Security

Keeping privacy front of mind

Share this post:

Author: John Martin, Senior Security Architect, IBM New Zealand

A colleague was telling me recently that he and his wife had been idly viewing an open house on the weekend. It was a routine, everyday moment – but then something caught his attention.

The estate agent was using an iPad to allow visitors to register their interest in the property. The registration requested the usual information: name, address and contact details. There was no explanation or rationale for having to register, just a prompt to ‘Register here”. But what really got my colleague’s attention was the fact that the iPad’s camera was on.

His first thought was ‘why’? What purpose could there be for the camera to be enabled and turned on?

A simple explanation, or something more concerning?

When he explained the scenario to me, my thoughts went beyond just the immediate privacy concerns the camera posed. What if the iPad was listening to and recording the comments of people in the vicinity as well? Most people probably wouldn’t think of this possibility, or even put two and two together, but let’s consider the implications.

In this situation, with an open invitation to register, your picture is being taken, and any reactions during your visit are potentially being recorded. Plus, if the iPad is connected to a wireless network, your details could be immediately transmitted to the estate agent’s office for further follow-ups, or sent via the internet to anywhere in the cloud. And all this could take place without your knowledge, after being given no explanation for the need to register, apart from a simple request.

Factoring privacy into your everyday decisions.

So what is wrong with the aforementioned scenario? First of all, there’s no explanation of why you should register via the iPad, why its camera is turned on, whether recordings are enabled, or how and why the information is being collected and analysed.

By default, you have been ‘opted in’ to something without knowledge of how or why your details are being captured, what is being recorded, and where it is being stored or for how long.

Knowing all that, would you be a little hesitant? What would you do?

1)  Ignore it – This is probably the typical reaction, and it’s understandable to just assume there’s nothing to be concerned about.

2)  Request an explanation – Ask the estate agent what’s the purpose of the registration, why the camera is on, and whether recordings are taking place. If you like the property and say “I would like to live here”, could your recorded words be construed as a positive affirmation you would agree to buy the property? What are the implications? Does registering give the estate agent your permission to use the information any way they want to?

3) Ask them to erase your details – You can, but what if the estate agent is evasive? Do you report the incident to the Privacy Commissioner’s Office via their complaint scheme?

4) Turn off the iPad or cover its camera – This might not be a good idea, as you could be accused of criminal damage.

5) Ignore the registration or walk away – If you’re concerned about privacy, this is probably the best course of action.

My advice: if you suspect your information is being captured with no explanation given, ask questions. If you’re still uncomfortable, take a few photographs of the scene and report it. In New Zealand, you can lodge a complaint with the Privacy Commissioner’s Office via their complaint scheme here and in Australia you can lodge a complaint with the Office of the Australian Information Commissioner here.

And remember, the need to exercise the same privacy and cybersecurity vigilance in your business as you do in your personal life. If you’d like to learn how you can create an integrated and cohesive cyber resilience plan in your organisation, speak to the experts at the IBM Cyber Elite today.

 

More Security stories

The need for gender diversity in cybersecurity is real

Author: Pelin Nancarrow, Consulting & System Integration Leader A/NZ I have been helping clients establish guidelines for implementing, maintaining and improving information security management in their organisations for 17 years. Although it has improved, I am often still the only woman in the room. It is now more critical than ever for organizations to attract and retain […]

Continue reading

The value of psychology and cognitive science in Cybersecurity

Author: Fiona Byrnes, AP Managed Security Services Delivery Executive, IBM Security Who is today’s cybercriminal? What new data can be commoditised or code weaponised for disruption? These are common security intelligence questions asked in our client conversations. While these questions are about the preventative tools, testing, analytics, and security methodology, they also have underlining psychology. […]

Continue reading

Cybersecurity needs your skills

Author: Holly Wright, QRadar Flows Product Owner, QFlow Software Engineer, IBM Security A little-known fact about cybersecurity is that it is one of the most diverse industries out there. Think of any company. You’d be hard-pressed to pick one that hasn’t gone through some sort of digital evolution, in some shape or form. Healthcare, finance, mining, […]

Continue reading