Event Recording

Privacy: The Real Cost

Log in and watch the full video!

Privacy is one of the most challenging aspects to protect in identity solutions.

The entities that stand to gain the most from surveilling users can use convenience as a bargaining chip. Users understand and appreciate convenience, but they often don't appreciate the costs of loss of privacy, as the consequences often play out well after the violation occurred.

Identity practitioners often take the need to preserve privacy for granted, and in so doing fail to help users and solution designers understand the concrete impact privacy violations can have on the lives of users. This session will arm you with the concrete scenarios you need to instill in customers and colleagues a new awareness of the real costs privacy violations can have.

Log in and watch the full video!

Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.

I have an account
Log in  
Register your account to start 30 days of free trial access
Subscribe to become a client
Choose a package  
John everybody. And welcome. Thank you for taking the time to come here and stick until almost seven and investment. Next. I can tell how many minutes otherwise we will pull me off stage thinking about how you can make the non-technical people in your life care about privacy. So most of the cutting edge content about privacy is written by the worst possible combination in term of communicators. Half of it is it people and half of it is lawyers. So the content for about privacy is normally impenetrable to their normal human. And the thing is there are beautiful, fantastic, really good books about privacy that are designed for non-technical people. Like I should get a commission from Johan Z Bosky because at least 20 people bought the age of survey surveillance capitalism, because I suggested it. Actually, Johnny just walked off stage. I bought her a book version of that.
Like I gifted it to her. Those books are really good, but they have a fatal flaw. They assume that the reader already cares about privacy. And so many times that is absolutely not the case. So why some people don't care about privacy. There are a number of reasons that somehow prevent them from, from doing that. The top objection is classic. You heard the former CEO of Google saying that is that if you didn't do anything wrong, why would you want to hide something? And of course, that's, I can't say the word, because again, they will not invite me next year. If I say that, basically that's patently not true. We wear clothes and we don't always hide ugly things. It's just that we wear clothes because we want to control the context with which we have our interaction with others. If we are particularly wealthy, we might occasionally avoid flaunting our wealth to people because we might worry that our relationship might turn transactional.
So in general, the fact that you want to hide something, the fact that you want to appear in the way you want in edit your presence is a basic, right? So I dispel this one and I will not go back on those, but there are many others that instead will deserve more time. And in particular, one big problem. And the reason for the title of a talk is that usually when there is some kind of event, like an leak or a in the moment in which someone does something, which is like not very wise in term of a privacy, they don't face consequences right away. They usually have consequences away in space and time. And so people don't understand the real cost of privacy. They don't connect with dots. The other thing is that very often people don't realize that they are being surveyed. Like you go from one extreme in which people just assume that it's happening all the time to people saying, well, whatever, like you are being paranoid.
So they don't realize that they are being surveyed. And then finally, and this one is like the most pernicious is there no way this will happen to me. People that just can't relate to the various incidents that are being talked about. And those are the reasons for which, like I did a bit of research and found that those are the main clusters around which people concentrate, their beliefs or lack of. So how do we fix this? Well, it's not easy before doing this talk like as a good, lazy south Mediterranean person, I try to outsource it. I tweeted and saying, dear privacy experts tell me what to do. And no, there is no clear solution. Like it's very difficult to make people care about something that they don't care about. But the one way that I found that is somewhat as a modicum of success is to tell stories, tell stories with our concrete and relatable so that people can see themselves in it.
And that's a bit of a hack like in behavioral economics, you know, there's a long list of cognitive biases. The example bias is the one you can use here. When someone can promptly evoke a memory or a vivid imagery of something, they will tend to believe that something so classic effect of nine 11, in which people saw those horrible images of the fly of the planes hitting the, the S and then they immediately developed a fear of flying, which is not proportionate to the thing. So clearly here, we don't want to do that, but maybe we want to do a bit of that. We want to scare people in compliance for their own good. So I'm going to take those free categories and give you concrete stories that hopefully you can use for the people in your life to make them care a bit more about Travis.
And the main one for me is this not connecting the dots. And here is one of my favorite examples. There is this company in the us that sells centered candles. And at a certain point, they got a wave of one star reduce, like suddenly, like from being like the darling of centered candles industry, they started getting voice one stars. And the interesting thing is that those reviews were clustered around COVID outbreaks. And so what was happening is that people lost their sense of smell, and they fought that the candle was defective. And so they did was reviews and in, so doing, they outed themselves as they COVID di diagnosis, which is like, is not a sin, but you might want to choose the time and the place in which you disclose it. So this one is a good, I believe, example of unintended consequences in which you are just typing a review, like you reviewed many other products.
And now this thing is saying something about you that maybe you would've wanted to say in a different way. This case is like a, the most obvious how many of you took a commercial genetic test, like 23 on me or, or ancestry.com. I see that you all care very much about your privacy. That's good. That's very good. I did, because of course, toxic narcissist. I want to know about myself, but turns out it might not have been a very good idea because lately police, whenever they have like a crime scene, they gather genetic material. And then they search databases of people, such as myself who took those tests. And the outcome is that if the perpetrator, it is somewhat related to you, even if you share some genetic material, then you will be in the suspect's list and you might say, well, I'm innocent. So I will be cleared.
Sure. But if your job entails like a reputation in your community, the sheer fact that you are in that list might ruin your reputation. And so real consequences. And here I added to add for completeness, where is visa subreddit called today? I F up and visa was very F up of the month. It was one guy who spent his birthday allowance to buy for himself and his dad, a genetic test. You already know where I'm going. Turns out that the, the guy was the biological son of his uncle. And so like his entire family unraveled because of that. So genetic task privacy, ah, care is needed shouting, which is the apartment of sharing and parenting. The two characters in the slide became famous because they started YouTube channel in which they were pranking their kids. I'm not sure what that means, but the outcome was that we lost custody of our kids.
So that is somewhat extreme example of oversharing and like not being particularly canonical parents. But in fact, it's just a.in a GMU in which actually just sharing pictures of your kid is something that brings privacy implications. Because you know that there is like these algorithm, TM, which rules a lot of aspects of our lives. Whenever you share something about your kid, you are fast forwarding their presence in the digital world in ways that for which they have no agency, and this algorithm is mysterious. Like you don't know if a prospect employer in the future sees the picture of your kid completely covered in Nuella and say, well, this guy's gonna be a very messy employee. I'm not gonna hire him. And like, that sounds like a job, but it isn't, unfortunately it isn't. So for people like, and here I guarantee, I tried, you will not get your friends to stop sharing pictures of the kids, but at least maybe they'll be more discerning about the kind of pictures that we share location.
This one is again, one of my favorite, I dunno, if you ever use the Strava, I like travel because it has V R I gonna pronounce it correctly. It's an app that you use for tracking your workouts. And what happened was that at a certain point in, in a mapping, which there was supposed to be nothing, a cluster of workouts suddenly appeared in Strava. And what happened was that there was a secret base and the soldiers there were like doing their workouts. They were tracking it. And so suddenly this thing appeared in a map like the perimeter of a base. So good unintended consequence of doing fitness tracking, which by the way, I do as well. So I'm like a doctor that Sal who don't smoke. So I'm aware, I'm aware, but this thing might be an something that people don't really relate saying, well, I'm not a soldier who cares.
What about this? During the black lives matter, two teenagers were verbally abused by random viewed on a bicycle. And the teenagers took a video of a guy and published it on the internet. And of course, Twitter did its thing and went out to try to docs, to identify in real life, this person. And they did find someone that corresponded to a description in Strava that happened to be doing the same path where they had to encounter every day. And so these guys spent two days of hell because the entire internet was basically wanting to Lynch him, but it wasn't him. It just happened to be bald middle age, riding the bike at that time every day. So again, this is a potential connecting the dots of a situation where people might not just be aware that stuff like this can happen. Okay. This one is a bit easier because people have experience of saying something inve they add, which is better, naturally relevant.
And so they get a bit of a feeling, but there are still areas where people don't realize that things are happening. One thing you might object is, well, they, when people use the center website, they have to agree to the terms of service. So all fine, right? Not so much the, they did with a nice experiment in which way had the fake website and the terms of service, they ask the people to give up their first board. And guess what? The vast majority of people. Yes. So unfortunately the term of service, if you are truly honest, about trying to prevent abuse and have people aware of what's going on, it's not a good remediation. Facial recognition is everywhere. I believe that Mike is going to give you a fantastic session about it. So I will not go in further little, but let's just say that if you, whenever you go in the areas of the city, which are like with crime crime, or like, even with just like some form of discrimination, you will probably experience heightened surveillance.
And that is to be expected. But surveillance in term of facial recognition is also in places you would not expect tailored swift for a while, had kiosks at her concert venues, where they played all the clips of her performances. And this thing also had the camera. And whenever someone went to look at those clips, this camera captured the face of the person and compared it to hundreds of well known tailor Smith stole cars, which again, you might put yourself in their shoes and say, well, yeah, but the thing is that no one was told that this was happening. So not great. And the thing is that you don't need to be tailor Smith to attract people. Like we leave a visa, very bright wake behind us, like from going on Twitter and saying, I am a vacationing place X or I'm eating and flex. Why clearly broadcasting, you are not home or simple passive things just like coming online and offline, like can reveal patterns about what you're doing.
And aggregation composition is also a danger. Like you might be on your employer website. There might be your email published. For some reason, if you're using the same nickname in that mail that you use on your Instagram, then people can find you there as well. And here is an extreme example, which is terrifying. There was visa Japanese fan that went through a lot of pictures of his idol and found in various pictures, reflected in her eyes, the name of a station where she lived. And so he went there and waited for her and actually assaulted her. So something as simple as selfies can get you in trouble in this respect.
Are you terrified yet? I know it's late in the evening for being terrified, but I'm doing my best here. Okay. No way it will happen to me. As I mentioned is the hardest in particular, have you ever tried to explain to your friends, Cambridge Analytica to tell them why? Yeah. This finger got a lot of metrics about users and then managed to find ways of profiling people so that they could place ads at the right time and sway their decisions in term of a political Linux. And people typically go like, I'm not stupid. I'm not changing my position because of an ad and where you can't give them an accelerated course in behavioral economics. It's kind of like, it's just hard. So you can try different angles. For example, we have in America is a website called Ashley medicine. It's a, a fair as a service in which basically you subscribe and you use it for finding someone who's also wanted to have an affair and with finger combines, or at least that's their value proposition. The thing is a few years ago, their entire user population got dumped in public and hackers built a tool in which you just got type the name and find with that. Okay. All the things that I said, whether I do wrong, this one I did not do so you can, you can go and search for my name. And tric is not the user of real name.
Anyway. So here, the, the main point is like, most people will not use this kind of service, but there are like countless other services where people might not be okay with people knowing that they are going for this thing. And so instilling in them the awareness or the possibility that things might go south in this way might make them a bit more cautious. And then finally, I'm gonna close and I'm gonna leave you with visa anecdote, which I absolutely love, which I got from an, a privacy expert in Italy. Like as part of a preparation for visa was like calling, talking with people. This guy wrote like a number of books. And this thing is like fantastic. He tells me that he was once stuck in traffic and he was on the phone call with a NNA, hence the free system with a colleague. And at a certain point they audio just disappeared. But they found said that there was still a call, as it turns out, his wife was also stuck in the same area. And given that his phone was also paired to his wife's car, their conversation moved there. And so now the wife was now suddenly connected with a colleague. And now if it's a colleague, it's fine. You'll make a little laugh, but I don't think I need to go into the details.
Thank you. Thank you. Thank you. Thank you. I'm almost, I'm almost done. I'm I'm basically done. So here, the thing is, privacy is a tragedy of a common, like something that is important for everyone. If a society does not have a privacy, we, you cannot have democracy by very definition, but unfortunately they, they tragedy the common as the characteristic that people might not be incentivized to do a, to do their part to help because they might just think the others already doing it. So they don't need to. It's kind of like limiting a much. We fishing for a certain population and if no one fishes, but you are the only one, then you'll be fine. So we want to get out of this mode. And we really want to help people that even if they think that privacy is not attaching them, it is, they already have skin in the game and they are already risking serious consequences.
And my hope is that those little stories will give you a leg up during discussions over drinks with your friends. And the thing is we might think that we are in a complicated word and that it's difficult to Dodge all the surveillance. This is nothing. Think about how the sensors are getting better. They're getting more ubiquitous. Think about AI, which is more and more efficient in extracting meaning from less and less information. And think about the, the moment in which apple will finally give us augmented reality glasses. I'll be the first to buy them by the way. And at that point they'll know everything, absolutely everything all the time. So the time to sensibilize people is now. So let's do our best to do at the end in good tradition. I'm going to close with something which like is completely inappropriate. My designers are this image. And I thought, well, maybe let's not do it. But when I thought, no, it's fun to show like that. I, I tell you to do certain thing, but then I do the opposite. So let me overshare here. Thank you.

Stay Connected

KuppingerCole on social media

Related Videos

Event Recording

Cyber Hygiene Is the Backbone of an IAM Strategy

When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day,…

Event Recording

The Blueprint for a Cyber-Safe Society: How Denmark provided eIDs to citizens and business

Implementing digital solutions enabling only using validated digital identities as the foundation for all other IAM and cybersecurity measures is the prerequisite to establish an agile ecosystem of commerce and corporation governed by security, protection, management of…

Event Recording

Effects of Malware Hunting in Cloud Environments

Webinar Recording

Advanced Authorization in a Web 3.0 World

Business and just about every other kind of interaction is moving online, with billions of people, connected devices, machines, and bots sharing data via the internet. Consequently, managing who and what has access to what in what context, is extremely challenging. Business success depends…

Webinar Recording

A Winning Strategy for Consumer Identity & Access Management

Success in digital business depends largely on meeting customers’ ever-increasing expectations of convenience and security at every touchpoint. Finding the best strategy to achieve the optimal balance between security and convenience without compromising on either is crucial, but can…

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00