice' improvements to be implemented over six months, with a formal review happening in July 2012.
Despite the diligence with which the DPC will perform its job, you can’t help but worry about the scale of the threat facing ordinary people, from intrusive marketing to online scams.
Commissioner Billy Hawkes said the relationship with Facebook is ongoing and will evolve in the post-IPO environment and as it develops new products and complies with new European laws.
“If you multiply that against other internet players with their European presence in Ireland, we do have a massive job on our hands, and we have to deal with the things that ordinary Irish people are concerned about, such as employers, schools, etc.”
Hawkes said that across Europe concerns about social networking rate higher among ordinary people. “Asked last year who was responsible for protecting their privacy in relation to social networks, 65pc of Irish people replied ‘I am’, whereas the figure was lower across Europe. So Irish users are among the world’s biggest users of social media yet believe they alone are responsible for their privacy settings. Elsewhere in Europe, people look to the regulators.”
Boards.ie founder Tom Murphy said that protection of privacy begins with the ordinary citizen. “Will it take security cameras right outside your front door? How far are you willing to go to subvert your own freedoms before society can operate in a safe fashion?
“This is something that hasn’t been addressed and is being forced on us and is going to cause tension.
“A much deeper question is how far are we willing to go to allow companies, corporates, governments and each other invade our privacy in order to secure society for ourselves?”
Murphy pointed out to Hawkes that it is arguable that not only are ordinary citizens threatened by snooping and intrusive marketing by private organisations but that instruments of State in Ireland may also be guilty of privacy breaches.
Several years ago, lottery winner Dolores O’Mahony was the victim of cyber snooping when social welfare officers were accused of looking through her files and selling the information on to the newspapers. In the UK, more than 1,000 civil servants were disciplined last year for accessing social security records.
Among Irish businesses, an Amárach study revealed one in 10 Irish employees admit to having taken the contact list from their previous job.
Murphy said: “Hasn’t Ireland’s Government just created the largest smash and grab on data in taking ESB data to use it for a purpose it was never intended – the household charge? That to me seems to be a blatant and gross breach of data protection.”
Hawkes agreed that in his view the move was a breach of data protection principles because people who signed up for ESB or Bord Gáis didn’t expect their data to be used to get them to pay a household charge.
“Ultimately that decision came down to the Oireachtas and it being written into a law that the State can access that data.”
Hawkes said he wasn’t consulted on the move and had to insist on a protocol whereby the only the minimum amount of information such as name and address could be accessed.
Murphy warned it is one thing to try and enforce laws against corporations and fine them and have different rules for government. “Somehow they are the very people I do want to protect my data against and they have shown disdain for it.”
Online threats to privacy
THE CONNECTED WORLD – WHERE SOMEONE IS ALWAYS WATCHING
- 900m: Number of people on Facebook – if it were a country, it would be the third biggest in the world
- 35pc: Percentage of traffic on Twitter capable of delivering virus downloads
- 1,000: The number of UK civil servants disciplined last year for snooping on citizens
- 10pc: Of Irish employees admit to stealing contact databases from former employers
Paul C Dwyer, a cyber security expert who works with law enforcement agencies and the International Cyber Threat Taskforce, told the debate that ordinary people are lambs to the slaughter in the face of some of the privacy threats we increasingly face online.
“As humans we are social – we like to chat, communicate, but the bottom line is we have a basic human right to be left alone and not to be contacted if we don’t want to be contacted.
“I’m a particular fan of social media. I use it a lot, but it effectively comes with risk and challenges. On Facebook alone there are more than 900m users, some 300m photos a day are uploaded onto Facebook. It has people speaking 70 different languages and some 30m apps are activated every day.
“A lot of them are crimeware and they want to steal from you. Information about you has an intrinsic value.”
Dwyer said that there are 500m mobile users of Facebook alone and this is increasing exponentially. “Criminals go where the people go. Facebook is essentially the third-biggest country in the world.”
Smartphones at risk
Dwyer warned that smartphones, in particular, present a serious risk to privacy and safety. “The average Angry Birds game on an iPhone sends 650 requests to a mobile network every hour. The same game on an Android phone sends 2,500 or so requests. Why? Because it is taking down ads and chewing up your data service and bandwidth.”
More dangerous, Dwyer said, are the type of apps out there that are free. “Targeted at certain demographics these apps are used to sell location details of children to paedophiles and this was for sale within free games. It’s an uncomfortable subject but this is happening.
“Every single piece of information about you has value to the bad guys.”
He said smartphones are in effect mini computers and malicious code is being inserted into text messages and free games. “The dangers are that you could get stuck with a child porn infection on your device or fall victim to SMS fraud. Some 35pc of traffic on Twitter is capable of causing virus downloads, according to Irish company Adaptive Mobile.”
Into the future Dwyer warned that the threats to privacy won’t just come from cyber-criminals but from legitimate organisations based on what we ourselves share.
In the US this year, there was outrage when people in job interviews and in schools were asked to hand over their Facebook passwords. Dwyer said that in the future and with the arrival of the semantic web and linkable data there is a danger that insurance companies may be able to find out if applicants had done a search for keywords like cancer stretching back 15 years.
“The internet should be free for people to use but as (world wide web inventor) Tim Berners-Lee and others point out, it is only at its starting point. The internet is humanity connected but it’s also a benign monster. Hopefully we can control that monster without controlling people online.”