Personal Data Exodus

Written by

I came across a couple of interesting stories this week, both of which are worth passing along.This first is from and is the latest in an unfolding story regarding security researcher Trevor Eckhart  and data being collected by software installed on Android phones.  Lots of data. And it's hard to get rid of the application that gathers it:

"This is not an application that you can simply remove, but a series of elements that are tied into the Android Kernel for that device."
The data pretty much includes everything you type, including such things as passwords over https, text messages, keystrokes, and so on. Even worse, the information gets recorded even if you're not on a cellular network, but on a WiFi network instead.  Although the company doing the gathering, CarrierIQ, says that, for example, the body of the text message is not recorded, Eckard claims that CarrierIQ still gets messages before your phone – even if they don't subsequently keep a copy of it.  
For CarrierIQ's side of the story, Elinor Mills over at CNET has a good piece and yes, it's hard not to sense the uneasy shade of the Sony rootkit fiasco moaning from stage left.
Another article tackles data being harvested by the Kindle Fire browser and Amazon’s response to the issue. Unlike the browser on your PC, the Kindle Fire web requests go to Amazon's Cloud service first,  then to the site you intend to browse.  
Amazon’s reason for this approach is to improve the performance of browser, Silk, by letting Amazon do the heavy lifting of page composition, etc. Which, in many ways, is pretty smart.  The concern though, is that all that information passing through Amazon's cloud is actually pretty valuable – what sort of things you like to look at, where you like to shop, and so on.  Amazon has reassured privacy advocates that personally identifiable information would not be collected, although information such as the MAC address of the device would be collected ‘in the event of a crash.’
Both of these examples highlight how difficult it is becoming to maintain any semblance of privacy. Our lives are being transacted through shared infrastructures owned by third parties and often associated with organizations about which we have never heard. I am quite prepared to take Amazon's motives in this at face value. Yet the concern remains whenever information is gathered – why are you collecting it, what do you intend to do with it, and perhaps most worrying, who will you share it with?
Of course, we trade some aspect of privacy whenever we step outside the door, and that includes forays onto the internet. But there are limits, reasonable limits, which must be put in place. Consumers are becoming better educated and privacy is increasingly seen as a valuable commodity. 
The explosive growth of services like Dropbox shows that people want to share things, to collaborate, to work together. But they want control over who sees their information, who has access to it, and for how long.
I don't accept the rather infamous assertion made earlier this year by Reid Hoffman (found of LinkedIn) that "all these concerns about privacy tend to be old people issues."
If they are, it could be because suppliers and vendors are not being honest with their (presumably younger) customers about the ultimate cost of no privacy, nor the value of the information being quietly collected about their habits.
For myself, as Charlton Heston (an old person of almost biblical proportions) might have said "you can have my privacy when you pry it from my cold, dead hands."

What’s hot on Infosecurity Magazine?