The tide is turning when it comes to privacy and security, with Australians gradually becoming more aware of the need to protect their personal data and the risks involved in sharing it.
Rachel Dixon, privacy and data protection deputy commissioner at the Office of the Victorian Information Commissioner, saysthat with public debates over My Health Record and new tech surveillance laws, the public is now more informed about these issues than ever before.
“Not that many years ago there was (a view) that privacy is dead,” she says. “That now sounds quite outdated. In some ways the conversation still does need to get more mature. But this has been a real watershed year for privacy issues making it to the mainstream.
“That’s a very good thing.”
According to Ms Dixon, the theme of the last decade broadly had been to “hoover up as much data as possible”, and that’s now shifting to a theme of “taking the data that is necessary to fulfil the function”.
“There’s been a change in people’s understanding around their privacy,” she says. “Increasingly they’re more concerned, and are less willing to hand over data in certain circumstances. A lot of the use of data now is looking at the risks involved.
“Humans historically have not been very good at calculating risk. That’s been terrific in the past, it’s allowed us to sail across oceans and go into space. But we’re not very good at it. So I want us to move to having a risk-based framework, and change the culture around assessing risk.”
Debate is currently raging as to whether Australian law enforcement agencies should have the right to decrypt smart devices to prevent and solve criminal activity, with ferocious opinions coming on both sides of the debate.
For former FBI agent Ed Stroz, the founder and co-president of Stroz Friedberg, the ability to thwart terrorist attacks is more important overall than the right to an individual’s privacy.
“You can see both sides of the issue. And it comes down to, ‘Do people have the right to privacy?’ I’m a little more sympathetic to the law enforcement side,” he says.
“People do value their privacy now, but if you have an encrypted phone held by a criminal, that creates a sacred category of evidence we’ve never had in our judicial system before. Out of the box, this engineering empowers adverse behaviour and that has big social effects.
“If we didn’t have that many adversaries around, it probably wouldn’t matter that much. But I weigh that aspect of it more heavily than valuing privacy overall. That’s a personal view that I have.”
Ms Dixon said encryption was a complex issue, and that there was no simple, obvious, single solution to the balance between privacy and security.
“If there was, we would have done it by now,” she says. “Chances are, the solution here is a combination of things. But the debate is definitely going to be messy. At least the discussion has raised some really good points. I would caution against looking for a simple answer or seeing the issue as binary. It’s not, these are healthy tensions between privacy, data protection and freedom of information.”
Marcin Kleczynski is chief executive of Malwarebytes, a security company he started as a 16-year-old. He saidthat while users had become more savvy about their own security and privacy, they were still generally the weak link when it comes to viruses and other attacks. “It takes a lot to always be patching your systems and keeping everything up to date,” he says. “There are so many damn security companies, I could name 60 or 70, but an attack still comes and no-one’s ready.
“I’m fairly pessimistic about this stuff. I think we still haven’t solved a lot of the basics when it comes to security. We need a lot more user awareness training about security and storing your own information, there needs to be a lot more basic hygiene in place. We’re slowly getting there.”