Table Of ContentPrivacy in the Age of Big Data
Privacy in the Age of Big Data
Recognizing Threats, Defending Your Rights,
and Protecting Your Family
Theresa M. Payton
and Theodore Claypoole
Foreword by the Honorable Howard A.
Schmidt
ROWMAN & LITTLEFIELD
Lanham • Boulder • New York • Toronto • Plymouth, UK
Published by Rowman & Littlefield
4501 FORBES BOULEVARD, SUITE 200, LANHAM, MARYLAND 20706
www.rowman.com
10 THORNBURY ROAD, PLYMOUTH PL6 7PP, UNITED KINGDOM
Copyright © 2014 by Rowman & Littlefield
All rights reserved. No part of this book may be reproduced in any form or by any
electronic or mechanical means, including information storage and retrieval systems,
without written permission from the publisher, except by a reviewer who may quote
passages in a review.
British Library Cataloguing in Publication Information Available
Library of Congress Cataloging-in-Publication Data Available
Payton, Theresa M.
Privacy in the age of big data : Recognizing threats, defending your rights, and
protecting your family / by Theresa M. Payton and Theodore Claypoole.
p. cm.
Includes bibliographical references and index.
ISBN 978-1-4422-2545-9 (cloth : alk. paper) -- ISBN 978-1-4422-2546-6 (electronic)
TM The paper used in this publication meets the minimum requirements of
American National Standard for Information Sciences Permanence of Paper for
Printed Library Materials, ANSI/NISO Z39.48-1992.
Printed in the United States of America
Foreword
As a partner in the strategic advisory firm Ridge Schmidt
Cyber, I help senior executives from business and government
develop strategies to deal with the increasing demands of
cybersecurity, privacy, and big data decisions. We often talk
about the importance of maintaining security while protecting
privacy and enhancing business processes. When I served as
special assistant to the president and the cybersecurity
coordinator during President Obama’s administration, we saw
repeatedly that the choices were not easy—if they were would
not still be wrestling with this issue. It’s a challenge I saw on
both sides of the table from my roles with the White House,
Department of Homeland Security, US military, and law
enforcement to my roles in the private sector at market leaders
such as Microsoft Corporation and eBay.
Some experts have indicated that the volume of data in the
world is rapidly growing and is perhaps doubling every eighteen
months. A recent report published by Computer Sciences
Corporation (CSC) stated that the creation of data will be forty-
four times greater in 2020 than it was in 2009. IBM has said that
90 percent of the data in the world today was created in 2011–
2012. This might be why the elusive tech term of “big data” is
starting become more mainstream within your household or
workplace. How we collect and use the growing data supply can
impact our professional and personal lives. Big data—is it going
to prove to be a boon or a bust to business bottom lines? Is it
the answer to all of our national security needs, or will it
undermine the key liberties we cherish? Just because we can
collect massive amounts of data and analyze it at lightning
speed, should we? Are companies designing big data with
privacy and security in mind? Big data analysis can be used to
spot security issues by pinpointing anomalous behaviors at
lightning speed. Big data provides businesses and governments
around the globe the capability to find the needle in the
haystack—by analyzing and sorting through massive treasure
troves of data to find the hidden patterns and correlations that
troves of data to find the hidden patterns and correlations that
human analysts alone might miss. At the present time, most
organizations don’t really understand the best way to design big
data applications and analytics, which translates into massive
data collection with a “just in case we need it” approach.
Companies may collect everything without truly understanding
the data-security and privacy ramifications.
As business and government collects and benefits from all
of this data, capturing data becomes an end in itself. We must
have more and more data to feed the insatiable appetite for
more. And yet, we are not having a serious public discussion
about what information is collected about each of us and how it
is being used. This book starts the discussion in a provocative
and fascinating manner.
Nearly every industrialized country has passed laws
addressing use of personal data. Some such laws exist in the
United States, but the US Congress has not passed a broad law
limiting the collection or use of all sorts of personal data since
before the Internet was introduced to the public. The technology
to gather and exploit information has rapidly outpaced our
government’s willingness and ability to thoughtfully pass laws
protecting both commerce and privacy, so that business does
not know what it can do and citizens are left unprotected.
Around the globe, too many citizens are exposed to identity
theft, businesses are struggling to deal with cyberespionage
and theft of intellectual property, banks are increasingly fighting
regular cyberdisruptions, and the list of malware and breaches
continue to mount against social-media networks and Internet
platforms.
Big data and analytics will revolutionize the way we live and
work. Those incredible benefits could look small in comparison if
we do not address the issues of security and privacy. The best
way to achieve that is to be better informed and strike the right
balance. The potential privacy and security issues from big data
impact all citizens around the globe, not just within the United
States. The issues within the United States regarding citizens’
right to privacy and reasonable expectations for security cross
political party lines in terms of what is at stake. Now is the time
political party lines in terms of what is at stake. Now is the time
to for countries to discuss and design a consistent set of best
practices to protect the privacy of their citizens. In the United
States, we have not had meaningful significant legislation
passed on cybersecurity in over a decade. Now is the time to
join forces to defeat the possibility that any American’s personal
data could be compromised.
I have devoted my life’s work to the issues of protecting
people and our nation’s most critical assets, and I know Theresa
Payton and Ted Claypoole share my same passion for
leveraging technology capabilities to their fullest while planning
for the inevitable attacks against that same technology by
cybercriminals and fraudsters.
This topic is complex and not easy to understand, but finally
there is a guide written by cyberexperts, not for big data geeks
or techies, but for the average person. This book addresses
global concerns and will appeal to the business executive and
the consumer. Even if you consider yourself a novice Internet
user, this book is for you. Cybersecurity and privacy authorities
Payton and Claypoole explain in plain language the benefits of
big data, the downsides of big data, and how you can take the
bull by the horns and own your privacy. This book simplifies
complex and technical concepts about big data while giving you
tips, and hope, that you can do something about the privacy
and security concerns that the authors artfully highlight.
Theresa understands better than anyone that the specter of
a massive cyberdisruption is the most urgent concern
confronting the nation’s information technology infrastructure
today. She tackles this issue through the lens of years of
experience in high-level private and public IT leadership roles,
including when she served at the White House within the
executive office of the president. She is a respected authority
on Internet security, net crime, fraud mitigation, and technology
implementation and currently lends her expertise to
organizations, helping them improve their information
technology systems against emerging, amorphous cyberthreats.
Ted has also spent a long career in data management and
privacy, including addressing computer crimes and data privacy
with one of the world’s largest Internet service providers in the
with one of the world’s largest Internet service providers in the
early days of the web and helping secure information for an
enormous financial institution. Ted currently helps businesses
and governments of all kinds with information protection advice
and data-breach counseling. His work on data privacy topics for
the American Bar Association has highlighted some of the most
difficult legal technology debates of our time, including
geolocation tracking, biometric identification regimes, and gaps
in protection of DNA privacy.
Each chapter of the book shows how your everyday
activities, at home and work, are part of the big data collection.
The authors highlight the benefits of the data collection and
illustrate where the technologies could be used to compromise
your privacy and security. Each chapter provides tips and
remedies to the privacy issue, if those remedies exist.
The book opens with an introduction on why, like it or not,
your life is dominated by technology. The book begins with a
great write-up on the intersection of today’s technology with the
legal systems and privacy concerns in chapter 1, including the
arresting answers to the very important questions: “Why should
I care if government, business, or bad guys invade my privacy?”
If you believe you are already well versed on the issues, jump
ahead to chapters 13 (“The Future of Technology and Privacy”)
and 14 (“Laws and Regulations That Could Help Preserve
Privacy”).
Perhaps when Ken Olson, president of Digital Equipment
Corporation, said in 1977, “There is no reason anyone in the
right state of mind will want a computer in their home,” he was
onto something. Only now, we don’t really notice the computers
in the home, in our pockets, and even on our wrists.
The Honorable Howard A. Schmidt,
Partner of Ridge Schmidt Cyber,
previously the cybersecurity coordinator and special
assistant
to President Barack Obama
and cyber advisor for President George W. Bush
Introduction
Your Life on Technology
Where is the most private place in your life? Your bedroom?
Your bathroom? Your office? Can you count on carving out zones
of privacy within these spaces? What about your car, your local
pharmacy, your backyard, or deep in the woods walking by
yourself? Can you just disappear for a while and do what you
want to do without anyone knowing?
CIRCLES OF PRIVACY
We can think of privacy in concentric circles with ourselves in
the center. In the middle, held closest to us, are the secrets,
thoughts, and rituals that we keep entirely to ourselves and
share with no one. Further out are the conversations we have
and the actions we take that involve others but that we expect
to remain private. We also expect a measure of privacy toward
the outer circles, as some issues are kept within the family or
inside our company without further publication. Certain
information we hide from the neighbors, some financial data we
prefer to keep from the government, and there are certain
things that our mothers-in-law have no business knowing.
Privacy is complex and personal. Yet no matter what each
person’s perception of privacy is, some invasions are so
extreme that they raise an immediate cry from everyone who
hears about them.
Spying on Teens
Teenager Blake Robbins thought his bedroom was private.
In 2009, Blake was a student at Berwin High School, in the
Lower Merion School District near Philadelphia. The Lower
Merion School District sponsored a laptop-computer-loan
program, and Blake took advantage of it, borrowing one of the
school’s laptops to help him with his homework. On November
11, 2009, Blake arrived at school in the morning and was called
to the office of Assistant Principal Lindy Matsko. She informed
Blake that the school district believed he was engaging in
improper behavior in his home, and cited as evidence a
photograph from the webcam embedded in the laptop computer
loaned to him.[1]
The school district later admitted remotely accessing school
laptops to secretly snap pictures of students (and others) in
their homes, to capture the students’ chat logs, and to keep
records of the websites that the students visited. The software
used to spy on students was a remote capture program
supposedly included on these systems to prevent theft or loss of
the equipment (as if geolocation trackers would not be enough).
School technologists sent the secret pictures to servers at the
school, and school administrators reviewed and shared the
pictures.
Blake was shown a picture of himself with hands full of pill-
shaped objects, popping them in his mouth as if they were
candy. The picture was taken in Blake’s bedroom by the school-
owned laptop computer. Individuals in the school administration
believed these objects to be illegally obtained drugs, and that
Blake was breaking the law. Blake claimed the pills were Mike
and Ike brand candies and that he was simply relaxing in his
own room. The school disciplined Blake, claiming the computer
had surreptitiously captured pictures of Blake abusing pills in his
bedroom.
According to a subsequent report following investigation by
the school district, two members of the student counsel at
another high school in the Lower Merion School District twice
privately raised concerns with their school’s principal, claiming
that webcam’s green activation light would occasionally flicker
on their school-issued computers, signaling that the webcam
had been turned on remotely. The students found this creepy,
and the school district called it a “technical glitch,”
Blake’s family sued the Lower Merion School District, as did
the family of Jalil Hasan, whose school-issued computer had
Description:Digital data collection and surveillance gets more pervasive and invasive by the day; but the best ways to protect yourself and your data are all steps you can take yourself. The devices we use to get just-in-time coupons, directions when we’re lost, and maintain connections with loved ones no mat
