The right to privacy in the new social era is no longer a given. In fact, many say that you should expect to have no privacy with information made available on the Internet. I’m a half and half kinda guy in this argument. On the one hand, pure social media information should be assumed to be public although service providers in this area have to give users control over privacy settings. On the other hand, Internet services deemed to be private by the majority ( eg. email services, closed forums, etc. ) should be private by default and have a reasonable amount of security attached. Encrypted and salted passwords are a given.
The number of breaches in recent times of services that one expects privacy and security from however, should make you think twice about the information you put out there. Not only are service providers struggling with availability, but they’re also struggling with security and privacy. And many service providers are still not salting their password databases, which means that compromised service providers run the very real risk of having their databases hacked, and published online.
Trust is something else completely. This is where we expect the service provider to consider our personal information and data sacred. Microsoft’s recent admission that it snooped on emails inside a Hotmail users’ mailbox without permission, is a stunning indictment of service providers’ accountability when it comes to our privacy and security. This should by all accounts, be a criminal event, no matter the fact that Microsoft owns the infrastructure that your data is stored on.
In testimony before the Privacy and Civil Liberties Oversight Board, the NSA general council Rajesh De and his colleague stated on Wednesday that the tech companies that denied giving access to user data via the PRISM program were, in fact, lying. Ok so we’re not really impressed by the NSA’s actions over the last year or so, and their track record in terms of trust stinks, however I would quite easily accept that service providers were complicit in the NSA’s collection of communications. It would be difficult to intercept comms on the scale that the NSA has without support from service providers.
Dropbox? Gmail? LinkedIn? etc. Think twice about the security and privacy of your data when storing it online. Unless it’s stored in your own private solution, your data is seemingly no longer private, even when there is a good expectation of that privacy.
UPDATE: So Microsoft have covered themselves as follows:
We may access or disclose information about you, including the content of your communications, in order to: (a) comply with the law or respond to lawful requests or legal process; (b) protect the rights or property of Microsoft or our customers, including the enforcement of our agreements or policies governing your use of the Service; or (c) act on a good faith belief that such access or disclosure is necessary to protect the personal safety of Microsoft employees, customers, or the public.
You have it from the horses mouth – your data is not safe when stored on Microsoft’s systems.