Tuesday, 27 July 2021

Post No. 1,960 - Digital Surrender

One of the things that has concerned me greatly in recent years is how so many people cheerfully and stupidly surrender their digital privacy. 

To some extent, this is partly because so many policies are so long and obtuse, although some tech companies are providing reasonable summaries nowadays, but it is also the curse of convenience. 

When people want something online, they don't care what the cost is: they want it NOW, GOD DAMMIT!!! 

That also leads to things like people not reading employment Contracts. When I read the contract for a step daughter in a previous relationship, the company concerned stated quite explicitly that no-one had ever read it before - but they also clarified some concerns. 

Maybe that goes back to my day job. I recall being the first person to read the operations & maintenance manual for a new type of flow meter in central Queensland in the 1980s - and I knew I was the first because I was the first person to say "Hey, this is in German." 

Digital changes in the workplace are of great concern - one worker won a case on this in 2019, but he had to push it to several hearings, and not many people have the resources to do that. (I left my union recently, and their ineptness on the loss of work-life balance as digital tech eroded boundaries was a key factor - as was their weakness on personal searches. And I have better uses for the money.) He had to push it because so many people assume convenient means safe. 

I'll put that point again: 

MANY PEOPLE ASSUME CONVENIENT MEANS SAFE

It has no rational basis whatsoever, but there is some streak in us - possibly in response to the growing pressure of life - puts time saving above all else (and, in the case of things like clothes washers, as someone who spent eight years doing her washing mostly by hand, I have to say there are some valid time savers). Maybe it's FOMO - fear of missing out.

In any case, this sloppiness around digital security also occurs in other areas. This article from 2015 outlines the problems with digital death certificates, and this report outlines the problems of unauthorised access to and disclosure of information by my home state's government

Digital signatures are a major weaknesses - I wrote here (in part) of my struggle get adequate reassurance on the safety of digital signatures from my local Post Office. In fact, I'll copy what I wrote: 

As an example of the latter, why do people hand over their e-signatures without a thought in the world as to the consequences? Do they know that companies they're giving their signatures to have safe and secure procedures generally, let alone in how they manage copies of e-signatures?

As an example, I go to Australia Post rather than establish an account with an online money transfer company because my personal details are at considerable risk as:

(a) such companies are typically only as strong as their weakest link - as one social media platform has demonstrated;
(b) many companies are so stupid when it comes to online security they get people to change their passwords every 3 months, or think having back up questions is a good thing;
(c) I have had secretaries tell me - quite pompously, I must say - they would "only" use an e-signature of mine if a manage authorised it (FFS! As a professional engineer, my signature has professional implications - and only gets used with MY permission, no matter how inconvenient that is for managers. I've also had other engineers literally forge my physical signature to comply with a timeline - i.e., for convenience, rather than legality. When I quietly commented over the phone that such would result in me calling the police, they whited out the forgery, and presented it to me the next day. Again, FFS. I have only once had to start taking a company to the Institute Of Engineers Australia [now "trading as" [just change your bloody name] "Engineers Australia" Ethics Committee, but I would again if I needed to - and the bloody registration scheme we have misses all of that); and
(d) only one system I've come across (see here) has ever come close to adequate security over the use of e-signatures.
The pompous and stupid think trust in a company should be automatic: no, it shouldn't - and the stupidity of our neoliberal national government on online security has also shown that.

(I'd trust the companies if someone I knew could be trusted, like Bruce  Schneier, had sufficient access to say that company could be trusted.)

Unfortunately, I also know that Australia Post also fail abysmally on inclusivity matters, from when I have provided a witness signature for a friend and the bastard I was served by was quite transphobic.

My biggest issue was getting the people I was communicating with to get past their FBU and understand the risk. 

Digital signatures are a major risk in the workplace, but at least there I am finding many people actually understand the problem - not all, but many. We even had a senior staff member warn us of the risks after he had been to a workshop, but he was FBU when I pointed our the risk in the workplace around unauthorised use of digital signatures. (I had a perfect example of that, with a death in a hospital that came about because underlings used a doctor's e-signature without permission to approve a dangerous medication, but I can't find the link [I will keep looking]. The idiots that started putting signatures on official letters from organisations have A LOT to answer for.)

Part of the problem is that there are other risks and concerns that are of equal or even greater importance, but the biggest problems are FBU and this idiotic assumption that convenient means safe.

And now our real estate agent is climbing on the digital signature bandwagon. 

And at this point, I am so exhausted trying to fight the FBU reactions to get people to understand the problem, that I am likely to just give up.

I will, however, end with something a little more positive: Bruce Schneier's article "The Eternal Value of Privacy"