Before we can understand why Security is everyone’s responsibility and Privacy is yours, it is important to understand the difference between Cybersecurity and Digital Privacy.
The Difference Between Cybersecurity and Digital Privacy
These two terms have distinct differences as well as similarities.
Data security and privacy have a common goal to protect personal sensitive data. But they have very different approaches for achieving the same effect.
Cybersecurity focuses on protecting the data from theft and breaches. Digital Privacy governs how data is being collected, shared and used.
Let’s dig a little deeper to understand the differences.
What is Digital Privacy
Privacy is the right for an individual to be free from uninvited attention and scrutiny.
Whatever you do inside four walls of your home is private to you only. You may want to share it with one of your friends. Your friend commits that he/she will not disclose it to anyone else.
In the above situation, let us replace your home with internet. Anything you are doing online is private to you only. The only difference is that you are always keeping your friend (internet) informed. You are of the understanding that your friend will not tell this to anyone else.
What’s the hype about Facebook
Facebook taught us to share everything everyday with almost every one of our friends. Sometime, may be with those also who are not so very close friends. Sharing anything via Facebook is like sharing secrets on an open postcard. Postman (in this case Facebook) can read your secret. What if, postman shares “your secret on a postcard” with some of his friends.
Facebook shares your personal information with its friends (i.e. 3rd party) is the issue of privacy. You only wanted to share information with your friends. Unfortunately, you can’t hide this information from Facebook. Facebook (mis)uses your information for showing you advertisements. It has also sold it to others for monetary benefits.
Cambridge Analytica scandal was the invasion and breach of privacy. Facebook allows app developers to access users’ data. One of the app developers accessed this data and sold it to Cambridge Analytica.
Facebook allowed app-developer to access user’s data by choice. App developer collected approximately 85 million users’ information from Facebook. App developer sold this collection of data with another company called Cambridge Analytica. No one has stolen anything in this case. It was not a theft or hack. Everything was by choice and by design. Facebook allowed it to happen.
All the online trackers like Facebook are collecting everything about everyone everywhere. It’s not only to show you advertisements. The problem is that we can’t even imagine in our wildest dreams what kind of misuse can happen with our data.
What is Cybersecurity
Cybersecurity focuses on deterring hackers and cybercriminals from stealing sensitive information. Sensitive information includes intellectual property, health/financial data, and Personally Identifiable Information (PII). PII include name, address, location, social security number, and bank/credit-card details etc.
If someone breaks into your house and steals your stuff is breach of security. Let us assume that someone breaks into servers or data storage online. Data stolen like this is breach in cyber-security.
Example of an issue of data security:
These days, every now and then, we read about some or other hack happening here, there and everywhere.
When someone steals your data from any website or server, it is Cybersecurity issue. Online thieves (so-called hackers) exploit any loophole (vulnerability) to steal the information. This vulnerability may exist in a software, website, application, database, networks, and servers.
In 2013, hackers stole 3 billion Yahoo users’ account data. This data hack included passwords, credit cards and bank account details. This is, so far, the biggest hack of all times. You can read more about Yahoo’s data hack here.
It’s common myth that if you secure your sensitive data, you are also able to control data privacy. That’s not true.
In both the cases of Cybersecurity and Digital Privacy, your online information is being compromised.
Your friend compromising your information by choice is an issue of privacy. An online thief (i.e. hacker) steals your information either from you or your friend is an issue of security.
Now let us try and understand this with real (online) life example. What could be better example than Facebook.
Why Cybersecurity is everyone’s (or shared) responsibility
Larry Magid has given a very beautiful explanation in an article on Forbes:
In the context of Digital Privacy and Cyber-security, he explains:
People drive to the airport without their seat belt on and then worry about plane crashing.
Planes do crash on rare occasions but not as often as cars. When driving, there are things you can do to increase your safety. When flying, there’s not much you can do to protect yourself. We do rely on the airline industry and government regulators to do all they can to protect us.
Likewise, when we’re online, there are things we can control and things we can’t. For example, we can choose strong passwords and what we share on social media. Sometimes we’re victims of other people’s carelessness or malice. For example, when a service provider gets hacked.
I agree with him in the context of Cybersecurity, but we beg to differ for Digital Privacy. Digital Privacy is not a shared responsibility.
We’re not in complete control
As Larry Magid said in his blog post, we’re like passengers on a plane, when hackers steal data from companies. In this situation, we can’t control or protect our information. We have to trust that the organizations we’re dealing with are doing all they can. It makes sense to only provide personal information to trusted organizations. When hacking victims include the likes of Sony, Target, Wal-Mart and Universities, there isn’t a lot we can do. So, security becomes everyone’s responsibility.
Role of government and industry
The tech industry can play a role by creating transparency and simple to use features. This may allow users to opt-out of anything that makes them uncomfortable. This should include tracking cookies, user-profiling and device-fingerprinting.
Government can play a role by helping to educate the public. It can assure that companies disclose any potential privacy threats. They can by-law force companies to adhere to government stated policies. It can also set good example by applying good privacy practices. Government must set up appropriate controls for accessing citizen’s personal information.
While it’s true that over-regulation or dumb laws can stifle innovation. It can sometimes cause unintended consequences. It’s irresponsible to ignore that marketplace can solve all problems.
Privacy risks out of your control
- Government subpoenas & warrants
- Good companies becoming evil
- Individuals affected by a data breach outside their control
- Insurance companies that know too much
- The lending industry – ever look who’s looking at your credit report?
- Aggregation: Weaving information from different sources to create a profile
- Being spied on when travelling, especially in totalitarian countries
- Available public data such as home address and taxes you’re paying
Digital Privacy is your responsibility
You decide to share your information with your friends. In today’s digital world, to share information with friends, you can’t avoid it to share it with a 3rd party. It’s unfortunate, but true.
There is a long list of these 3rd parties. Facebook, Twitter, Instagram, Snapchat, WhatsApp, Apple, Microsoft, Amazon and many more. Almost everything we do online, we share our information with a 3rd party.
Can you trust all these big brand names? Well, answer is simple. Do you trust all your friends equal? Do you share your secrets with all your friends? No. Right? You pick & choose your friends for your secrets. Sometime, you may choose different friends for different secrets.
There is a possibility that your friends can break the trust, so these companies. You learn as you grow and get better at choosing friends based on good or bad experiences.
When your friends break the trust, do you blame them for the mishaps? Well, we don’t. We take the responsibility of the mishap. Same goes with Digital Privacy.
The benefits of Digital World come at some cost. Two of the major ones are loss of privacy and lack of security. We are more vulnerable to data breaches and identity frauds.
There is a need for everyone to be more aware and intelligent about what we share online and with whom. It is your responsibility to share only bare-minimum and required information only.
Things we can do
While we can’t prevent attacks, we can protect ourselves to a degree. You may have heard warnings about being careful what you post on Facebook or any social networks.
Another issue is those marketing related privacy invasions like tracking cookies. Some people bother and others accept them as the price we pay for all these great free services.
Almost all the ad networks swear that they’re not collecting personal information.
Privacy risks within your control
- Responding to social engineering
- Talking on cell phone in public
- Failing to shred paper documents
- Saying the wrong things on social media
- Posting inappropriate photographs
- Clicking on shortened links
- Donating to a political campaign and having that made public
- Being photographed in compromising situations
- Entering contests
- Failing to log out when accessing service on public computer
- Banking or shopping on unsecured Wi-Fi networks
- Not understanding the disclosures or privacy settings of services and apps
- Failing to password protect phone or computer or encrypt files
- Using weak passwords & same passwords on many sites
- Failing to password protect devices
What Research says
As per recent research conducted by Pew Research Center:
50% of Americans do not trust the federal government or social media sites to protect their data.
You can read the full article here. You should also watch the YouTube video, which explains how easy it is to steal your data.
This is all because of lack of awareness. There’s no such thing as perfect security. Locking your house door doesn’t mean that no one will be able to break in. Same goes with cyber-security. No matter how hard we try, cybercriminals will find a loophole.
Lisa Ho is very apt in saying:
Privacy is like oxygen: It’s invisible and easy to ignore…until it’s taken away.
Lisa Ho is Campus Privacy Officer at Berkeley University of California. You can refer to her blog post “I have nothing to hide. Why should I care about privacy?”
Data privacy is different from data security. In case of security, we’ve already made the choice to turn over our information. Now, we’re asking, “How are you going to protect my credit card/social security number/address?” With data privacy, the question becomes broader: “Do I want to share this?”
Our personal data is valuable, not only to identity thieves but to marketers. Based on 2013 statistical analysis, personal data market has become $156 billion industry. The fact is, we have become the commodity. Personal data has value. We must ask the question:
There is no CTRL+Z or Undo button in life. Are we OK to give away our personal information to get free products and services.