Hackers and companies alike finding clever new ways to circumvent privacy

Hackers and companies alike are increasingly able to discern identifying information about people, such as their gender, based on indirect data.

By NIV ELIS
Updated: JUNE 23, 2016 01:34
Hacker (photo credit: INGIMAGE / ASAP)
Hacker
(photo credit: INGIMAGE / ASAP)
Most people know, at this stage, that the little computer they carry around in their pocket tracks their location, taking note of their every move. Those concerned with their privacy might, for example, block their apps from accessing their GPS.
But last year, a group at Stanford working for Rafael Advanced Defense Systems discovered that they could figure out people’s location with 90 percent accuracy based solely on their battery usage.
“There are so many censors, it’s very hard to keep privacy on a mobile,” said Yuval Elovici, the director of the Deutsche Telekom Laboratories at Ben-Gurion University Wednesday at a Tel Aviv cybersecurity conference, the IEEE Experts in Technology and Policy (ETAP).
Hackers and companies alike are increasingly able to discern identifying information about people, such as their gender, based on indirect data.
“Do you think I, as a cybersecurity expert, need the user to tell me their gender? I 0can even tell if they’re not sure about it!” he said. Information such as what apps people download, or even the way and frequency with which they check their phone (which the device’s accelerometer monitors) can give away that detail, he said.
More troubling still, advances in big data analytics over time mean that information that can’t yield any identifiable results today may be useful for interested parties tomorrow.
“If you knew that your life expectancy could be derived from your information, you might not give permission for it,” he noted.
Part of the problem is that users are often unaware of what companies may do with the data they collect, such as sell it to third parties.
“Most of you have apps on your phone. You install them without reading the privacy policy. I write them. I know how much time people invest in them,” said Jonathan Klinger, an Israeli cyberlaw attorney. “The problem is not just that people don’t read the agreement, but you don’t have any way to monitor your data.”
It’s no surprise that people don’t know what’s written in their privacy policy. According to Limor Shmerling Magazanik, director of licensing & inspection at the Israeli Law, Information & Technology Authority, it would take the average consumer 201 hours a year just to read through all their privacy agreements and terms of service, so they agree to share all sorts of data without a second thought.
“Privacy is one of the foundations of consumer trust. It’s a basic human right,” she said. “Consumers are increasingly concerned about companies selling PII, personally identifiable information, and governments accessing it.”
Yet the more technology develops, the more difficult it is to prevent personal data from being amassed and potentially sold or leaked.
At the ETAP meeting, the experts called for a plan to bridge the gap between the technology and the regulation.
Klinger, for example, suggested a layer of metadata be embedded into data-related files to allow consumers to check who is accessing their data. Others suggested greater efforts toward education.
In the meantime, warned Elovici, even vigilance will only get people so far.
“We developed a tracker that can, to a 95% accuracy, identify the level of alcohol in your blood,” he said “I never imagine that when I allow this information to be collected about myself, it could be used in this way.”


Related Tags
computer hacker