Striking a balance between privacy and security

Amanda Lieu, SEON’s Product Marketing Manager discusses the balance between privacy and security.

Amanda Lieu

Rather than being a single cut and dry issue, the debate about the balance between security and privacy in the digital world is complex and always evolving, best dealt with on a case-by-case basis rather than with ironclad rules.

Many of us go about our lives without giving much thought to the information available about us, while others are much more worried about the potential for abuse, particularly when they live under repressive governments. VPNs, the Tor network, and ad-blockers are all common tools to take back control of our digital lives, but they are also used by criminals who want to defraud companies and individuals. A balance needs to be struck between privacy and security – but how?

How much of a problem is online crime?
Cybercrime is predicted to cost the world $10.5 trillion dollars a year by 2025. That’s a hundred times more than the $100 billion in damages inflicted each year by natural disasters ten times more than the yearly costs from climate change, and it’s five times more than the oil and gas industry earns in a year. If that amount of money were in the legitimate economy it could do an immense amount of good: stopping climate change will cost $50 trillion over three decades, ending hunger only $330 billion.

Given its sheer scale, online fraud is a global emergency, and yet not enough is being done. A lack of
understanding of the problem is pervasive: individuals are still setting their password to ‘password’ and
governments have been slow to make impactful changes. To make matters worse, some software developers have taken reasonable concerns about privacy too far, to the point that they compromise safety and inadvertently create tools that criminals use.

There is a difference between surveillance and security
It is easy to see how the infrastructure created to facilitate surveillance capitalism could be used for purposes other than selling advertising. However, fraud prevention is different: it is based on collecting smaller amounts of data for a limited time and using them for a very specific purpose. Anti-fraud companies are only interested in knowing if a device is part of a fraud ring trying out different stolen cards at scale, and this is done not for commercial purposes but to protect card owners and support online businesses who want to keep their customers safe.

For example, we use publicly available information to analyse such device information to help online
businesses identify risky users and transactions. Any data we collect is anonymous, not stored for more than a year, not shared between customers, not used to build a global database and is held to ISO 27002 standards.

There is an enormous gulf between this and the all-encompassing surveillance that is the business model of many of the world’s biggest companies. This is why it is such a shame that some well-meaning organisations have become overzealous when it comes to protecting privacy in ways that end up helping criminals. The Brave web browser, for example, has a mission statement that we agree with wholeheartedly: “As a user, access to your web activity and data is sold to the highest bidder. Internet giants grow rich, while publishers go out of business. And the entire system is rife with ad fraud.”

However, in addition to blocking the tracking used by advertisers, their browser also blocks device fingerprinting, which is one of the methods used to help detect fraud. Therefore, blocking all of it is bad for end users, as it can also easily lead to the accidental rejection of genuine transactions.

As privacy tools are exploited by online criminals, this makes it harder for those trying to reduce or prevent online fraud and companies and consumers around the world will lose out – without anyone’s privacy being affected in a real way. The key point here is that before blocking certain tools their purpose should also be considered.

Why privacy and security need to work together for the greater good
We hear about obvious cases of overreach and outright criminality online every day, whether that’s proposals to eliminate online anonymity in the UK or the Pegasus Project to target journalists and activists. These are easy to see as unequivocally wrong, but for most of us living digital lives means constant compromises between what we want to do and what we are willing to share. Rather than making a binary choice between ‘privacy’ and ‘freedom’, we all negotiate whether the services we use are worth the risk.

Companies who create software to protect ordinary people online need to have a nuanced view of what is and isn’t a breach of privacy unless they want their software to be used by and associated with criminals. We all have to use the internet together, so it is vital that companies offering privacy protection do not adopt an absolutist position but be more open to legitimate uses for solutions that protect users against fraud.

 

To stay up to date on the latest, trends, innovations, people news and company updates within the global security market please register to receive our newsletter here.

Media contact

Rebecca Morpeth Spayne,
Editor, Security Portfolio

Tel: +44 (0) 1622 823 922
Email: editor@securitynewsdesk.com

Subscribe to our newsletter

Don't miss new updates on your email
Scroll to Top