Fire and Ice    


News media sunk their teeth into two major stories in January: record-low temperatures in the U.S. and data breaches suffered by several popular retailers. Local and national producers are sending crews out into the super deep freeze to report on the impact of what meteorologists have coined the Polar Vortex. At the same time, these reporters are exploring the fallout from what some security experts are calling a much-needed wake-up call for consumers.

 

 

  

Until Target, Neiman Marcus and now Michaels were hacked, Americans were generally not too concerned by news of a data breach. Now it seems, the incidents have finally gotten the attention they warrant, causing consumers to question businesses and their financial institutions about their security practices. It's a welcome interest, and I know I join many of my colleagues in being excited about the potential of this new-found consumer curiosity. We will continue to push for consumers to ask tough questions and to then take action to protect themselves in today's "Internet of Things."  

 

Read on for a definition of that term, as well as for some tips and trends keeping us fired up about privacy even as the temperatures around us plummet. 

 

The Internet of Things  

Once a term used mostly by MIT professors and those steeped in the privacy and security field, "The Internet of Things" is now finding its way into mainstream conversation. Loosely defined as the practice of equipping all objects and people in the world with wirelessly connected, identifying, computing devices, the term represents what could be a hugely transformational way of life.  

 

At one time, "The Internet of Things" probably sounded like science fiction; but today, it's becoming very real. Here are a few examples of where you can literally see, hear and almost feel this phenomenon occurring in some very ordinary places:

  • TRENDnet marketed its SecurView video cameras as "secure." In fact, the cameras had faulty software that allowed anyone with the cameras' Internet addresses to hear and see what the cameras were capturing. In fact, more than 700 were hacked, creating live-streams of private locations and private moments online for the world to hear and see.        
  • Google possesses possibly more data about consumers' online activities than any other organization (Facebook, Microsoft, IBM would probably be close behind.). Now it seems, the Internet giant is on track to know as much about your offline behavior. The company recently purchased Nest, which makes "smart" thermostats and smoke/fire alarms that track indoor-activity data. They have stated they plan to create many more of these types of smart gadgets. How much personal information will Nest share with Google, and how will that information be used?       
  • A range of smart-home and smart-car technology allows consumers the ability to control access and features of their houses and vehicles. But who else might gain the same level of control? And what will happen when "smart" cars and appliances can function on their own without human intervention? As this Guardian article contends, they will certainly be tempting to hackers.


Facebook Updates

With a user pool larger than most countries, Facebook will always be on the radar of privacy specialists. Thanks to my own circle for providing these hot-topic updates on the social behemoth:

  • My friend Lisa Brownlee, who has lived internationally and is highly educated on theft and the need for safe, secure and reliable backup systems, says Social Safe digital journal for backup is "a total lifesaver." Lisa has vetted the application's security and is confident in the developers' safekeeping of personal information.    
  • Chris Duque shared this Mashable article with me. It's chock full of great tips on how to delete your personal search history from Facebook, which stores every single term you ever enter in the search box.    
  • Another of my friends and publisher, Rich O'Hanley, passed along this article on how to quickly get rid of all your Facebook data    
  • I was recently sourced by ThreatMatrix to talk about the lawsuits Facebook is facing over claims it mines private messages for personal data. The plaintiffs say Facebook scans messages for links and other information that can be sold to advertisers, marketers and data aggregators. There is potential for the lawsuit to become a class-action.  At the same time, Facebook was part of a group that recently sued the U.S. government and won the right to disclose to users more information about what data they are compelled to hand over to authorities. (Sadly it does not apply to companies less than 2 years old.) Please keep in mind that nothing on Facebook, including messaging and Facebook emails, should be considered protected or private; anything posted to a social media site is susceptible to world view.
  • As a fun experiment, several years ago I changed my address in Facebook to "Elephant Island, Antarctica." Sure enough, for seven months after I "moved" there I did not get any ads! Of course, as Facebook refined its Big Data analytics, and as I posted more "Likes," I started to see ads once more.

 

 

Keep an Eye on Your Accounts

With several major data breaches, malware warnings from the FBI and now a Better Business Bureau alert telling consumers to watch for mysterious $9.84 charges, it's a good idea to check your financial accounts daily - if not more often. 

  

 
  

Who's Watching (and Listening)?

In the January Tips Message, I promised to deliver more on surveillance cameras this month. Below is a collection of some disturbing developments in the area of physical privacy.    

 

Drones are increasingly being used to look onto others' property, with no restrictions or search warrants necessary.  Here's just one example: 

 

Drone Surveillance Footage Sends Man to Jail: A North Dakota farmer was sentenced to three years in prison reportedly after not promptly returning three cows that had wandered onto his property; he was located by a border surveillance Predator drone. (Pure conjecture, but considering the size of cattle farms in the upper Midwest, it's possible he didn't even realize rogue cows were on his property.)   

 

Big Brother Means Big Business for Video Surveillance Firms: For the Winter Olympics in Sochi, Russia, Panasonic has supplied the largest quantity of security cameras (6,903!) in the history of the Olympic Games.

    

Spy Agencies Need More Oversight, Canadian Privacy Watchdog Says: New surveillance tools, from monitoring of online activity to closed-circuit cameras, cast a wider net and give intelligence agencies more personal information than ever before. It is a simple mathematical fact: The more personal information an organization has, the more likely that a privacy breach will occur.

  

Police Want to Use Your Home Security Cameras for Surveillance: An imaginative proposal emerging from San Jose, Calif., asks citizens to donate their own home security systems for "the greater good."    

 

On the whole, I think security cameras - in particular those sending live feeds of public areas, especially in high-crime areas, to a remote location - are a smart idea for public safety. Installing security cameras around your home is also generally a good move for personal security. 

 

As with every technological innovation, however, surveillance cameras of all types pose privacy risks, especially when it comes to illegal or unethical surveillance. Whenever drones, security cameras or any other types of surveillance devices are deployed, the associated privacy impacts need to be considered. 

 

When law enforcement, government agencies, businesses or any other type of organization wants to deploy and use surveillance, privacy impact assessments (commonly called PIAs) should be performed, and the activities should have oversight from an objective third party to mitigate the possibility of privacy abuses.

 

  

Privacy Professor in the News  

Privacy has been such a hot topic in recent months, which has been exciting for those of us interested in raising awareness through trade and consumer media. It's been great to contribute to the following articles and broadcasts:

 

 

Privacy Professor on the Road

I love traveling the country to raise awareness of data security and privacy. If you ever have need for a speaker, presenter or workshop host, please get in touch. In the meantime, take a look at the schedule below, and if you'll be in the neighborhood during these events, I hope you'll attend. 

 

Feb. 23: Visiting with Des Moines' North of Grand neighborhood to give a talk on how neighbors can protect their privacy and secure their information.

 

Feb. 25 & 26: Teaching IAPP CIPP Foundations and CIPM classes in Dallas

 

March 4: Giving a presentation on Smart Grid Privacy in Minneapolis

 

April 9 & 10: Teaching IAPP CIPP Foundations and CIPM classes in Minneapolis

 

April 30: Conducting a workshop for the ISACA North America CACS conference in Las Vegas

 

May 1: Presenting a session about privacy at the ISACA North America CACS conference in in Las Vegas

 

May 12: Conducting a workshop for Medical Device Security and Privacy at the 10X Medical Device Conference in Minneapolis

 

May 19: Presenting a HIPAA session at the LTCI Conference in Kansas City

 

 

   

Need Help?

 

If you need any help with information security or privacy training and awareness, or if you must comply with HIPAA and need help (especially important now that the Omnibus Rule has gone into effect), please check out my Compliance Helper site or get in touch with me; I would love to help you!

  

You Have My Permission to Share

 

I receive a lot of requests to repurpose the information contained in these Tips messages, so I wanted to drop a quick note in here to say, "Yes, I approve!" Please use the following attribution so that others will know where to find me if they have additional questions about the material you pass along.

 

Source: Rebecca Herold (a.k.a. The Privacy Professor), privacyguidance.comrebeccaherold@rebeccaherold.com.

 

 


  

With Data Privacy Day celebrated around the world on Jan. 28 and the national media attention around data breaches, it's been a red-letter month for raising awareness of privacy issues. Let's hope it continues in February and well into the rest of 2014!

 

 

 

Wishing you a beautiful Valentine's Day! 

    

Rebecca

Rebecca Herold, CISSP, CIPM, CIPP/US/IT, CISM, CISA, FLMI 
The Privacy Professor®
Rebecca Herold & Associates, LLC
Mobile: 515.491.1564