DIGITAL PRIVACY AS A CURRENCY IN THE BIG DATA ECOSYSTEM

Ast. Prof. Dr. Sonny ZulhudaFaculty of LawInternational Islamic University Malaysia

e: sonny@iium.edu.myurl: sonnyzulhuda.comtw: @zulhuda

•Concept of privacy: ▫Privacy: Right to be left alone▫Three domains: Anonymity, Solitude &

Secrecy▫Privacy: Respect and Control▫Privacy in the Islamic Perspective▫Privacy under threat of technology?

Sky News apologises after presenter is seen looking through MH17 passenger’s luggage

“After assessing 205 complaints about the broadcast, there are grounds to investigate under our rule on potentially offensive material” (UK Office of Communications – OFCOM)

The brief footage upset viewers claiming the British news channel violated the privacy of 298 victims who perished aboard the Malaysia Airlines plane..

Privacy Matters!

2012 (c) Sonny Zulhuda

4

What is Privacy Right?• The state of being alone and

not watched or disturbed.

• The state of freedom from interference or public attention.

• Includes three components:▫ Secrecy: information known

about individual,▫ Anonymity: attention paid to

an individual, and▫ Solitude: physical access to

an individual.(See, Raymond Wacks. 1989. Personal

information: Privacy and law. 15-16)

Secrecy

Solitude

Anonymity

"With Street View, we drive by exactly once, so you can just move!“ (Eric Schmidt, CEO, Google, 2010)

5

Mislocated CCTV can be privacy-intrusive!Lew Cher Phow v Pua Yong Yong & Anor [2011]

JOHOR BAHRU: Court held an installation of CCTV directed towards other person’s house entrance as a breach to privacy (2011)

Sonny Zulhuda (c) 2014

Sonny Zulhuda (c) 2015

Increase broadband Enhance connectivity Appropriation of harmful materials

1 person 1 computer/1 smart phone

Digital literacy & inclusion Over-abundant of disclosure of personal data?

Digitization Efficiency, Transparency Exposure of govt confidential data

Cloud, BYOD Efficiency Security threat

Integrated services Cost saving CIIP threat

Online platform Transparency Security threat, fraud

INTENDED

EFFECT

UNINTENDED EFFECT

Sonny Zulhuda (c) 2015

Unintended Effect of the Internet• “The internet has played a major role in

undermining public morality. Our children are not safe from the kind of filth that the print and electronic media promote. Today any child can access pornography of the worse kind. Children are no longer safe from sexual assault. So are young girls and boys as the internet arouses the kind of base feelings that we curbed before…. Incest, child sex, sex with animals, sexual parties, sex in public and many other practices which we still feel are wrong will soon be a part of the expression of freedom and equality. All these will be promoted on the internet.”

(Tun Dr. Mahathir Mohamad in chedet.cc)Sonny Zulhuda (c) 2015

•Privacy in Business and Technology▫Data is asset; Privacy is currency▫From marketing tools to product materials▫Privacy protection leads to consumer trusts▫Privacy-enhancing vs Privacy-intrusive▫Lessons from the market: Google

StreetView, Facebook “suggestions”, TOR browser, BitCoin, GoJek, etc.

Privacy under pressure of technology, commerce, etc!

Mobility

BYOD

The Internet of things

Transborder data flow

BIG data

Surveillance

Commercial gains

Cloud computing

Synchronisation

Sonny Zulhuda (c) 2014

Increasing Values of Personal Data

Sonny Zulhuda (c) 2014

PersonalizationProduct

CustomizationDirect Marketing

•Threats to Privacy: the three “BIGS”: ▫Big Brother

Surveillance, Snowden saga, e-KTP?▫Big data brokers

Social media, mobile Apps, GPS, IoT, etc.▫Big fan: Lovers or haters?

Identity fraud, identity theft, disclosure of data (MAS case)

“I don't want to lie to you anymore. All right? I'm not a doctor. I never went to medical school. I'm not a lawyer, or a Harvard graduate, or a Lutheran. Brenda, I ran away from home a year and a half ago when I was 16.”

(Leonardo as Frank Abagnale, Jr.)

“Sometimes, it's easier living the lie.”

(Tom Hanks as Carl Hanratty)

"I felt awful when I found my picture edited into different images"

"I didn't mind that netizens edited my picture as a joke, but I dislike those who change my pictures into low-class ones, like putting my face onto a naked dancing girl,"

Meet Qian Zhijun of Shanghai…

Incidents of ID Theft• In the US, nearly 10 million Americans fell victim of

ID theft each year;

• In 2003, FTC reported that ID theft alone costs nearly US$48 billion as annual costs for the businesses and an additional 5 bil per year for consumers;

• In the UK, the ICO has reported over 277 breaches of significant volume since the His Majesty Revenue & Customs (HMRC) breach in November 2007;

• MyCert of Malaysia reported in 2008 that Internet-related fraud dominates the security incidents attack.

Top 5 ways youth’s identities are stolen

1. Posting their real name, address, date of birth and school on social networking sites;

2. Talking with strangers through their social networking page -- and in some cases meeting in person

3. Divulging social security numbers (like IC No.) on online job applications

4. Unable to recognize "phishing" emails

5. Storing personal information like their social security number and passwords in cell phones

Qwest Communications Teen Council Program

Social Engineering Methods

• Winning a prize, lottery, gift, year-end bonus, etc.;

• Business opportunities, investment, joint capital venture;

• Romantic engagement, date, social relationship;

• Security alert, password change, non-active online account;

• Administrative works, database upgrading, status update;

• Emergency nature, lost and found, criminal victims;

• Personal problems, health, sex drugs, etc.

• Efforts to make▫International Governance: Economic Treaties &

Communities, Trade barrier, ISO▫Domestic Governance: Laws & regulations adopting

Fair Information Practices▫Technical: towards privacy-enhancing technologies▫Industrial: Consumers as stakeolders, trust is

critical▫Individual awareness: information security culture

Consent

Notice & Choice

Disclosure

Security

Retention

Integrity

Access

Principles of Fair Information Practices

Knowing your digital privacy means…

•Control what personal information about him can be shared (by his banks, utility providers, telcos, etc)•Stop anyone from using or misusing his personal data•Stop any direct marketing /unsolicited messages

Individuals

•Define steps required to safeguard personal data at work•Manage personal data risks and set up minimum due diligence requirement•Identify necessary standards and best practices

Companies

•Set best practices required to fulfill statutory requirements relating to data life-cycle•Gain customers’ trust on their safeguarding of data privacy

Businesses

THANK YOUDr. Sonny Zulhuda<sonnyzulhuda.com>