Blurring the Lines Between Public and Private Spaces

This is the first in a series of thought pieces from Data Privacy Program Guide: How to Build a Privacy Program that Inspires Trust, by David Goodman , Justine Phillips , and Matt Stamper, CIPP/US, CISA, CISM, CRISC, CDPSE, QTE . In the following excerpt from Matt Stamper’s essay on why privacy matters for Chapter 1, Matt helps us understand that as smart devices and surveillance cameras become more pervasive, the lines between public and private spaces blur. It's crucial to understand the impact of these technologies on our privacy, both personally and professionally, and take steps to protect our data. Please enjoy.

The lines between public and “private” spaces are blurring. Not long ago, concerns related to privacy at home were minimal, primarily focused on shredding those documents we didn’t want dumpster divers to find, adding our names to do not call lists, and opting out of junk mail. Today, our homes are filled with devices that listen to our conversations, waiting for a query to interject and offer assistance. We certainly welcome the convenience that these voice-activated tools offer (“Alexa,” “OK Google,” and “Hey Siri”). However, we may not be fully aware of how these smart devices and smart speakers encroach upon and listen to private conversations.

I’m bringing in these personal examples to highlight an important dynamic that is shared with cybersecurity. Security awareness training at work has become more effective when the impacts of security issues and data breaches can be related to a corporate context and at a personal level. We’re the victims as much as the company that had its security controls bypassed. So, too, are the privacy impacts of consumer-oriented services and technology. Pause and consider “why privacy matters” not only for your organization but also for how it impacts your personal life and the lives of your family, friends, and colleagues.

Our privacy in public spaces is also under assault. The reality is that our ability to absent ourselves from public scrutiny and minimize our digital footprint requires significant effort. Public spaces, including restaurants, parks, venues such as stadiums, and city streets, are filled with webcams and other devices to monitor activity. These cameras have proven remarkably useful in solving crimes, including the notable instance of the Tsarnaev brothers, who were quickly identified using an amalgam of video clips around the site of the Boston Marathon bombings. Those same cameras also capture intimate moments of ordinary individuals walking down the street with friends. Daily, we see crime videos, fights on campuses, and rude behavior captured on mobile phones and uploaded to popular sites such as YouTube. Open-Source Intelligence (OSINT) expert Michael Bazzell’s most recent book—Extreme Privacy: What it Takes to Disappear—comes in at over 550 pages. Keeping private is not for the faint of heart.

Law enforcement and intelligence agencies’ extensive use of surveillance techniques cuts both ways. Individuals who serve in law enforcement are frequently “doxed.” Indeed, a good friend of mine who works in law enforcement is concerned that his personal, private information (including his unlisted phone number, address, and details about his family) will be exposed, placing them at risk. The same OSINT techniques that Bazzell writes about and that are used to find domestic violence offenders, human traffickers, terrorists, and criminals are frequently reversed and used on law enforcement and innocent victims, frequently to deadly effect. Victims of domestic violence who are trying to build new lives and escape their perpetrators are frequently discovered after the posting of some seemingly innocent picture to a social media site by a friend who does not recognize that the photo’s embedded metadata contains the GPS coordinates where the victim can be discovered. Anyone who works for a battered women’s shelter trying to help the victims of domestic violence knows that privacy can be a life-and-death matter.

To see how the Data Privacy Program Guide fits into your reading journey, reference our reader's guide on our LinkedIn Company page: https://www.dhirubhai.net/feed/update/urn:li:activity:7216934015398813697/

To browse this and other books in our catalog, please visit the bookstore at Black Hat USA. https://blackhat.com/us-24/