Security Fundamentals

7. Risks to Personal Privacy

Privacy ... What Privacy?

Many users of technology, especially those who take advantage of social media to share information, frequently think they have nothing to fear from hackers. After all, their thoughts, opinions, favourite music, favourite TV shows, where and what they did on their holidays together with pictures are already out there on Facebook, MySpace, Twitter, Instagram, SnapChat and so on.

So if all this information is out there, freely available, its worth asking

  • "What information is worth keeping private?" and
  • "Why it should be of concern?"
What is Personal Information?
Personal Information
personal information

Personal information includes all data that relates to a living person who can be identified from that data. And surprisingly, it doesn't take a lot to identify individuals. Latanya Sweeney showed that that it only takes three separate pieces of information to uniquely identify 87% of Americans. It only takes post code, gender and date of birth; a name isn't even required.

This means that all information can be considered personal when combined with other 'identifiers' and as a result, it's impossible to be completely anonymous on the internet.

Apart from information willingly shared in the pubic domain on social media sites, most information about individuals fall into two categories: Confidential Information and Sensitive Information.

Confidential Information
Placeholder image

Confidential information is data given in confidence by one person to another in which all parties agree that it should be kept secret and is not already available in the the public domain. This information includes income and financial banking details, health and medical information and even political opinions.

With access to this sort of information, hackers could gain access to bank accounts or sell the information on to other organisations that might discriminate against you on medical grounds or political affiliations.

Sensitive Information
Placeholder image

This personal information that you might want to be kept private. It could include information about your ethnic origin, religious opinion, religious beliefs, trade union memberships, physical and mental medical history, sexual orientation or even legal or criminal history

With information of this kind, it is easy to see how it could be used to discriminate against individuals

It has been estimated by the researcher Paul Ohm that:-

"For almost every person on earth, there is at least one fact about them stored in a computer database that an adversary could use to blackmail, discriminate against, harass or steal the identity of him or her. I mean more that mere embarrassment or inconvenience; I mean legally cognizable harm."

Cause for Concern.

So as we've seen, it's doesn't take much for a hacker to discover who you are. Once you've been identified you start to become vulnerable to theft, discrimination, blackmail etc. And with the 'Internet of Things' (IoT) taking off, even your life can be put at risk.

  • Fitness trackers (Fitbit etc) could be transmitting information to insecure servers which could be hacked with the information passed onto other companies. You might for example be denied travel insurance or charged more for it because your medical condition is known.
  • Medical devices used to keep people alive, like pacemakers which keep sick hearts beating could be hacked and switched off. They're normally controlled remotely by doctors through WiFi and so are vulnerable to hacking.
  • Remote controls for garage doors, central heating, lights all provide access points to hackers. Imagine being able to gain access to buildings via hacking wireless signals used to controlling doors.
  • Networked devices like internet connected fridges used to monitor the level of food stock and 'use by' dates to ease the hassle of shopping provide an easy access point to hackers.
  • Computer peripherals like cameras and microphones could be hijacked remotely and used to spy and record owners without their knowledge. Even the head of the FBI recommends placing tape over the camera lens of computers.
Placeholder image

Some people are unaware of how much information about them is available on the internet. So lets put privacy to the test.

Research your neighbour and see how much information you can find about them online. Record this information in your notebook. To help a couple of tips to help out the budding private detectives.

  1. What ever happens don't give up. This exercise is all about problem solving and its not easy. Very few people are truly 'off grid'.
  2. Use multiple search engines. Don't just rely on Google.
  3. Read some additional tips on Free People Search Sites.
  4. Some additional resources and tool are described in How to Find People on the Web: Ten Free Tools
  5. As always begin at the beginning. Write down what you know about a person. These are your starting points and so slowly follow the chain to see what you uncover.
Off Grid Spoon Whittler
You should be able to:-
  • Describe 3 different categories of personal information.
  • Explain why guarding your privacy matters.
  • Explain some of the consequences of hackers gaining access to personal details.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee