Photos and privacy: Say cheese!!

I was sat reading my book in a roof top bar in London.   The evening was drawing in and it had been a long day in travelling down to London, walking for around an hour from the train station to the hotel in which I was to be staying, and then getting checked in and settled.

As I sat there reading my book I saw a flash out of the side of my eye, from the phone in the hands of the gentleman sat to my right.    Had he just taken a photo?    Was his phone camera directed at me?  If so why?

As we use our devices more and more, including using them in public, there is an increasing chance of accidentally invading someone else’s privacy, of taking a picture of someone without their permission.   This photo may then go on to be shared on social media.

When I used to work out in the UAE I would often spend holiday periods sat by the beach in Abu Dhabi, and like my incident in London, would quite often feature in the holiday snaps of other people visiting the beach.     These holiday snaps would most likely then get uploaded to Facebook or other social media sites where facial recognition might attempt to tag me in photos that I was otherwise unaware that I was in.   There now was a public record of my holiday activities yet I hadn’t created it and may not even be aware of its existence.

Looking at the above incidents from the viewpoint of the person taking the photo there comes a point where we need to ask permission or to warn people before we take a photo.    This wasn’t the case when our photos had to be developed from film and when sharing was limited to showing friends and relatives the photo album you have gathered.   Now photos are digital and can easily be shared online, copied and even amended and adjusted this has become more important.   The question though is when is it acceptable to capture people in a photo by accident and when should we be asking permission?

From the point of view of the person ending up in a photo we have to ask whether we are happy to end up in someone else’s photo that may be shared.    As professionals would we be happy for photos of birthday party antics being online for people to find?    This leads to the difficult situation of having to speak to people taking photos to question their motives and intended use of images.   This does not generally come naturally to us as it often involves addressing strangers.

The increasingly common use of photography due to the ease of use brought about by high definition cameras built into our mobile phones presents a challenge.    The benefits of taking more photos, more photographic records of events, which are then shared versus the risk to personal privacy.

Do you tend towards the need for privacy or the benefits of taking lots of photos?

As facial recognition, big data and AI improve does this become more of an issue?

Wheres my data?

binaryBeing a citizen in a digital world means using an increasing number of services in our daily lives.   Online banking, passport applications, email accounts, twitter and other social media accounts, an account for google so we can store our favourite locations in Google Maps and backup our phones app data, accounts for our fitness tracker and for amazon.   The above represent a small number of the services which we may be using.    Our students may be using even more services including music and video streaming services, Instagram, Snapchat and a multitude of other services which I doubt I could identify or name.    And as our use of technology increases we enroll in ever more services including services relating to our home assistant and our home control systems among others that are yet to be invented.

But who has our data and does it really matter?

In thinking about this I remember back to a student I met in the late 90’s.    Using some basic information about me, his teacher or lecturer as I was then, he was able to tell me where my home address was and basic information about my immediate family.   He was even able to provide a basic route map from the college where I worked back to my family home all based on a couple of basic facts and a couple of online web services.   This immediately took me into a lesson on the risk associated with the internet and also on ethics relating to publicizing of data and also deciding on how it should be used.

That was almost 20 years ago, when the amount of data which was on the internet about individuals was significant less than it is now.    When our ability to search through, sort and sift through data was less than it is now.

So if that was possible 20 years ago what might be possible now and also what might be possible in the near future?

Should we sign up and provide ever more data to online services or do we need to stop and take stock of who has our data and the why?

Encryption, privacy and public safety

hackerThe internet provides us with freedom to discuss ideas and thoughts, to collaborate and share.   For educators this is invaluable in sharing teaching techniques, resources and also allowing for the discussion of pedagogy and teaching ideologies.   It also allows us to securely purchase goods and services and to share images and video with our friends via social media such that only those we wish to have access to our content will have access.     For organisations it allows secure communication and transfer of files such as confidential or other sensitive business documents even when staff are out of the office travelling on business.    It allows files to be protected through encryption so that only authorized personnel have access.     On a personal level it allows files to be protected from prying eyes for where they are of a personal or private nature.

The above represents the positive side of technology, however technology is a tool and therefore much as a hammer can be used to build things or as weapon of violence, it can be used for malicious and evil purposes as much as it can be used for good.

In particular, the ability for secure communication and sharing of files can be used in planning acts of terrorism.    It can be used in coordinating acts of violence or other criminal activities.   It can be used to prevent police or intelligence services from accessing files which relate to illegal activities.

The above represents a dilemma.   From the security perspective we want the police and intelligence services to be able to access files and streams of communication for the purposes of keeping us safe.    This seems logical and an obvious step in light of recent events in the UK.    The prime minister in her recent speech made reference to how the internet provides a safe space for extremism to grow and how this needs to be tackled.   The issue here is that to do so we need to introduce vulnerabilities into the encryption methods to allow the police and intelligence agencies to have access.    This means that secure access methods become less secure not just for those conducting or planning illegal acts but for all users.   The vulnerabilities that give the police access, may be discovered or breached by criminal or other threat actors.      It’s like adding an extra side door to your house where only the police have the key.    If someone manages to copy the key, someone manages to create a skeleton key or if the police lose the key, then our house becomes accessible to those we would prefer to prevent from access.    The new door represents an increase in the risk to the privacy of home.    A perfect technology example is the recent WannCry ransomware where the source of some of the used vulnerabilities can be traced back to the NSA.    The NSA had discovered the vulnerability and developed tools to exploit it with a view to using it to protect people’s safety however when this leaked the same vulnerability was put to malicious use having a significant impact on the UK National Health Service (NHS) among others.      Any weakening of encryption is going to increase the risk associated with the security of business communications, banking, social networking and any other systems where data is being exchanged using the now weaker encryption methods.

Although giving the police and intelligence agencies the tools to better identify illegal activities and terrorism online sounds an obviously good idea, it doesn’t come without some downsides and risks.

Where is the correct balance between personal and corporate privacy and the ability of national agencies to view and intercept data in the interest of public safety?  

Where does personal privacy end and public safety begin?

 

 

 

 

 

 

Secure communication and sharing to prepare

Easy access to information.

Communication for the purposes of coordination

 

The internet is neutral with no-one exerting control.   It crosses boarders.    So how would it be effectiviely monitored?

If it is monitored then this introduces vulnerabilities to protocals which have security at their heart.   Such vulnerabilities, may become known by malicious actors.  This is a risk.