Taking a closer look at current and potential future privacy laws and best practice for staying safe online.
Despite a seemingly constant flow of phishing emails, internet users are more knowledgeable than ever about protecting their personal data and keeping their sensitive data under wraps. Secure servers and two-stage bank logins are commonplace nowadays, while antivirus packages increasingly flag up unsecured websites that could be at risk from hackers.
Unfortunately, some people still make simple security mistakes that can provide unseen eyes with a wealth of potentially sensitive information. From typing passwords on a train in full view of surrounding passengers and using “password” as a password, through to posting critical messages about colleagues in a publicly-visible social media profile, millions of us continue to make our private affairs more public than we should. Often, this is simply a case of ‘can’t-be-bothered’ syndrome, with common mistakes including leaving broadband networks unsecured and not logging out of webmail when using public computers.
So what’s the current security situation in the UK?
A wider concern among more knowledgeable internet users involves the extent to which our online activities can be seen and monitored by security services, both domestically and overseas. The phrase “in the interests of national security” means that a lot of state surveillance is covert, which in turn means it can’t be blocked by raising Twitter’s privacy settings or opening private windows on Firefox. The UK’s current legislation is patchy, as it never predicted the advent of smartphones or IM apps. For example, the Regulation of Investigatory Powers Act 2000 was drawn up at a time when domestic internet access was rare and mobile phones were considered sophisticated if they contained Snake.
Making sense of the UK’s privacy laws should become easier in future following the release earlier this month of a 300-page report by the UK’s independent reviewer of sensitive security legislation. David Anderson QC has described the existing legislative framework as “fragmented” and in need of a complete overhaul. However, he also acknowledged that any intrusive surveillance powers must be “shown to be necessary, clearly spelled out in law, limited in accordance with international human rights standards and subject to demanding and visible safeguards.”. That implies a determination to provide unambiguous guidelines that every organisation (no matter how clandestine) must adhere to.
What’s the best practice for staying safe online?
When people understand the powers and privileges bestowed upon surveillance agencies, they can make informed decisions about how much of their personal information they’re willing to share via the internet – just as we do today by adjusting our firewall and cookie settings.
With a degree of uncertainty about whether the UK’s privacy legislation complies with EU legislation, and unspecified rumours of tighter laws to come, the best course of action is to assume that any electronic communications you send may eventually be seen by someone other than the intended recipient. Unless you’re willing to use an encrypted web browser like Tor, online activity and private messages could potentially be stored somewhere in the ether for years to come. The internet may be more secure than ever, but as in any public environment, many of the things we do online are less private than the anonymity of our computer screens would suggest.