You may not be a malicious hacker, but that doesn't mean your online activity won't be scanned for telltale signs of cybercrime. The federal government has made cybersecurity a high priority, as concerns grow about over the vulnerability of the nation's infrastructure to a computer-based attack.
The Presidential Policy Directive concerning cybersecurity lists business sectors that the Administration considers critical -- and therefore, in need of online watchdogging. Some sectors, such as "Commercial Facilities" and "Critical Manufacturing," lend themselves to broad interpretation.
"The definition is still in flux, so there's a question about what 'critical infrastructure' will ultimately encompass," says EPIC's national security fellow, Jeramie Scott. A recent article by Reuters indicates that the government plans to expand its scanning of Internet traffic from three defined sectors: financial institutions, utilities, and transportation companies. Collectively, that covers a lot of consumer activity.
Even though the data is supposed to be scanned only in aggregate (so as not to pinpoint individuals), the methodology used in choosing and storing the data raises additional privacy issues. "The executive order on cybersecurity called for protections based on the FTC's Fair Information Practice Principles, but it doesn't mean the companies doing the scanning are abiding by these principles," says Scott.
The proposed CISPA, reintroduced in February, reopens many issues around cybersecurity and privacy. "CISPA would allow companies to share much more detailed information than the aggregate data that is planned to be shared now," says EPIC's Scott.
Privacy threats could be solved
This year's online threats to privacy will continue to grow unless Congress and other decision-making bodies offer some meaningful support for privacy. Witnessing the conflict between privacy and civil liberties advocates (on one side) and business and law-enforcement interests (on the other) may seem a bit like watching a particularly nasty tennis game, but it all boils down to a matter of openness versus secrecy.
Privacy advocates see Do Not Track as a no-brainer fix for the many privacy issues related to cookies. Marketers point to the ongoing success of data-driven, targeted Web advertising, which cookies make possible, as an indirect endorsement of their methods.
Consumer behavior might be sending conflicting signals, but nonpartisan research suggests a need for more, not less, protection. According to Mary Madden, a senior researcher for the Pew Research Center's Internet & American Life Project, "Privacy concerns do have an influence on user behavior." Studies conducted by Madden and her colleagues indicate that cell-phone users are likelier to discard an app if they don't like the way it uses their personal information.
Trevor Hughes, who looks at privacy from an organizational perspective as CEO of the International Association of Privacy Professionals, says, "The one thing that can threaten big data is getting privacy wrong and screwing up consumer trust. The companies that miss that message are going to suffer."
One thing is certain: Resolving online privacy issues will be essential as new devices -- smart cars, watches, Google Glass, and more -- add to the growing data stream. "Make no mistake, everything we touch that is digital in the future will be a data source," says the IAPP's Hughes. "I can imagine lots of great things emerging from this. But the privacy things have to be fixed."
This story, "The 5 biggest online privacy threats of 2013" was originally published by PCWorld.