February 26, 2008
ePrivacy is all about money, the money organizations intend to make by mining other people's personal data. For low yield ores, one must treat ever larger volumes, as is the case with targeted advertising, but market concentration delivers impressive values to a few Internet giants. Banking, intelligence gathering and healthcare on the other hand lure all kinds of would-be wildcatters with the promise of striking a rich vein.
Take healthcare for instance. Amy Harmon has analysed the plight of those who suspect they carry a genetic predisposition to a major health risk (*). If a DNA test confirms the risk and insurance plans come to know about it, the person concerned might find it difficult to get satisfactory health coverage and be forced one day to shoulder crushing medical bills. One of our very first fillips quoted a similar story and we intend to discuss such a burning subject with the depth it deserves.
But today John Markoff's report on Adobe's official announcement of its Air development platform (**) provides the opportunity to raise the alarm on yet another technical trend, i.e. cloud computing (1). The basic concept is sound. Take advantage of the network to distribute application processing among all connected computers in the most efficient way. In practice it allows end users to offload their local applications to server farms and service providers to increase the interactivity of their web applications by tapping local client power. Cloud computing indeed creates a new class of applications, which programmers can develop and field with tools like Air.
While law compels drug manufacturers to disclose detrimental side effects when marketing their products, computer users have no such protection. Hence the urgent need for my alarm. It is quite possible for Air-based applications to truly respect the privacy of end-users. In fact cloud computing could improve on the current disregard in which it is held. But will such considerations made their way into design specifications? Let us be realistic. The contrary will happen. Erase the border between local and central data processing and more local data will find its way to central servers. Most end-users will not even be aware of it.
All companies promise of course to protect customer privacy. Jérôme Kerviel has shredded their credibility. As Geoff Nairn stresses in his analysis (***), internal threats to the security of corporate information systems have not received the attention they deserve. You may say, Kerviel's breach concerned trading bets. True but irrelevant. To a rogue insider, the temptation to get rich by mining customer data is just as powerful. The Liechtenstein list leak, covered by George Parker, Bertrand Benoit and Gerrit Wiesmann (****)(*****)(******) gives us some insights on how rich a data vein can be. At least $6M to the informant for 1,400 names. Since the tax arrears in the UK are estimated to be about $2M per name, one can see the scope for blackmail, had not the former employee of the Liechtenstein bank preferred to get a new identity from the German state.
Thinking of paying cash to get your DNA tested in privacy by some laboratory? Remember any disgruntled lab employee with the right clearance or good security skills can collect the names of those found with the wrong genes and abscond with them on a USB key. There's gold in them thar hills.
If you intend to mine other people's personal data, please brush off such bilious discharges and focus at all times on your spin line.
If the ore is low yield, it represents but pennies per person. If it is high yield, it just concerns too few individuals. What, me worry? (2)
- (*) .............. Fear of Insurance Trouble Leads Many to Shun or Hide DNA Tests, by Amy Harmon (New-York Times) - February 24, 2008
- (**) ........... Adobe Blurs Line Between PC and Web, by John Markoff (New-York Times) - February 25, 2008
- (***) ......... Internal threats need to become a security priority, by Geoff Nairn (Financial Times) - February 11, 2008
- (****) ....... Doubts raised over identity of informant, by Bertrand Benoit and Gerrit Wiesmann (Financial Times) - February 22, 2008
- (*****) .... UK turned down Liechtenstein tax list, by George Parker and Bertrand Benoit (Financial Times) - February 25, 2008
- (******) .. Berlin to share Liechtenstein tax list, by Bertrand Benoit and Gerrit Wiesmann (Financial Times) - February 26, 2008
- (1) for more details, see Cloud computing in wikipedia.
- (2) This is not a case of plagiarism. Check its source in wikipedia.