digital privacy as a currency in the big data ecosystem ast. prof. dr. sonny zulhuda faculty of law...
TRANSCRIPT
DIGITAL PRIVACY AS A CURRENCY IN THE BIG DATA ECOSYSTEM
Ast. Prof. Dr. Sonny ZulhudaFaculty of LawInternational Islamic University Malaysia
e: [email protected]: sonnyzulhuda.comtw: @zulhuda
•Concept of privacy: ▫Privacy: Right to be left alone▫Three domains: Anonymity, Solitude &
Secrecy▫Privacy: Respect and Control▫Privacy in the Islamic Perspective▫Privacy under threat of technology?
Sky News apologises after presenter is seen looking through MH17 passenger’s luggage
“After assessing 205 complaints about the broadcast, there are grounds to investigate under our rule on potentially offensive material” (UK Office of Communications – OFCOM)
The brief footage upset viewers claiming the British news channel violated the privacy of 298 victims who perished aboard the Malaysia Airlines plane..
Privacy Matters!
2012 (c) Sonny Zulhuda
4
What is Privacy Right?• The state of being alone and
not watched or disturbed.
• The state of freedom from interference or public attention.
• Includes three components:▫ Secrecy: information known
about individual,▫ Anonymity: attention paid to
an individual, and▫ Solitude: physical access to
an individual.(See, Raymond Wacks. 1989. Personal
information: Privacy and law. 15-16)
Secrecy
Solitude
Anonymity
"With Street View, we drive by exactly once, so you can just move!“ (Eric Schmidt, CEO, Google, 2010)
5
Mislocated CCTV can be privacy-intrusive!Lew Cher Phow v Pua Yong Yong & Anor [2011]
JOHOR BAHRU: Court held an installation of CCTV directed towards other person’s house entrance as a breach to privacy (2011)
Sonny Zulhuda (c) 2014
Sonny Zulhuda (c) 2015
Increase broadband Enhance connectivity Appropriation of harmful materials
1 person 1 computer/1 smart phone
Digital literacy & inclusion Over-abundant of disclosure of personal data?
Digitization Efficiency, Transparency Exposure of govt confidential data
Cloud, BYOD Efficiency Security threat
Integrated services Cost saving CIIP threat
Online platform Transparency Security threat, fraud
INTENDED
EFFECT
UNINTENDED EFFECT
Sonny Zulhuda (c) 2015
Unintended Effect of the Internet• “The internet has played a major role in
undermining public morality. Our children are not safe from the kind of filth that the print and electronic media promote. Today any child can access pornography of the worse kind. Children are no longer safe from sexual assault. So are young girls and boys as the internet arouses the kind of base feelings that we curbed before…. Incest, child sex, sex with animals, sexual parties, sex in public and many other practices which we still feel are wrong will soon be a part of the expression of freedom and equality. All these will be promoted on the internet.”
(Tun Dr. Mahathir Mohamad in chedet.cc)Sonny Zulhuda (c) 2015
•Privacy in Business and Technology▫Data is asset; Privacy is currency▫From marketing tools to product materials▫Privacy protection leads to consumer trusts▫Privacy-enhancing vs Privacy-intrusive▫Lessons from the market: Google
StreetView, Facebook “suggestions”, TOR browser, BitCoin, GoJek, etc.
Privacy under pressure of technology, commerce, etc!
Mobility
BYOD
The Internet of things
Transborder data flow
BIG data
Surveillance
Commercial gains
Cloud computing
Synchronisation
Sonny Zulhuda (c) 2014
Increasing Values of Personal Data
Sonny Zulhuda (c) 2014
PersonalizationProduct
CustomizationDirect Marketing
•Threats to Privacy: the three “BIGS”: ▫Big Brother
Surveillance, Snowden saga, e-KTP?▫Big data brokers
Social media, mobile Apps, GPS, IoT, etc.▫Big fan: Lovers or haters?
Identity fraud, identity theft, disclosure of data (MAS case)
“I don't want to lie to you anymore. All right? I'm not a doctor. I never went to medical school. I'm not a lawyer, or a Harvard graduate, or a Lutheran. Brenda, I ran away from home a year and a half ago when I was 16.”
(Leonardo as Frank Abagnale, Jr.)
“Sometimes, it's easier living the lie.”
(Tom Hanks as Carl Hanratty)
"I felt awful when I found my picture edited into different images"
"I didn't mind that netizens edited my picture as a joke, but I dislike those who change my pictures into low-class ones, like putting my face onto a naked dancing girl,"
Meet Qian Zhijun of Shanghai…
Incidents of ID Theft• In the US, nearly 10 million Americans fell victim of
ID theft each year;
• In 2003, FTC reported that ID theft alone costs nearly US$48 billion as annual costs for the businesses and an additional 5 bil per year for consumers;
• In the UK, the ICO has reported over 277 breaches of significant volume since the His Majesty Revenue & Customs (HMRC) breach in November 2007;
• MyCert of Malaysia reported in 2008 that Internet-related fraud dominates the security incidents attack.
Top 5 ways youth’s identities are stolen
1. Posting their real name, address, date of birth and school on social networking sites;
2. Talking with strangers through their social networking page -- and in some cases meeting in person
3. Divulging social security numbers (like IC No.) on online job applications
4. Unable to recognize "phishing" emails
5. Storing personal information like their social security number and passwords in cell phones
Qwest Communications Teen Council Program
Social Engineering Methods
• Winning a prize, lottery, gift, year-end bonus, etc.;
• Business opportunities, investment, joint capital venture;
• Romantic engagement, date, social relationship;
• Security alert, password change, non-active online account;
• Administrative works, database upgrading, status update;
• Emergency nature, lost and found, criminal victims;
• Personal problems, health, sex drugs, etc.
• Efforts to make▫International Governance: Economic Treaties &
Communities, Trade barrier, ISO▫Domestic Governance: Laws & regulations adopting
Fair Information Practices▫Technical: towards privacy-enhancing technologies▫Industrial: Consumers as stakeolders, trust is
critical▫Individual awareness: information security culture
Consent
Notice & Choice
Disclosure
Security
Retention
Integrity
Access
Principles of Fair Information Practices
Knowing your digital privacy means…
•Control what personal information about him can be shared (by his banks, utility providers, telcos, etc)•Stop anyone from using or misusing his personal data•Stop any direct marketing /unsolicited messages
Individuals
•Define steps required to safeguard personal data at work•Manage personal data risks and set up minimum due diligence requirement•Identify necessary standards and best practices
Companies
•Set best practices required to fulfill statutory requirements relating to data life-cycle•Gain customers’ trust on their safeguarding of data privacy
Businesses
THANK YOUDr. Sonny Zulhuda<sonnyzulhuda.com>