Due to popular demand, we are repeating the workshop in April! Click here for more details
As a generation where sharing information is the norm, organisations such as Facebook and Google are leveraging this opportunity to aggregate, crossmatch and analyse our personal information. 'Big data' allow entities to collect and analyse vast amounts of data enabling them to achieve their primary goal, sales, marketing, profiling, etc.
However, as individuals how do we know that processing is completed ethically and securely? Could the processed information be used against us? Could the information limit employment opportunities, used to discriminate or define classes? Do we as individuals have the right to ensure that our personal information will be handled in such a way where it would not be used against us?
Organisations that handle our private information and secrets must employ good governance ensuring that the information processed would be used ethically thus benefiting society as a whole. These services should also provide individuals with the opportunity to opt-out of any processing that could have a detrimental effect on current and future prospects. For example, processing errors relating to personal information could result in the inability to obtain credit which in turn, would have a dramatic effect on individuals seeking an essential purchase such as transport or accommodation.
As the entry level for processing vast amounts of personal information is no longer confined to well-resourced entities such as large organisations and governments, how can individuals ensure that processing will be completed in an ethical and secure manner? Furthermore, personal information has previously been used to benefit and destroy societies. As more players adopt the use of personal information, what assurance does an individual have that an adversary is not using our information to disrupt our lives?
One such example is the practice of ‘doxing’ to expose journalists and activists covering the conflict in the Ukraine. With the release of this information, their adversaries were able to orchestrate threats against them and their families. While the source of information was not proven to be from a single source, processing data in one repository provide adversaries with a lucrative ‘one stop shop’ for personal information.
While laws, regulations, self-governance require time before achieving a level of maturity, adversaries will exploit this period to undertake nefarious activities. As a result, it is up to us as individuals, contributors to big data, to exercise constraint limiting the amount of information that is collected and retained.
Individuals must not set their expectation that initiatives from organisations and governments will protect their privacy. Individuals must also be able to exercise their power to maintain a level of privacy, inhibiting the actions of potential adversaries.
After the first sell-out session, CryptoAustralia is hosting a follow-up event helping individuals with sanitising their social media accounts. The workshop provided an insight into how privacy could be abused by adversaries, strategies on improving one’s privacy posture and the tools used to achieve each strategy.
Ed's slides from the March workshop is available in the CryptoAUSTRALIA Library
Edward Yuwono is an Infosec strategist providing practical approaches for defending organisations. Security is his sixth sense. He is approaching the sunset of a Masters degree. With what little time is left, he's most likely to be at an airport.