In Privacy in the Age of Big Data, Theresa Payton and Ted Claypool tell us just how ubiquitous current threats to privacy are (which both the lay reader and security professionals will find disturbing). Of course, we’re better off knowing about threats than not knowing; threats are pervasive enough that everyone in living in the age of big data should know about them. Using real-life stories of privacy gone wrong, the authors make the reader want to protest, though, rather than put on a tinfoil hat.
What it means to have privacy in the age of big data
What’s remarkable about the book: while it’s very accessible to those outside the industry, it’s of equal value to the security professional. As a CSO, I like to think of myself as fairly tuned in to security and privacy threats, but I learned a great deal from the book. I think the reason for this is that we all have blind spots, and while professionals may be experts in their own niches, it’s still easy for us to lose sight of both the big picture…as well as the legion of niches outside our expertise that pose privacy threats.
The average reader will get a view of a security landscape hidden to most, with a window to the governments and professionals working to make positive changes protecting the privacy of average people. Ultimately, it’s up to each of us to be aware of and take action against privacy threats.
Big picture, but actionable
Make no mistake: Privacy in the Age of Big Data isn’t a privacy checklist. It reaches deeper than a paranoid reaction: inspiring a fight for our own privacy, helping us understand the big ideas behind privacy in a world built on digital technologies, and explaining the rules countries have to try to protect citizens’ privacy.
Nonetheless, solid actionable information is peppered throughout, like details about Apple’s App Tracking Transparency (ATT) feature and the Digital Advertising Alliance’s opt-out site. While these may be things security pros have heard about, the book’s cautionary tone provides a context where we’re more likely to actually take action. Don’t get me wrong, the book is witty and enjoyable to read, but it also makes it clear that these are threats we shouldn’t ignore.
It’s as bad as we think (or worse than we can imagine)
Depending on your existing knowledge and concerns about privacy, Privacy in the Age of Big Data will steer you down one of two paths. It either confirms that you’re not crazy in thinking your every move is being tracked by someone, or awakens you to the reality that private firms and sometimes governments are indeed deeply invested in using technology to subtly and unsubtly invade our privacy.
We’re being tracked more than we’d really ever agree to be tracked
According to Lou Mastria, Managing Director of the Digital Advertising Alliance “consumers are very pragmatic people. They want free content. They understand there’s a value exchange. And they’re OK with it.”
Payton and Claypool are clearly skeptical of this quote they present us, pointing out that while it’s “interesting…not everyone is ‘OK with it.’” Many of us don’t mind looking at a few ads to be able to read newspaper articles for free, but that’s only because we’re not aware of the depth of the tracking—it’s far more than just having to see a few ads, but how the ads track you afterward. It’s where you were, what you saw, and who you were next to when you did it. Given the chance for granting fully informed consent, most of us would be thoroughly weirded out by just how much companies are tracking, storing, and aggregating information about us.
Tracking that threatens our privacy is almost unavoidable
“In fact, the only way you can go offline would be to stop going about your daily activities and hide away in a remote location. Just don’t use GPS to get there, don’t buy anything with debit or credit cards, and absolutely do not talk on your cell phone.”
This got me thinking about whether this is inevitable. Could we have the technology we have today without sacrificing elements of our privacy? For nearly all of us, activities that generate data about us (data that we can’t control) are part of our daily lives and livelihoods. This book is probably the best resource currently available for minimizing the damage, but we can’t totally avoid at least some damage if we live modern lives.
The solution is (partially) in our hands
“Though the loss of privacy may make us feel helpless at times, we do not need to completely lose our private selves in exchange for the benefits of modern technology. Now that we know what is at stake, we can do something about it.” Though we may not individually be able to fully control what of our data gets collected or how that data is used today, we do collectively have control, through law, of what’ll be allowed in the future.
The authors don’t shy from criticism in this area, highlighting where we’re handling threats to privacy intelligently and where we’re making matters worse through legislation, collective action, as well as our individual choices. While some readers will want to throw their phones out the window and live in the bathtub by the end of part three, be patient – by the conclusion of the book l had more tools to take an active part in shaping the privacy future I would like to see.
What should we do now?
Read the book. After having read it myself, I do believe that awareness is the first best place to start, and will in itself clarify action for each of us as individuals. As professionals, we can be reassured that a lot of the measures we take in corporate security, like deploying zero trust principles and MFA, can and do help with privacy. With an understanding of the depth of data out there about each of us, the importance of the security side of the equation—preventing breaches—becomes all the more apparent.