In our connected world there is nothingyou can do that someone, somewheredoesn’t know about and this is unlikelyto change unless we all work together tochange the way we abuse data.Bruce Schneier said: “On the Internet,you have no privacy. Get over it!”Unfortunately, the lack of privacy per-vades every single part of your life, notjust the virtual world. Without knowingexactly what information everyone has,where and for how long, there is no wayyou can have privacy.

Even in your own home, government,police, utility companies, credit card com-panies and health care associations knowall about you. In fact, you may as well jointhe Borg!

About five years ago, the UKGovernment decided that what they real-ly needed to do was to link allGovernment services to the Internet —to allow punters like us to access taxrecords, find service and so on. Greatidea! They then decided that they’d like tolink up some of these organizations inorder to reduce costs and improve ser-vices (still sounds good, right?)

Finally they made some of these servicescommercial. So, now you can buy a copyof the electoral role, find out where I liveand, for the price of a credit check, whichutility companies I use. And, my phoneservice provider is easily hackable — justtell them I’m a terrorist and they’ll let youhave a peek. You can probably get a lot ofdetail from my ISP too, since 11September they’ve all been keepingrecords on usage on an ongoing basis andthere are no plans to purge that data.

At the office it is even worse, my emailand usage is monitored. They even mon-itor when I turn a light on in my officeor use the coffee machine. Not down tothe individual user level — yet, but it’scoming.

The worst part of all this is that it’s ourown fault. We have used greed and theabsence of forethought to abdicate respon-sibility for controlling our personal data. Itused to be that no-one would ever dreamof asking you your mother’s maiden nameunless they knew you really well. Today Ibet I can find at least 400 companies thatknow this information.

It’s time to take a stand on this — I urgeyou all to take control of your data — perform small acts of defiance to challengethe status quo.

• Thwart spammers using email forwarding to track which emailaddress is being abused.

• Take an interest in questions. Refuseto answer them from time to time.

• Change your details regularly — ifsomeone hasn’t contacted you in ayear you probably don’t need them tobe able to contact you.

• Know and take seriously all govern-mental attempts to compromise yourprivacy through legislation.

• Play the privacy game — use pseudo-nyms, don’t follow all the rules if youdon’t have to. Track usage of your datadon’t give out personal data or includebogus facts.

• Follow the money. If you are using acompany be aware of its interests.

• Get angry — and make a friend angrytoo. Demand that every company youdeal with has a code of ethics thatmeans they won’t sell your data on.Take action when they do.

Together, my friends, we can create anew privacy. Let 2002 be the year that wefinally nail the spammers, stop the terror-ists and create a (virtually and personally)private network of our lives.

Editorial team

events

Events Calendar

SANS ALOHA IV28 January–5 February 2002.Location: Honolulu, HI, USA.Website: www.sans.org/giactc.htm

THE BLACK HAT BRIEFINGS WINDOWSSECURITY CONFERENCE7–8 February 2002. Location: New Orleans,Louisiana, USA. Website: www.blackhat.com/html/win-usa-02/win-usa-02-cfp.html

RSA CONFERENCE 200218–22 February 2002. Location: San Jose, CA.Website: www.rsasecurity.com/conference/rsa2001/index2.html

FINANCIAL CRYPTOGRAPHY '0119–22 February 2001. Location: Grand Cayman,BWI. Contact: website: http://fc01.ai

THE WINTER 2001 BIOMETRICS SUM-MIT26–28 February 2001. Location: Miami, FL, USA.Contact: website: www.biometricgroup.com/

EICAR 20013-6 March 2001, Location: Munich, Germany.Contact: website: http://conference.eicar.org

COMPUTERS FREEDOM & PRIVACY20016–9 March 2001. Location: Cambridge,Massachusetts, USA.Contact: email: infocfp2001.org;website: www.cfp2001.org/home.html

EUROSEC 200113–15 March 2001. Location: Paris, France.Contact: Isabelle Hachin, XP Conseil, 5 rueAristide Briand, 92300 Levallois Perret, France;tel: +33 01 41 05 29 00;fax: +33 01 41 05 29 05;email: hachin@xpconseil.com;website: www.xpconseil.com

INFOSECURITY.DE14-16 March 2002. Location: Dusseldorf,Germany.Contact: website: www.infosecurity.de

INVESTMENT OPPORTUNITIES IN BIOMETRICS18–19 March 2002. Location: Boston, MA, USA.Website: www.frallc.com.

EUROSEC 200218-20 March 2002. Location: Paris, France.Contact: Isabelle Hachin, XP Conseil, 5 rueAristide Briand, 92300 Levallois Perret, France;Tel: +33 01 41 05 29 00;Fax: +33 01 41 05 29 05;email: ihachin@xpconseil.com;website: www.xpconseil.com

2002 : A PrivacyOdyssey

Customer: Hello, I’d like to upgrade my life. Can I have some privacy please?”Shopkeeper: Privacy? Ah yes, we used to sell it but no-one was interested so it’s

been discontinued!

jan nese.qxd 12/21/01 12:01 PM Page 20