Businesses need to pay closer attention to what employees, customers, and visitors are doing with camera phones and other intrusive technologies inside their facilities and on their property, analyst Carl Zetie says.
The world around you is being flooded with intrusive technologies, with camera phones as the tip of the iceberg, and the very concept of privacy, especially in public spaces, is going to be radically overhauled as a result.
Of course, the death of privacy has been predicted many times before, most notably with the growth of private and government databases that cross-reference vast amounts of data about individuals. What's different now is a wave of technologies, including Webcams, RFID tags, and location-based services in phones, that add the potential for "front-end" privacy intrusions that are immediate and personal, to add to the "back-end" intrusions (ranging from large databases of your spending habits to rogue employee abuses of driver records) that are largely offline and aggregated and that we have grown used to. These new technologies also empower individuals to violate each other's privacy, something we had to rely on governments and unscrupulous companies to do for us in the past.
This isn't just a question of individuals taking unwanted pictures of celebrities in public or of retailers actually being able to answer the question, "Nice pants--where have they been?" Many businesses will need to pay closer attention to what employees, customers, and visitors alike are doing with intrusive technologies such as camera phones inside their facilities and on their property. This issue isn't limited to companies that are actively deploying such technologies themselves, but creates risks that all companies are exposed to through other people's use of personal technologies. The latest company to restrict camera phones in its facilities for fear of industrial espionage is Samsung, which is itself a major manufacturer of the offending technology. If companies don't take the confidentiality issue more seriously, they could get hurt in more than one way: legal action by people who feel that their rights have been violated (and of course any consequent negative publicity and brand damage that's likely to ensue) or increased risk of fraud or burglary, to mention just two examples. Companies must address both the reality and perception of confidentiality risks, in equal measure.
There's already evidence from a number of countries that a reaction is setting in, and the list of organizations banning the use of cell phones in all or part of their premises is getting longer. Fitness clubs in the United Kingdom and Hong Kong are banning the use of cell phones in locker rooms (or even altogether) in order to prevent camera phones from being used to take inappropriate pictures. Similarly, the YMCA swimming pools in Australia have banned cell phones from their changing rooms. Some U.K. nightclubs have also started taking action, banning the use of camera phones. In Japan, retailers are concerned about teenagers snapping the most interesting images from fashion magazines, then leaving without buying the magazine. Casinos are also waking up to the potential threat posed by camera phones used to obtain pictures of premises. The great fear in many of these cases is the challenge of distinguishing between somebody harmlessly making a phone call and somebody surreptitiously pointing a camera at you.
In some countries, legislators are getting involved: There's talk of passing a law against the use of camera phones in all Irish leisure centers and swimming pools, following a voluntary ban already imposed by some industry operators. Italy appears to have gone one step further, with the information commissioner, who oversees adherence to data-protection legislation, publishing regulations on the appropriate use of camera phones. A particular Italian concern, reported by the BBC, is that camera phones may become the next tool whereby organized crime can influence election results: Voters would be instructed to send pictures from inside the voting booth to prove that they had voted for the candidate they'd been coerced (or paid) to choose.
The same problems that plague public spaces will also affect companies and their offices. For example, companies need to assess whether the use of camera phones (or cameras in general) on their premises could present a risk, either to their own employees and businesses or to other people using the facilities they own, such as retail stores and pools. In doing so, companies should find a balance between a realistic assessment of the risks and a sober comparison to other exposures to loss of confidentiality. Appropriate questions to ask regarding your own business' confidentiality include these:
Is confidential information, such as announcements on notice boards, project plans on office/cubicle white boards, and notes from previous meetings habitually left in meeting rooms on white boards and flip charts, routinely on display?
Are visitors routinely allowed into or through those areas where such information is exposed, or do you have separate cloistered meeting facilities?
Do you consider the "leaking" of such information a risk compared to other information that's directly provided to those visitors?
Some companies have already started to ban visitors from bringing phones and other wireless devices onto their premises because of these fears. In response, other employers had better start developing policies about how--or even whether--their own employees should comply with such requests. If you hand over your wireless PDA to a stranger while you visit their offices, are you risking the confidentiality of the data on your PDA?
At the same time, an appropriate awareness of privacy and confidentiality shouldn't spill over into an attempt to legitimize pointless restrictions that create real annoyance and a false sense of security. One recent example, reported by movie critic Joe Baltake, concerns an emerging practice of movie distributors insisting that critics surrender their phones when attending previews (as well as other so-called security measures). The idea that a professional movie critic would risk his or her career and livelihood by transmitting a jumpy, low-resolution image of a film a few days ahead of its theatrical release is an example of taking confidentiality concerns too far. Unfortunately, we're likely to see many more examples both of privacy violations and of inappropriate overreactions before society and legislation catch up with the technologies that are already here.
Carl Zetie is an analyst with Forrester Research. His colleague Martha Bennett contributed to this column.
To discuss this column with other readers, please visit the Talk Shop.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.