A few days ago, hackers gained access to private photos belonging to Mark Zuckerberg, the founder and CEO of Facebook. Although the seeming security loophole was swiftly closed by Facebook, the images had already been posted to the web by the hackers. The incident has sparked off a global discussion about Facebook security, and Internet privacy in general. Information security company commissum has detected some important implications which are rarely considered.
Briony Williams (Security Consultant, commissum) points out: “The intriguing aspect of this latest incident is the fact that these images were not particularly sensitive – in fact, many people might find them boring”.
Indeed, the images show Zuckerberg cooking with his girlfriend, cuddling their dog, holding up an apparently dead chicken, socialising with friends, and chatting to Barack Obama. None of this is going to excite the prurient. On the contrary, one could argue that the pictures actually enhance Zuckerberg’s image as a well-rounded and perfectly normal individual who also happens to be a multi-millionaire and an acquaintance of the US President.
So does it matter? If the pictures are neutral or even good for Zuckerberg’s reputation, then should we worry about their exposure?
“But actually” says Briony of commissum, “it does matter. Zuckerberg himself intended the pictures to be private, and the owner’s wishes should be respected in every case. More of a concern is the fact that the photos also show other people — Zuckerberg’s unnamed friends, and his girlfriend. They probably did not wish to have their privacy violated. And what if children had featured in the pictures? That would have been an obvious risk to their security, given Zuckerberg’s public prominence.”
But most insidious of all is the potential threat posed by this incident to our consensus view of what is acceptable behaviour on the Internet. If the pictures, by their very banality, contribute to a culture where privacy only matters if the leaked information is embarrassing, then this incident will have increased the growing fragility of privacy on the Internet. The whole point about privacy is that private data should remain private, even if it does not seem particularly sensitive. Otherwise, we become entangled in a whole new set of difficulties. How would we define “sensitive”? Who would be empowered to define it, and by what authority? The consensus of Internet users (or those who bother to comment) does not comprise an acceptable authority in this case. If this incident is dismissed as trivial, then Internet privacy will become, drip by drip, even more fragile than it is now.
Privacy is an important component of information security. Specialist information security consultancies such as commissum are constantly alerting their clients and the public to damaging trends in the use of information on the Internet. This latest incident is just one of many developments that the company has analysed in its quest to unearth some less-remarked threats in information security.
commissum is a European company which has specialised in the provision of information assurance and security services to a broad cross-section of business and government for over twenty years. Services include penetration testing, information assurance consultancy, information security auditing, and configuration of systems The company has offices in Edinburgh, London and Zurich. See www.commissum.com
Martin Finch (Director)
commissum, Quay House, 142 Commercial Street, Leith,
Edinburgh EH6 6LB, UK
Tel: 0845 108 2064