SearchSecurity.com has point-counterpoint essays about online privacy by two experts. Marcus Ranum is the CSO of Tenable Network Security and is a well-known security technology innovator, teacher and speaker. Bruce Schneier is chief security technology officer of BT Global Services and the author of Schneier on Security.
Excerpt from Ranum:
From the beginning, online privacy was probably more of a goal than a reality — a goal that was near and dear to a few technologically sophisticated users: the Cypherpunks, and the Electronic Frontier Foundation. Everyone else either assumed their actions were private, or didn’t really care. Indeed, most people’s lives really aren’t worth looking at, unless you’re somehow involved with them personally, so “so what?” is probably a pretty decent strategy for most people.
What we’ve seen is that governments are consistently willing to ignore their own wiretapping rules — so much so, in fact, that a cynic might say that the rules exist only to encourage a false sense of confidence in the targets. It makes you wonder, doesn’t it?
The big surprise, to me, is that anyone falls for it.
Excerpt from Schneier:
If your data is online, it is not private. Oh, maybe it seems private. Certainly, only you have access to your e-mail. Well, you and your ISP. And the sender’s ISP. And any backbone provider who happens to route that mail from the sender to you. And, if you read your personal mail from work, your company. And, if they have taps at the correct points, the NSA and any other sufficiently well-funded government intelligence organization–domestic and international. […]
The general problem is that, for the most part, your online data is not under your control.
Cloud computing and software as a service exacerbate this problem even more. Your webmail is less under your control than it would be if you downloaded your mail to your computer. If you use Salesforce.com, you’re relying on that company to keep your data private. If you use Google Docs, you’re relying on Google.