Why IT Security Pros Can be Scarier Than the 'Bad Guys'

Forget about hackers and phishers. Big business wants your personal data, and your privacy is just a hurdle to be surmounted.

By Melissa Riofrio
Fri, March 01, 2013

PC World

privacy, spying
I thought I harbored a healthy amount of paranoia before I went to this week's RSA Conference for IT security professionals in San Francisco. But now I'm just plain scared--and not about hackers and phishers, the perennial bogeymen of the Internet underground.

No, the people who scare me even more are the security professionals who work for big business. They want my online data, your online data, everyone's online data. And they want it more than even theA bad guys who make headlines.

Big business isn't evil incarnate, and the companies clamoring for our data aren't the agents of destruction who would steal our identities for profit or erase our family photos just for kicks. But to the business leaders at e-commerce sites, social networks, and even banks, online privacy is something that must be managed at best, and mitigated at worse.

It's an annoyance that must be dealt with. It's something that gets in their way.

They want our data so they can track us, categorize us, and use what they know about us to sell us something--or sell what they know about us to someone else. Or, as Trevor Hughes, the President and CEO of the International Association for Privacy Professionals (IAPP), told me directly, "Your data is the currency of the information economy."

And our online activity is minting more money all the time.

Our data is hard currency

It took just one shocking hour at the RSA conference to destroy every naive hope I might have had about online privacy. Hughes spoke to a large audience of IT professionals tasked with managing customer and user data, and named what he considered to be the hot-button privacy issues of the year: location data, facial recognition, and Do Not Track, among others. He also touched on more sweeping topics like federal regulations and public policy.

I was intensely interested in all of these issues as an active, web-surfing individual, but I also quickly realized that the other attendees in the room looked at these issues from the other side--from the perspective of their companies, which gather customer data and use it for business opportunity.

Their job is not to worry about protecting our privacy, but to worry about navigating privacy regulations, and protecting themselves from lawsuits and fines. One thorny example Hughes cited was the mobile privacy guidelines paper released by the California Attorney General's office earlier this year, to supplement the California Online Privacy Protection Act (COPPA). In a message accompanying the guidelines, Attorney General Kamala Harris encouraged mobile app developers to adopt a "'surprise minimization' approach...to alert users and give them control over data practices that are not related to an app's basic functionality or that involve sensitive information." Easier said than done on the small screens of mobile platforms, said Hughes: "That user interface is incredibly limited."

Continue Reading

Originally published on www.pcworld.com. Click here to read the original story.
Our Commenting Policies