January 06, 2012, 8:06 AM — 2011 saw a number of significant privacy events. From Facebook and Google Plus dueling over privacy policies to concerns over what information your mobile phone actually knows about you. However, technology keeps moving forward, and privacy issues are sure to follow. For a peek into what experts expect in the year and years ahead when it comes to privacy, we turned to Rebecca Herold (aka the Privacy Professor) for answers.
Herold is an information security, privacy and compliance consultant, is currently working on her 12th published book, and has written dozens of book chapters and almost 200 articles on privacy and security.
CSOonline: With a spate of data dumps as a result of security breaches, many security and privacy issues arising from mobile and cloud computing, what do you think 2012 has in store when it comes to privacy?
I think 2012 is going to be a lot like 2011. We'll see more attacks on businesses and government agencies stemming from online activism. Probably more legal concerns and battling over what privacy means in the age of cloud computing and social networking. And I think we're going to see more issues of mobile computing, along the lines of the Carrier IQ incident.
The Carrier IQ situation had touched a real nerve with a lot of folks, beyond the normal crowds interested in privacy. There are a lot of people I have known all my life, relatives and parents of classmates from elementary school, and everyone in between. It is interesting because they are not techie at all, but many were asking what handset and mobile companies were learning about them and what could be done to stop it.
Another area that I think will get more attention is the privacy around smart grid. That is going to be an ongoing concern. And as more states and utilities are rolling out their smart meters, I think you're going to see a lot more states trying to pass more smart grid privacy laws.
CSOonline: Smart grid privacy is an interesting topic, though I'm not sure many people understand why it may be so important. They wonder "What's the big deal if they can see when my electricity usage spikes?
"Yes. That's very understandable. The NIST Interagency Report 7628 that came out last year identified a lot of the privacy issues. From a high level, with regard to privacy, is the fact that, historically, you had to be a meter-reader coming to a house and to take a reading. All everyone else would see is a spinning wheel. It didn't tell you very much more than sometimes it spun faster and other times it spun slower.
Now, with smart meters, the data is going directly to the utilities, many times by Wi-Fi. The fact that somebody driving by might pick it up, and from the data they could gather all sorts of information regarding the types of appliances you are using, where you are in the house, and so on. So there are many different privacy issues related to this. What if appliance manufacturers get this information? Are they going to start trying to sell a household their product to replace their inefficient one that they see you still have?
CSOonline: It sounds like it's possible to find out much about a person and their household from their power usage.
Yes, the impact is broad. Consider divorce settlements. Will it be possible to prove that your spouse or ex-spouse was doing something they should not have at 3:30 in the morning in the hot tub based upon your energy consumption record? With the private electric vehicles, are you going to be able to tell exactly where somebody was at any point in time based upon their charging records?
By looking at the utility bill, would you be able to see when someone was traveling and so on? Would home insurance companies, by knowing whether or not you are using an inefficient appliance, potentially deny you coverage because they could show that you were using appliances that were in violation of the home insurance policy?
