Exploring Linux, security, and privacy

Not Just the NSA: Privacy Breaches Closer to Home

In Short: Negligence and Privacy

These days talk of the NSA’s PRISM program and its other surveillance programs tend to be the focus of privacy discussions, but recent gaffes like at yesterday’s Super Bowl XLVIII and more serious incidents such as during the trial of George Zimmerman for Trayvon Martin’s murder show us that the average Joe can cause serious privacy leaks as well.

I give an overview of these events and offer a suggestion on the sort of vigilance you should keep in mind.

Super Bowl XLVIII as a Case Study

During yesterday’s Super Bowl there was an amusing incident in which the stadium’s internal wifi credentials were broadcast on national television; social media pounced on this and spread a snapshot of the monitor displaying the credentials rapidly. This incident serves to illustrate that privacy breaches can happen much closer to home than those focusing on the NSA might be most wary of. Indeed, while companies like Google and Yahoo received 59,000 NSA demands for account contents over the past six months, having everyone in your vicinity being made aware of your wifi SSID and password or more sensitive information is probably a more immediate and tangible concern and much more likely to happen to ordinary, boring (to the NSA) individuals.

The Zimmerman Trial Leaked Personal Information

The media — cameramen in particular — were responsible for the aforementioned Super Bowl wifi incident; they were also responsible for a much more dangerous breach of privacy. During the highly polarizing and controversial trial of George Zimmerman for the murder of Trayvon Martin, CNN broadcasted unredacted footage of Zimmerman’s personal identifiers including his date of birth, address, phone number, and most alarmingly his social security number.

However one felt personally about Zimmerman prior to the outcome of the trial, nobody deserves to have their personal information leaked against their will especially when they’re at the epicenter of such controversy and polarization. All of these personal identifiers are often used to verify one’s identity for healthcare and a variety of other services. One hopes that representatives of the various services Zimmerman used were alerted and were able to catch on to what was likely a deluge of attempts to mine more of his personal information or disrupt his life by engaging in identity theft, but this is very wishful thinking; when attacks like this are successful they are very costly and troublesome to recover from. At the end of the day this was all due to the negligence of one ordinary cameraman.

Again, it wasn’t a nebulous United States government entity but instead a nearby individual who was the biggest cause of concern.

When Will Your Personal Information be at Risk?

To be sure, most of us probably won’t find ourselves in a situation where we need to manage some sort of secret information in an at-all public area, and I’m not going to pretend it’s worthwhile being overly vigilant about those around you beyond reasonable common sense. Instead, given the nature of the incidents I’ve mentioned, I’m going to urge caution with others’ personal information if it could ever come up as part of your job or regular life.

One of the projects I worked on in the past involved thoroughly tagging images with metadata, and in a legacy system there was one entry of distantly personally identifying information temporarily stored in the images to facilitate a process. Had I overlooked this and not purged the metadata afterward it would be possible for several images to be floating around the web tagged with some weak identifiers, but even weak identifiers can be used to discover more confidential information; the age of big data, machine learning, and predictive analytics on the whole prove this beyond a shadow of a doubt.