18 January 2018

The risks of convenience

The EU-wide General Data Protection Regulation (GDPR) will oblige companies to have a data protection officer, to inform authorities and affected individuals of security breaches, and to invest in data encryption and intrusion prevention and detection systems. This should improve the security of sensitive personal data – but it is important to remember that there’s no such thing as a perfectly secure system.

CPU & you – software everywhere

The threat of malware, a contraction of malicious software, is by no means limited to laptops; anything with a CPU, which includes all smart devices (phones, cars, vacuum cleaners, etc.), can be affected. “Hackers might just want the processing power of your CPUs to mine for bitcoins, or they might be sending spam emails, generating fake traffic to increase advertising revenue, spreading fake news on social media – everything a computer can be used for. If your smart TV has been compromised, it might be hosting a website with adult content.”

Our daily lives will be increasingly dominated by the Internet of Things, a network of smart devices with CPUs communicating with each other, which knows all our habits and thus makes our lives more convenient. But all that data is stored with companies whose primary aim is profit, not security, and certainly not our privacy. Your hoover bot has created a floor plan of your house, your fridge knows your dietary habits, your heating system knows when you are out of the house, your Fitbit knows when and where you run and sleep, and online retailers know almost everything you own or want.

Towards a greater focus on security and transparency

To Zarras, the GDPR represents a step in the right direction. “Among other things, there’s the ‘right to be forgotten’, so you should be able to view, correct or delete any data companies have on you. They also have to state what data they’re storing and why, and they aren’t allowed to keep it for longer than necessary.” There are some caveats, of course, in that potential fines are capped at around €20 million; just a drop in the bucket for big tech companies. “It also remains to be seen how much political capital the EU would be willing to spend on enforcing the GDPR in a potential showdown with Silicon Valley giants.”

Zarras emphasises that there’s no such thing as a perfectly secure system. With the inevitable trade-off between convenience and privacy, it’s up to individuals to educate themselves and to decide how much risk a service is worth to them. So do read the cookies policy of your favourite website – and surf safely!

By: Florian Raith