Privacy


He stood blocking the light from a single window in the small room. It was cold even though the sun was warm outside. The only other person was a woman sat at a steel table; she was frail, almost transparent, tired of resisting, and tired of life.

His presence radiated strength as he spoke. “I remember when I lived in fear. Can you imagine I was afraid? It is true that life was cruel, with each man living on-the-edge, and for himself. The world as we knew it: was becoming chaotic; moving too fast; so lost on foolish quests. People were scared as change embroiled the world, and they were losing all that made them feel secure.”

Turning around, he looked down at her, compelling her to look up. “Where dictators didn’t rule, fascists and extremists terrorised the ‘so called’ democratic societies. The world was shrinking, and with this the economies started to crumble; and the great towers fell as the terrorists of the world hit out.”

“In those days you couldn’t board a plane without that fear in the back of your mind, that a terrorist maybe your neighbour. In some countries they would tie bombs to their bodies, calmly walk into a crowded café and explode; in others they would tie bombs under cars that would detonate once the poor driver turned the key in the ignition; or what about a change of carnage with chemical warfare in the subways? There were other alternatives of course: your children could have been shot in the school by some madman; or thieves may choose to sacrifice your life for some petty reward.

So we started to watch you, to protect you. We introduced a global numbering system, so that every person in the world would have their own ID. We likened it to the Social Security number, but really it was more than this. This number was scanned into their ID card, that later became an RFID implant. From hereon we were empowered to stop all known terrorists travelling by plane. The concept was accepted; those that travelled often got a fast track for the implant. Those that didn’t got a slow track. Eventually everyone wanted one, nobody wanted to be in the slow track, whether this was at the airport, the subway or in the supermarket.

However that was when the terrorists started to target more the subways, and we implemented it here too, and then on all trains, and buses. They even slaughtered innocent children in schools.  We chipped everyone, even the children to protect them. Those that were not chipped could no longer move, and we caught them for being guilty in having ‘something to hide’. The world became safe from terrorists and madmen. What an evolution! We now had in our global data-bank containing the biometrics of every individual in the world. We knew the online and offline movements of all; collected and stored in an intelligent data-bank that was able to predict what they were planning even before any ‘terror attack’ hit.

Hence you are protected, secure in a world that looks after you. You say you don’t like to be watched, but we don’t watch you all the time, we just track you. So yes, it’s true I know everything about you, but so what? I know everything about whoever I wish. So why should this offend you? Why do you continue to refuse to accept and conform, why are you not like the others who are settled in this wonderful new secure world? Why?”

Calmly he faced her, looking deep into her eyes. He could see how her strength ran deep, beautiful in its purity, but tired, so tired. The silence hung heavy in the room, breaking it she brought her thoughts to life. Her voice was quiet, firm and clear. “I appreciate that today our society is secure and safe. We are no longer at risk of attack from terrorist or madman. However in providing this security, society has taken from me my personal space, my privacy, and the freedom to do as I wish, when I wish; this is because I feel and know that I am being observed, this changes my behaviour, and ultimately the choices I make.

It is clear that security has a price to pay, and the currency is freedom. It is a delicate balancing act, to increase either, jeopardises the existence of the other. Man will however never be completely free; he will always find ways to build some security framework around him. Unfortunately, it is when the free man becomes obsessed with security we are faced with the risk that the scales of security and freedom will cease to balance.

Now the payment has been made. The scales that once hung so delicately have fallen. Freedom is lost, but man no longer realises this, he doesn’t know what freedom is. It is only I that still remembers.” She paused for a moment -her breathing shallow- and looked at him. “You have clearly forgotten.”

Sitting back in his chair he continued to survey her, saying nothing, finding himself savouring the sound of her voice, remembering something, but not sure what.

Standing up she moved over to the window; gravitating towards the light, the sun, where she had once been free. “Don’t you remember me anymore Security? I know freedom well. I am Freedom. I am what a man feels when he sits alone, and watches the mountains reaching high above the lake that lies so low. I am that yearning: when he sees the road that run so long, and the trains that pass so fast. I am the sound of birds in the air, the cool breeze that passes by, and the leaves that flutter loose. I am the feeling that man belongs not to anything, that he can walk and run where ere, to say and to think as he wishes.

Have you really forgotten Security? Don’t you remember our vow? We were married once, a long time ago, ‘Security and Freedom’. Has it been so long that you have forgotten how we loved each other, and how we promised in our union ‘that you would make man feel secure, and upon this foundation I would let him be free’?”

Written (but unpublished) 2001 after 9/11.

2518864-8236474736-tombsI have been contemplating Facebook suicide for quite some time now, since 2014. This blog post gives a step-by-step description of how I did this (with links) in case you want to do the same. I hope you find this useful…

Reason for this action – were primarily motivated by the feeling that my concerns for privacy started to outweigh the benefits. In addition the amount of junk popping up in my feed influenced by my click history was boring. I also felt that I had become a ‘passive consumer’ of social media, just as my generation were the first real ‘passive consumers’ of television. I wanted to stop this ‘addiction’ which is what it is… checking your feed for updates, checking if your posts got some Likes and Comments…. when I could be reading a book, or spending time with my family doing normal things.

Requirements:

  • I still wanted to be connected to my family and very close friends;
  • I wanted to delete the years of ‘my user behaviours’ from my account that were behind the adverts popping up;
  • I wanted to be anonymous enough so that anyone that searched for my name, would not know who I was through my connections, even if they shared something that I shared;
  • I did not want any personal photos that my FB friends would feel compelled to Like, and then I would be compelled to check my feeds for Likes 😉
  • I didn’t want to be drawn to restart my behaviour as a ‘passive consumer’ of social media content;
  • Given what I wanted, I knew that it is quite impossible to be anonymous from government intelligent agencies, they would keep my old FB content for at least 10 years, however I needed a compromise for today and the future;
  • I wanted FB, but I wanted a clean start.

Here is what I did:

  1. I set-up a new clean account and added my active FB account as a friend. I gave an age under 18, false name, an email not linked to my old account, and no additional information. The fact that I created an account as under 18 years, means some of the privacy settings are stricter by default.
  2. I warned my FB friends that I would be deleting my account – in January – and gave them the choice of connecting to my new account. When I deleted my active account I had 20 FB friends on the new clean account.
  3. I did nothing for 3 months, and made no postings on the clean account and minimal on the active account. My FB friends that were also friends on the clean account started posting to both during this time.
  4. downloaded a copy of the FB account to be deleted. This includes all your posts, your photos, even your click history, just about eveything except your Instant Messages.
  5. I deleted my Instant Messages. This is not so easy as you need to go into each message individually and delete, and it takes several clicks for each. What I did was use Chrome and downloaded an extension that deletes all your messages in one or two attempts, it works and it is good 🙂
  6. However deleting your messages does not delete them from your friends message archive unfortunately. Your best bet is to ask them them delete anything linked to your old account. I didn’t work this one out until after I had deleted all my messages 😦
  7. I removed my old account as a friend from my clean account.
  8. I deleted my FB account – Delete Facebook Account.
  9. I ‘unfollowed’ all friends feeds on clean account.
  10. Privacy Settings – I set ‘who can contact me’ to “Strict Filtering”
  11. Privacy Settings – ‘Do you want other search engines to link to your Timeline?’ = No
  12. Notifications – I basically turned them off except those pertaining to Security and Privacy.
  13. Apps, Websites and Plug-ins – Disabled
  14. Always Play Anonymously – On
  15. Apps others use – Unclick All
  16. Old versions of Facebook for mobile – Only Me
  17. Adverts – third-party sites = No one
  18. Adverts and friends = No one
  19. Adverts Based on Your Use of Websites or Apps Outside of Facebook – now this is a bit complicated, but you need to go into each of the Opt-out sites (there are 4) and choose Opt-out. You need to have cookies enabled to make this work. I did this in Chrome. Here you can see the sites that you are already opted-out of. It is dynamic, so when you opt-out it will update immediately.

Google officesI love this, the EU Court has confirmed that we have the right to be forgotten. Google and other internet search engines face a new world where they must remove links to websites containing certain types of personal data when individuals ask them to do so. The European Union says you have “a right to be forgotten” digitally online. This is great news for every citizen of the EU, including our children!

Read more in English and Swedish.

We are getting some really interesting happening in the EU when it comes to revolutionising the EU Directive on Data Protection. Thanks to the summary provided by Panoticon blog.

The Memo from the European Commission, that has been approved, gives the following reforms that will make doing business simpler for EU companies, and they are significant! So here they come the 4 pillars of reform, or at least a summary of them. If you want to read the full Monty, go here.

Pillar One: One continent one law…
The European Parliament agrees that the new data protection law for the private and public sector should be a Regulation, and no longer a Directive. The Regulation will establish a single, pan-European law for data protection, replacing the current inconsistent patchwork of national laws. Companies will deal with one law, not 28.

Pillar Two: Non-European companies will have to stick to European data protection law if they operate on the European market. What this means is that non-European companies will have to apply the same rules as their European counterparts. European regulators will be equipped with strong powers to enforce this.

Pillar Three: The Right to be Forgotten/ The Right to Erasure
The right to be forgotten builds on already existing rules to better cope with data protection risks online. If an individual no longer wants his or her personal data to be processed or stored by a data controller, and if there is no legitimate reason for keeping it, the data should be removed from their system.

The right to be forgotten is not an absolute right. For example there are cases where there is a legitimate reason to keep data in a data base, e.g. archives of newspapers. In addition the right to be forgotten includes an explicit provision that ensures it does not encroach on the freedom of expression and information.

Pillar Four: A “One-stop-shop” for businesses and citizens
The Regulation will establish a ‘one-stop-shop’ for businesses. What this means is that companies established and operating in several Member States will only have to deal with a single national data protection authority not 28, making it simpler and cheaper for companies to do business in the EU.

Well I didn’t know that privacy was the word of the year for dictionary.com.. did you?

I was surprised when taking a coffee with one of my colleagues in the office. She received an SMS thanks from another of our colleagues her for the birthday greeting. When I asked her, how did she know, she said she found it online at http://www.birthday.se/kontakta-oss/Default.aspx. She then told me when my birthday was and even a map to where I lived (although they did get this wrong). Nevertheless surprise became horror. I had already removed my details from www.hitta.se only to find myself at another site. So I checked with a previous colleague of mine (Martin Da Fonseca) that studied security law in Sweden if this was in fact legal? And this was his response.

“It is legal. The service provided by Upplysning.se is regulated in Kreditupplysningslagen (credit information legislation) (1973:1173).

I believe the service provided by birthday.se is using (or exploiting) the fact that this information is considered “public information” (allmän handling), because it is stored at a goverment agency. As part of Tryckfrihetsförordningen (“freedom of press”, sort of) (1949:105) 2:1 it says that every Swedish citizen shall have the right to access to public documents. All documented information that a goverment agency has is to be considered public. This is also regulated by Sekretesslagen (official secrets legislation) (1980:100), which states when information is to be considered secret and not part of public documentation. Personuppgiftslagen (1998:204) is also in effect here; it is applied on the actual agencies storing the information. And perhaps to some extent on companies like Birthday.se, depending on what they do with the information (if they store it).”

Should I really be surprised? Not really, as mentioned it’s not the first time in Sweden I’ve needed to remove my personal information from some public register. And getting it removed is a pain, many phone calls, and then like magic it pops up again a year or two later! I believe that this is in direct contravention of the EU directive on Data Privacy. Am I wrong here? Surely I must be? Although Sweden is quite ‘transparent’ in how it operates, there there is much trust between the government and its citizens that makes Sweden quite unique. Transparency is a part of the EU directive, although we should give our consent to sharing personal data. Maybe i have done this automatically by becoming a resident of Sweden. The personal ID is not compulsory in Sweden but its just about imposssible to operate without it. Just try taking out a prescription at the chemist without this ID, you can when they realise that they have no choice, like what happened when I lost my ID, but it takes time and is very annoying if you end up with someone that insists on following the rules. This ID is shared everywhere and is really easy to get hold of. It is composed of date-of-birth (which you can find on http://www.birthday.se) yymmdd-xxxx and four digits, that are even if you are female and odd if you are mail.

There are cases in the U.S. whereby the addresses of car drivers were public until some celebrity was murdered due to the availability of this information. This is evidence that placing this type of information in public domain is dangerous! Does this mean that Sweden has worse data privacy for their citizens than what is found in the U.S.? Is this possible for a country of the EU?

Just as today in my work I carry out Business Impact Analysis, Risk Analysis and Compliance Assessments, now has come out something called a Privacy Impact Assessment (PIA). This comes as no surprise to a lot of us working in this area. I am pretty pleased that this has been developed. Although clearly there is bound to be still some work/tweaking to do, I do think it’s a pretty good start. Link to press release follows:

“UK’s first privacy impact assessment handbook has been launched to help organisations address the risks to personal privacy before implementing new initiatives and technologies”