Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

How To Celebrate Privacy Day (And How Not To)

Wednesday, Jan. 28, has been designated International Data Privacy Day, and I'm still not sure how to celebrate. Should I invite all of my friends and family over, then go in the bathroom, lock the door, and make an entry in my personal diary? Or maybe we should all put on funny hats and go outside with noisemakers, screaming, "It's none of your friggin' business!!" Ah, those holiday traditions.

Wednesday, Jan. 28, has been designated International Data Privacy Day, and I'm still not sure how to celebrate. Should I invite all of my friends and family over, then go in the bathroom, lock the door, and make an entry in my personal diary? Or maybe we should all put on funny hats and go outside with noisemakers, screaming, "It's none of your friggin' business!!" Ah, those holiday traditions.Seriously, though, I'm a little confused. Who is this international day of observance for? It can't be for private citizens -- we already know the value of our privacy and how much we treasure it. If anybody's going to celebrate my privacy, I wish it could be the other parties out there who seem to disregard it on every other day of the year.

How about the commercial entities that regularly harvest my data for email, snail mail, and telemarketing campaigns? Maybe they could celebrate by spending one day respecting the "Do Not Call" list, which they flout regularly by inundating me with robocalls.

Retailers and other handlers of credit card data could spend the day actually trying to build a viable defense against data loss and theft. Or maybe we could just tar and feather some of the executives at TJX or Heartland Payment Systems and post the video -- along with their addresses and Social Security numbers -- on YouTube. That might be more festive.

In Washington, it might be a good day to roll back the entire portfolio of federal wiretap laws, which seem to allow any agency to eavesdrop on our telephone, email, or text conversations at will -- even if we haven't done anything remotely suspicious -- and give immunity to all of the telecom service providers that help. Maybe we should celebrate it like Sadie Hawkins day, and let citizens eavesdrop on government officials for a day.

On the Web, Privacy Day could be an opportunity to tell all of those social networkers and personal bloggers that they really shouldn't be posting their street addresses and job-related gossip online. Maybe American Greetings could create some online greeting cards for these folks. "A friend cordially invites you to shut yer friggin' yap." Or, "T is for the thoughtless way you give away others' personal information; M is for the many useless bits of information you've shared about yourself; I is for I really don't want to be on your friends list...Put them all together, they spell TMI: Too Much Information."

How about the criminals, who have built an entire economy around our personal data? Maybe today should be the day they exchange greeting cards and cakes, all bearing the Social Security numbers of their victims. Or maybe we should all get IRC accounts and collectively send *them* some spam.

In the end, I'm not really sure how to celebrate International Data Privacy Day because it seems like very little of my privacy is really my business. The concept of respecting my privacy is a gift I'd like to bestow upon others. So far, though, they don't seem to want it.

This sounds like a job for Hallmark. Tim Wilson is Editor in Chief and co-founder of Dark Reading.com, UBM Tech's online community for information security professionals. He is responsible for managing the site, assigning and editing content, and writing breaking news stories. Wilson has been recognized as one ... View Full Bio

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/31/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-14310
PUBLISHED: 2020-07-31
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a ma...
CVE-2020-14311
PUBLISHED: 2020-07-31
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
CVE-2020-5413
PUBLISHED: 2020-07-31
Spring Integration framework provides Kryo Codec implementations as an alternative for Java (de)serialization. When Kryo is configured with default options, all unregistered classes are resolved on demand. This leads to the "deserialization gadgets" exploit when provided data contains mali...
CVE-2020-5414
PUBLISHED: 2020-07-31
VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are a...
CVE-2019-11286
PUBLISHED: 2020-07-31
VMware GemFire versions prior to 9.10.0, 9.9.1, 9.8.5, and 9.7.5, and VMware Tanzu GemFire for VMs versions prior to 1.11.0, 1.10.1, 1.9.2, and 1.8.2, contain a JMX service available to the network which does not properly restrict input. A remote authenticated malicious user may request against the ...