The Investigatory Powers Tribunal (IPT) ruling that GCHQ’s access to information intercepted by the NSA breached human rights laws is feeding a growing and increasingly heated global debate regarding the whole issue of digital privacy.
Earlier this month, the tribunal held that the British intelligence and security agency had been in breach of articles 8 and 10 of the European Convention on Human Rights, referring to the right to private family life and to freedom of expression. But hard on the heels of the UK ruling came news that the US government is creating a dedicated agency to monitor cybersecurity threats, pooling and analysing information across a spectrum of risks. The Cyber Threat Intelligence Integration Center (CTIIC)'s mission will be to ‘connect the dots’ between various sources of intelligence. Any new initiatives such as this by official bodies and governments to pool intelligence is likely to come under increasing scrutiny from online privacy pressure groups like Privacy International.
However, establishing privacy rulings for digital data may soon become a King Knut-like exercise as the Internet becomes increasingly swamped by a sea of spyware. According to Kaspersky Labs, cyber criminals are now creating 315,000 new and unique variants of malware each and every day of the year.
Digital privacy becoming a Utopian ideal
The privacy debate is not a new one and many in the IT industry itself now believe that the very notion of digital privacy is rapidly becoming an unrealistic Utopian ideal.
A decade and a half ago, Scott McNealy, head of Sun Microsystems said: “You have zero privacy anyway. Get over it!"
A decade later, Google chief executive Eric Schmidt, a former protege of McNealy, said, “If you have something that you don’t want anyone to know, maybe you shouldn’t do it in the first place.”
At the time, Schmidt's comments caused consternation among privacy rights activists as Google was thought to be in discussions with the US authorities with regard to sharing its customer data to help combat cyber crime and terrorism.
But even McNealy and Schmidt would privately admit that "zero privacy" does not negate the need for security. McNealy, for example, was adamant that pictures of himself with his children should not appear on the Internet for fear of their being kidnapped.
While privacy groups may wish to turn the tide on what they see as the encroaching powers of the state, the greatest threat to privacy is coming not from western governments but from the ever-growing legions of cyber criminals and corporate cyber spies.
What, for example, could be more private or personal than an individual's personal health records? Yet millions of US citizens this week learned that their medical records had been compromised. Hackers broke into the data banks of Anthem, the country's second largest medical insurer. A database containing the names, email addresses, birthdays and social security numbers of 80 million customers was compromised.
Last year also saw the databanks of number of household names also heavily compromised. These included eBay, Target, Home Depot, JPMorgan Chase and Sony. The Home Depot hack alone resulted in 56 million people's credit and debit card details being exposed. The hack at JPMorgan Chase exposed information belonging to roughly 83 million individuals and small businesses.
The fact that tens, and perhaps hundreds of millions of people worldwide, have now had their personal data compromised following targeted cyber attacks is beginning to make the whole data privacy debate look largely academic.
As long as trusted institutions such as JPMorgan Chase are unable to provide adequate security for customer data, there is little that private individuals can do to safeguard their own data. For example, using TOR to encrypt personal messages would do little safeguard the mountains of data now held on all of us by banks, credit rating agencies, health services, telecoms carriers, retailers and a host of other organisations.
Wi-Fi cafes a 'goldmine' for cyber criminals
As consumers, the best most private individuals can do is to be selective about how they connect to the Internet. For example, anyone using wi-fi in a cafe or hotel should be aware that these facilities represent a virtual goldmine for cyber criminals, who are now well-equipped to spy on unsuspecting wifi users.
Slightly larger than a smartphone, the WiFi Pine-apple Mark V is the “ultimate” cyber surveillance device. It uses an “intuitive” web interface to enable hackers to break into wifi connections without users' knowledge. It is widely available online and costs only $100 (£65).
It is also well-known in security circles that some devices such as laptops which have originally been manufactured in countries such as China already come with illicit and pre-installed spyware. For example, last summer eBay barred listings for an Android-powered smartphone, the Star N9500, after it was revealed the phone had preinstalled malware designed to send personal information to a server in China. The malware was disguised as a legitimate Google Play Store App and was found to be impossible to remove.
Be careful what you say in front of the TV set
Some manufacturers even admit that their devices are capable of spying on their owners. Samsung has issued a warning for its latest Smart TVs relating to voice recognition software that enables users to issue voice commands to the TV via a small microphone on the remote control. Disturbingly, the software does far more than that.
According to Samsung: "Please be aware that if your spoken words include personal or other information, that information will be among the data captured and transmitted to a third party through your use of voice recognition."
As they see their data increasingly compromised by software vulnerabilities and malicious hackers, IT users will become more security conscious and less likely to share confidential information on social networking or in unencrypted emails.
Until this intelligence gap between IT users and the true nature of modern communications technology is closed, many may find themselves staggering blindfolded through an Orwellian maze with all manner of 'third parties' - official and unofficial - looking over their shoulders.
Stuart Poole-Robb is chief executive and founder of the KCS Group.