I was having lunch with an old colleague today who was convinced that the new EU Regulation due to come effective in 2015 or 2016 was going to change everything! What’s more nothing is decided, so everything is floating in the air….

Don’t panic. First the EU Regulation will be based on a foundation of what exists today, i.e. the Directive. The problem with the Directive is that it is not enforced effectively in member states, and the local laws are not a direct interpretation of the Directive. For example each country has interpreted the laws as they understand the directive…now just think about the language challenges, cultural challenges. Each country has their own interpretation of the Directive. What is more is that each member state may have legislation that has been around for a long time that has priority over any data protection law that is enacted, this creates all sorts of issues. For example in Sweden the personal ids of citizens are considered as public records, so they are not protected by the data protection law.

When it comes to enforcement and fines for misalignment with the Directive, some member states have been more active than others. Now this will change with the new Regulation.

Clearly there are aspects that we don’t know. Basically the member states cannot come to an agreement. However what you should focus on is what we know, and that is the incumbent Directive. Use that is your baseline, leave the unknown aspects until later. Believe me you have enough work already!

2518864-8236474736-tombsI have been contemplating Facebook suicide for quite some time now, since 2014. This blog post gives a step-by-step description of how I did this (with links) in case you want to do the same. I hope you find this useful…

Reason for this action – were primarily motivated by the feeling that my concerns for privacy started to outweigh the benefits. In addition the amount of junk popping up in my feed influenced by my click history was boring. I also felt that I had become a ‘passive consumer’ of social media, just as my generation were the first real ‘passive consumers’ of television. I wanted to stop this ‘addiction’ which is what it is… checking your feed for updates, checking if your posts got some Likes and Comments…. when I could be reading a book, or spending time with my family doing normal things.

Requirements:

  • I still wanted to be connected to my family and very close friends;
  • I wanted to delete the years of ‘my user behaviours’ from my account that were behind the adverts popping up;
  • I wanted to be anonymous enough so that anyone that searched for my name, would not know who I was through my connections, even if they shared something that I shared;
  • I did not want any personal photos that my FB friends would feel compelled to Like, and then I would be compelled to check my feeds for Likes ;-)
  • I didn’t want to be drawn to restart my behaviour as a ‘passive consumer’ of social media content;
  • Given what I wanted, I knew that it is quite impossible to be anonymous from government intelligent agencies, they would keep my old FB content for at least 10 years, however I needed a compromise for today and the future;
  • I wanted FB, but I wanted a clean start.

Here is what I did:

  1. I set-up a new clean account and added my active FB account as a friend. I gave an age under 18, false name, an email not linked to my old account, and no additional information. The fact that I created an account as under 18 years, means some of the privacy settings are stricter by default.
  2. I warned my FB friends that I would be deleting my account – in January – and gave them the choice of connecting to my new account. When I deleted my active account I had 20 FB friends on the new clean account.
  3. I did nothing for 3 months, and made no postings on the clean account and minimal on the active account. My FB friends that were also friends on the clean account started posting to both during this time.
  4. downloaded a copy of the FB account to be deleted. This includes all your posts, your photos, even your click history, just about eveything except your Instant Messages.
  5. I deleted my Instant Messages. This is not so easy as you need to go into each message individually and delete, and it takes several clicks for each. What I did was use Chrome and downloaded an extension that deletes all your messages in one or two attempts, it works and it is good :-)
  6. However deleting your messages does not delete them from your friends message archive unfortunately. Your best bet is to ask them them delete anything linked to your old account. I didn’t work this one out until after I had deleted all my messages :-(
  7. I removed my old account as a friend from my clean account.
  8. I deleted my FB account – Delete Facebook Account.
  9. I ‘unfollowed’ all friends feeds on clean account.
  10. Privacy Settings – I set ‘who can contact me’ to “Strict Filtering”
  11. Privacy Settings – ‘Do you want other search engines to link to your Timeline?’ = No
  12. Notifications – I basically turned them off except those pertaining to Security and Privacy.
  13. Apps, Websites and Plug-ins – Disabled
  14. Always Play Anonymously – On
  15. Apps others use – Unclick All
  16. Old versions of Facebook for mobile – Only Me
  17. Adverts – third-party sites = No one
  18. Adverts and friends = No one
  19. Adverts Based on Your Use of Websites or Apps Outside of Facebook – now this is a bit complicated, but you need to go into each of the Opt-out sites (there are 4) and choose Opt-out. You need to have cookies enabled to make this work. I did this in Chrome. Here you can see the sites that you are already opted-out of. It is dynamic, so when you opt-out it will update immediately.

And you have a chance to do something to stop the indiscriminate surveillance practices used by the U.S. government agencies. It seems that the Act that was created in a single month has one part that is being abused and this is section 215. To find out more check here.

Stop 215 (video)

Even if you are not living in the United States, or you are not American, you can still do something. You know that government intelligent agencies all over the world are sharing your personal information with NSA. We are all a part of this mass surveillance program. I sent out some pre-defined Twitters from my virtual shadows handle. Find the ones I used here.

A rather interesting article. What I like is the description it provides of the attackers potential landscape in today’s global, verbose connected world. It does give some recommendations which I’ve summarised below:

1. Focus your efforts on those assets that could ‘ruin’ your company following a successful attack. This way the real attacks are not lost in the noise of monitoring of all systems.

2. Make your information/communication assets dynamic. Each asset should report to a  real-time inventory system. Make it graphically intuitive, so ‘alien’ systems are quick to alert.

3. Obviously to be proactive rather than reactive. Although I would say that this is more with having an InfoSec program that is trained in forensics and understands the law when it comes to ‘nailing’ down attacked coming from the ‘inside’.

I’ve been publishing on the subject of personal privacy since 2007, and finally, now, in 2015 I decided to take my CIPP/E. The CIPP credential says you know privacy laws and regulations and how to apply them according to the International Association of Privacy Professionals (IAPP).

Why did I take this certification? After all I have a Masters Degree in Information Security in supposedly the most famous (in this subject) globally, with the Royal Holloway University of London (RHUL). I also have an MBA with Henley Management School (University of Reading). On top of 20 years of rich experience in IT and IS, it looks as though I am in the league of ‘over-qualified’ and then ‘what next?’. Or am I?

No! I am driven by a desire to ‘fix the Swedish ID promiscuity problem’. (There is more on this in my blog, lots of posts.) I took CIPP/E to get a toolkit that I could use to stop, my and your Swedish ID, being publicly sold online without my or your consent! So now I finally understand what the problem is, and I believe I can solve this, to finally squash this conflict between ‘freedom of information’ laws and ‘PuL’. Watch this space…..

Apparently they are, even beyond prioritising encrypted communications in their search results. Google take action, and they are encouraging you to be a part of this.

I was there and it was energising!

Follow

Get every new post delivered to your Inbox.

Join 167 other followers