Re: the value of privacy and differing perceptions

["Solem, Vik P." <Vik.Solem () TUFTS EDU>]

Just one last bit of accelerant, it's the correlation that's valuable.
Having a picture of my house, no big deal. Having that picture associated
with a GPS coordinate, OK.  Having an SSID for the router in my house, no
big deal. Associating that with a GPS coordinate, OK.  Having the external
IP address of my home network associated with buying diamonds, no big
deal.  Associating that external IP address with the wireless SSID, OK.

Put all that together, and you have a picture of a house and a good
probability of finding diamonds there.

No single piece of information is particularly valuable, but the
correlated data can be very valuable.

-Vik


Vik Solem, CISSP, Sr. Applications Risk Consultant
Tufts University, Information Security, vik.solem () tufts edu / 617-627-4326
InfoSec Team: information_security () tufts edu / 617-627-6070








On 2012-01-30 14:53 , "Mclaughlin, Kevin (mclaugkl)"
<mclaugkl () UCMAIL UC EDU> wrote:

> But Tim ...  Google yourself and take a look at the results - any
> information you give out for a "free" book at Amazon is already public
> knowledge.   I'm not saying we shouldn't care or be concerned but I would
> say that as Information Security professionals we should focus on
> protecting
> the valuables in our house and not worry about each blade of grass in our
> yard.
>
> - Kevin
>
>
> Kevin L. McLaughlin,  CISM, CISSP, GIAC-GSLC, CRISC, PMP
> Chief Information Security Officer (CISO) and Assistant Vice President
> Administration and Finance
> University of Cincinnati
>
> 513-556-9177
> TEWG-Region 6 TLO
>
> The University of Cincinnati is one of America's top public research
> institutions and the region's largest employer, with a student population
> of
> more than 41,000.
>
>
>
> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Doty, Timothy T.
> Sent: Monday, January 30, 2012 2:17 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] the value of privacy and differing perceptions
>
> It would appear that Larry Page and Mark Zuckerberg were right on a scale
> I
> didn't realize: people as a whole don't place any value on privacy, even
> in
> the information security realm.
>
> I've ordered items from Amazon and thus have an account there. But their
> information on me is not complete, lacking (for example) any connection
> with
> information security. Were I to download this book that would be an
> additional item in their database about me.
>
> The reason I'm posting isn't to claim that the price is excessive, that
> Amazon is evil, that the book should not have been made available in this
> fashion, or anything of the sort. What I'm trying to point out is that
> people are making decisions based on value judgements whether they realize
> this or not.
>
> There is a difference between something being public and it being
> correlated. What that difference amounts to is a personal evaluation in a
> particular context. And it doesn't have to be as distinct of a correlation
> as my case for it to have value.
>
> And I find it ironic that a posting to an information security list about
> the irony of giving up personal data in return for a 'free' book on data
> privacy falls flat for many people.
>
> (That doesn't mean those people are wrong, it means they fall into the
> group
> whose valuation of the data provided approaches zero category.)
>
> Tim Doty
>
>
> > -----Original Message-----
> > From: The EDUCAUSE Security Constituent Group Listserv
> > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Solem, Vik P.
> > Sent: Monday, January 30, 2012 11:17 AM
> > To: SECURITY () LISTSERV EDUCAUSE EDU
> > Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available
> > Now (until Jan. 30)!
> >
> > I object to the use of the word "free" when it is used incorrectly.
> >
> > The download is not free.  The book may not be obtained without giving
> > information.  Were the book free then I could download it anonymously
> > and
> > read it.  This is not the case.
> >
> > As Information Security professionals I urge that we keep a high
> > standard
> > regarding the use of information.  Information has value.
> >
> > The license agreement for downloading the material requires information
> > about the person doing so.  If it were a simply link to content then I
> > could download it for free.  (e.g. Use Tor and private browsing to pull
> > it
> > onto my local machine and read it there.)
> >
> >
> > In a group of people who don't understand Information Security the
> > issue
> > would be meaningless.  In a forum of people who understand Information
> > Security, the notion that Information has no value is simply not true,
> > and
> > should be challenged.  I believe I've done so, and I have not explained
> > why I did so.
> >
> > I'm not telling anyone not to download the book.  If there were a
> > version
> > I could read for zero dollars then I'd have downloaded it already.  (I
> > don't have a Kindle.)  I'd still call to light the fact that it's not
> > free.  For me, the price of giving Amazon information about my
> > interests
> > in that item would be worth the value of getting the item.
> >
> > -Vik
> >
> >
> > Vik Solem, CISSP, Sr. Applications Risk Consultant
> > Tufts University, Information Security, vik.solem () tufts edu / 617-627-
> > 4326
> > InfoSec Team: information_security () tufts edu / 617-627-6070
> >
> >
> >
> >
> >
> >
> >
> >
> > On 2012-01-30 10:37 , "Tonkin, Derek K." <Derek_Tonkin () BAYLOR EDU>
> > wrote:
> >
> > > I apologize in advance for continuing this thread but I feel there is
> > a
> > > meaningful discussion to be had here.
> > >
> > > First a few points of clarification:
> > > - the book is normally $9.99 for the Kindle version (the paperback is
> > > $12.78 at Amazon and Barnes & Noble, it is not available for Nook or
> > in
> > > any other ePub format)
> > > - the book is being offered for free by a partnership between Intel
> > and
> > > the Stanford Student Association
> > >
> > > For those of you objecting to/upset by this, is it because:
> > > - you do not think author's writing books on the topic of protecting
> > > privacy should sell them through Amazon or anyone else who collects
> > user
> > > data during the purchase process
> > > - you do not like the use of the word free and would have had no
> > > objection had the wording been different (if so how)
> > > - something else completely
> > >
> > > Thank you for any feedback you send,
> > > Derek
> > >
> > > -----Original Message-----
> > > From: The EDUCAUSE Security Constituent Group Listserv
> > > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Solem, Vik P.
> > > Sent: Monday, January 30, 2012 8:53 AM
> > > To: SECURITY () LISTSERV EDUCAUSE EDU
> > > Subject: Re: [SECURITY] Free Download of Matt Ivester's Book Available
> > > Now (until Jan. 30)!
> > >
> > > It's not free at all.  If it were free then you would be permitted to
> > > download it without needing to sign up or have an account. (or have
> > > cookies enabled ...)
> > >
> > > Many companies continue to train people to give away their information
> > as
> > > if it is meaningless.  If you choose to download this book then there
> > is
> > > a price.  As with all purchases the PRICE has a different VALUE to
> > each
> > > person.  $1,000 means more to some and less to others.  Just like
> > money,
> > > purchasing habits & contact information mean more to some and less to
> > > others.
> > >
> > > Calling it free is simple misleading.
> > >
> > > The price is information about the purchaser.  For a book honoring
> > Data
> > > Privacy, that sounds ironic to me.
> > >
> > > -Vik
> > >
> > > Vik Solem, CISSP, Sr. Applications Risk Consultant Tufts University,
> > > Information Security, vik.solem () tufts edu / 617-627-4326 InfoSec Team:
> > > information_security () tufts edu / 617-627-6070
> > >
> > >
> > >
> > > On Jan 27, 2012, at 14:21 , John Ladwig wrote:
> > >
> > > > And, you can't download the free book without logging in to Amazon.
> > > > And, near as I can tell, it's Kindle- or Kindle-apps-only.
> > > >
> > > > In honor of Data Privacy Day.
> > > >
> > > > The irony, it drips.
> > > >
> > > >   -jml
> > > >
> > > > -----Original Message-----
> > > > From: The EDUCAUSE Security Constituent Group Listserv
> > > > [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valerie Vogel
> > > > Sent: Friday, January 27, 2012 12:34 PM
> > > > To: The EDUCAUSE Security Constituent Group Listserv; John Ladwig
> > > > Subject: [SECURITY] Free Download of Matt Ivester's Book Available
> > Now
> > > > (until Jan. 30)!
> > > >
> > > > Starting today (through January 30), you can download Matt Ivester's
> > > > book - "lol...OMG! What Every Student Needs to Know About Online
> > > > Reputation Management, Digital Citizenship, and Cyberbullying" - for
> > > > free from Amazon in honor of Data Privacy Day:
> > > > http://www.lolomgbook.com/#!vstc5=ebook
> > > >
> > > > Matt Ivester will also be joining us for a special EDUCAUSE Policy
> > > > webinar next Monday, January 30, 1-2 pm EST.
> > > > http://www.educause.edu/policy/dataprivacy
> > > >
> > > > We hope you'll have a chance to read the book and join us for a
> > lively
> > > > discussion on Monday!
> > > > Thanks,
> > > > Valerie
> > > > _______________
> > > >
> > > > Valerie M. Vogel
> > > > Program Manager, EDUCAUSE
> > > > office: (202) 331-5374
> > > > e-mail: vvogel () educause edu
> > > > _______________
> > > >
> > > > Follow us on Twitter! @HEISCouncil