Welcome to my fourth and last installment in the discussion about the expectations of user and device tracking. I would like to take a little time up front to thank you all for taking the time to read my post and a real big shout out to the ones that have made comments about the posts. With that said, I want to make this post a little different in that I want to review the different themes of the discussions and incorporate some of you, the reader's comments, as I work on presenting what might be a consensus on the themes of the discussion.
In my first post, I attempted to keep the focus on specifically about corporate owned assets that are distributed to the end users in a company. Michael Stumps' opinion is that, “If it's company owned, go ahead and track the hell out of it. I know my work laptop is for work only. But I bring my personal laptop with me to the office, so I can connect to the guest wireless and clearly separate work from non-work things. Plus, here in the public sector, everyone lives in fear of front-page coverage in the Washington Post in the event that a laptop or smartphone or whatever gets lost.” That makes total sense and it seems completely reasonable. After all if it is a company asset it is not something that you own and therefor do not get to call the shots on proper usage. However, have you ever noticed that there is no consistency between different companies? Mikegrocket has clearly pointed out one extreme in that, “I work for the government, so I have sold my soul to them. Everything is monitored and tracked.” One other point that Mikegrocket made that is really worth mentioning is, “The idea of data loss protection/prevention comes into play as well. I need to know who is attempting to remove data and what that data is. We can't have important information going out the door. I know it happens, can you say Snowden, but I do what I can to prevent it happening on my network.” That is one point that I believe is left out of the discussion until the article in the Washington Post brings it to light. As cahunt pointed out the information should be in, “that agreement you half read and fully signed when starting should encompass the use of that company laptop - on or off site."
In my next post, I changed the focus from corporate owned assets and moved to personal computers and devices that we all incorporate into our professional lives. Here is where we started to see a loss of the general consensus in that with some people that,9 “I dont like the idea of personal devices accessing sensitive corporate information. To me, that is a good dividing line. In this way, the corp doesnt need to install anything on my phone, laptop, etc and they have measures in place to keep me out of their data.” I really have to agree with him and draw the line in the sand that Jim Couch has specified on data access, but can’t that really be side stepped where people can email what they need to their device and that the data ends up who knows where or what cloud? Time seems to be an issue that stands out, “My only issue is the time frame, if the device is truly lost 3 days later it would be out of battery. If you are SIM capable, you can pull the SIM and still may have access to some data on the device and without your SIM you lose the WIPE ability since it powered up and did not connect.” Kevin Crouch took a little detour in the conversation to switch the focus from the device and move it to the person. “Being completely honest here, 50% of phones I see have no password probably 40% have a pattern lock that’s 4 nodes long, and the remaining is split between face, fingerprint, password and Pin (often just four digits long)” He even went further with how careless users can be with the credentials. “The worst part is that those people who just spout it out often want the consultant to enter it too! If you say It once I probably won’t remember it. If you make me type it, unless it’s chicken scratch (#@DFks@dsk1&4) I’m going to remember it easily (Wh0llyM0ly1991).” Once some unsavory person has your logon and password, the concept of identity theft can take on a whole new dimension.
Now, speaking of the users and outside of our corporate oasis, we all become the users that are tracked by websites, stores, and tolls and of course everyone’s favorite...Big Brother. It seems to appear that the twenty first century is the century for big data in both gathering and mining. When it comes to the web, “practically every site on the web does this. Google especially watches everywhere you visit, everything you buy, every forum you post on, and tries to customize their ads to appeal to you on a deeper and deeper level” How much longer will it be before we all see specialized billboards and signs on the street that will present individualized adds for you as the billboard or sign recognizes you as you approach? Since most of you that are reading this are the admins that perform some of this tracking for your company and for those of you that mentioned you work for the government, which agency did you say you worked with again? Zackm make a point that is worth mentioning when he says “I tend to 'assimilate' under the pretense that the admins should be taking a dose of their own medicine.” That seems to be the way forward for things to stay “real” for all of us. As I mentioned in my last post, these are just the ones we know about. Tcbene summed that up when he said, “Many people have no idea how much data is being collected on them daily. I just finished reading an article on the data Google maps is collecting on an individual’s whereabouts when using Google maps. Like free Wi-Fi people generally don't think about what they are giving up when they use the service someone is offering. With Google maps they're not just helping you find your way to a location, they are keeping the history of everywhere you go anytime the location services are activated. That aspect must be in the fine print people never read, I know, I didn't ask for that feature.” It really seems that people and governments that perform that tracking seem to hope for or count on the concept of what you don’t know can’t hurt you. Before the Snowden leak, we all knew the government had tools and were using them, but are you like me that was really kind of surprised and the scope and depth of the tools and the capabilities? I wonder if I liked it better when I did not really know.
No matter you thoughts or concerns on this matter the simple fact is that this is now just a simple fact of life that we all have to deal with. What makes me worry even more is who is watching the watchers? Could you imagine an unsavory individual that uses the technology to further their own goals? How much dirt could be gathered on say Congressmen, Senators, Supreme Court Justices or even the President? We all have dirt, no one is perfect and the ability to gather data to influence the outcome of things that will undoubtedly affect us all.