Do you feel the US Patriot Act, and EU Data Legislations are in conflict leaving end users, and businesses confused as to their expectations of Privacy?
Andrew Agnes: In one word: Yes. Businesses will be aware if it directly affects them, but the majority of end users won’t know because they don’t know enough about it. Acts and legislations which come out are hard to keep track of for the average person. The mainstream media don’t go out of their way to explain how these acts can impact people because of the broad audience they need to appeal to.
A few years back, Microsoft brought the US Patriot Act to people’s attention by announcing to businesses they couldn’t guarantee that data stored in their EU datacentres wouldn’t end up in the hands of the US Government. Fast forward 3 years and Microsoft spins that it is the only major cloud vendor which meets EU data protection regulations for customers around the world. Great marketing, but end users aren’t being given the full picture. But do they care?
Thom Langford: Once people with guns start turning up at your corporate headquarters, whichever country you are in, most companies will simply hand over all and any information requested. If anyone is in any doubt as to if their personal or confidential data is at risk, they should simply assume that it is and protect it themselves through strong encryption. Of course this means that they may not be able to take full advantage of the services their cloud provider offers, such as full text indexing of their files, but better safe than sorry, right?
Javvad Malik: Privacy? What is this privacy you speak of? It’s something that our children or their children will study with amazement as to how old civilizations operated. Whereas the conflict in legal positioning may be resolved with <gasp> more regulation or compliance measures. The head of the serpent lies elsewhere – in that stand-alone technology that is becoming increasingly difficult to procure and run for the average user. These include mobile devices that automatically backup all your pictures to the ‘cloud’, as well as fitness trackers that hemorrhage location data or entire operating systems that are designed to be operated only when connected to the ‘net’. Legislation comes a poor second when you realise that from the moment a user creates information, takes a picture or shares a moment, that data is out of their hands.
Andrew Agnes: So to recap, users can rest assured that Data Privacy laws designed to keep their data safe are acknowledged with good intent but superseded by NSA backdoors and the commercial interests of businesses to monetise their customers’ personal data. Fortunately it’s too complicated for the average punter to understand.
Thom Langford: That’s the problem with any legislation that isn’t consistent across multiple countries; consumers will complain if they can’t access certain services from international suppliers (I know I would) even though their local legislation is trying to protect them. Unfortunately we never read the small print (free Google services anyone?) and then scream “Unfair!” when one country’s looser privacy regulation bites them (NSA…). It also means that the vendors who run services from countries with looser legislation are likely to be more competitive and end up with more international customers, making the local legislation meaningless and ineffective in trying to protect it’s populace.
Consumers need to take responsibility for their own online privacy. We don’t expect our governments to provide households with curtains for our personal privacy, why should we expect the same for our online lives?
By Andrew Agnes, Thom Langford & Javvad Malik, Founding Members of Host Unknown | @HostUnknownTV
Host Unknown is the unholy alliance of the old, the new and the rockstars of the infosec industry in an internet based show that tries to care about issues in our industry. It regularly fails.
With presenters that have an inflated opinion of their own worth and a production team with a pathological dislike of them (or “meat puppets” as it often refers to them), it is with a combination of luck and utter lack of good judgement that a show is ever produced and released.
To find out more about our panel members visit the biographies page.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.