A while ago when I attended a blockchain round table, someone said the currency of today is privacy. You pay with privacy the use of services such as Facebook, Gmail or anything other. I beg to disagree..
You don't pay with privacy, you irreversably give it up in order to continue with a service or tool you initially signed up for. If it were a currency, you could apply for a money back guarantee, but this is a technical nightmare today. When you look back at how Facebook evolved, it started as a private communication tool where you defined what to share in a group. This changed soon into a platform where by default a lot more of your data was made publicly available. The erosion of privacy has sneaked upon us, without notice. Well, we were noticed we just did not read the 50 or more pages of a user agreement written in legal jibber jabber that only the best lawyers can decrypt.
You already have zero privacy. Get over it. – Scott G. McNealy CEO of Sun Microsystems Inc (1999)
Your Privacy or my service!
The problem is that the rules of today which you agree upon to use a service might be changed through the course of your experience with the service. And that might sound ok, but it is not. You're held hostage, you could opt out, but can you really? The downside would be that in the case of Facebook, you'll have to look for an alternative and convince all your contacts to do so. And those contacts need to do the same with their contacts, doesn't sound like a plan that will succeed. Either you stay or give up, since you do not have the possibility to disagree, and pay for example a small fee to leave things as you agreed upon initially.
Long live GDPR (General Data Protection Regulation)
I do think GDPR has some benefits, but looking at the practical and technical reality we live in it might become very difficult if not impossible to achieve it. You have the right to be forgotten, and you could ask Google to remove all referral links to content of you. But that will not delete the data. You can ask Facebook to delete it, perhaps they will, perhaps they won't. And how can you remove a transaction in a blockchain solution? The basis is good, but users give consent to something they have difficulties to comprehend, and unfortunately I see little movement in that direction. Of course giving a user insight on the most intrusive privacy rules a service applies would be far too easy to integrate, wouldn't it?
What can you do?
Understand what happens if you put the intended message online, the picture you've taken, the vid etc... Understand that public area's such as LinkedIn, Facebook or any other are not made to share private information. Do not blind fully agree on an intrusive smartphone app that likes to read all your content. Keep your secrets, secret...
Koen Maris is director Cyber Security at PWC Luxembourg, transforming ideas in to new services helping customers to embed cyber security enterprise wide.
Koen Maris started an IT career as a software developer. This experience provided solid background in complex environments and a basis in the roll-out of challenging IT projects. After a few years, he swapped development for ethical hacking because of a natural curiosity to flaws in systems. This was the start of technical career in IT security, however due to rise of security problems his career evolved from ethical hacking to security solutions integration and eventually to the managerial side of security.
He has been CISO and CTO at an international IT service provider preceding his current role (He advices large organizations in a multi-industry environment to think on a long-term basis on Cyber Security and addresses complex security topics in layman terms for board of directors and executive committees.
Koen Maris serves as a trusted advisor for many organizations and is becoming a known speaker that challenges his audience and questions current applied security models.