The frightening truth about your data

Every day we’re hearing more stories coming in the media about how this company is doing this with your data, that company is doing that with your data. Firstly, let’s be clear. By saying ‘data’, what we mean is any and all personal information or content that you have generated or put online.

Your name, your age, photos of you and your friends, who your friends are and just about everything else. 

Some companies use your data for their own purposes which you have to allow if you want to use their product. Some of them are making it confusing or even difficult when you try and take it back off them. Facebook, which we reported on recently, try and get you to deactivate your account instead of delete it, archive your messages instead of delete them, and by doing so, continue to have royalty-free licence over content that’s related to your account. 

That’s your content they have licence to. The reason they make it so confusing and give you options like deactivation instead of just outright deletion is they lose licence over your intellectual property when you delete it. If the account is simply inactive rather than deleted, they continue to have that licence over it.  See section two of Facebook’s terms.

This also plays into Facebook’s reasons for taking 14 days for your account to be removed if you do find the delete button. Many people use single-sign-on or use Facebook to log into other sites. Absent mindedness can potentially leave your content in their clutches.

Of course, Facebook’s response is that it knows what it’s doing, and what it’s doing is good for you. When asked if Facebook deliberately makes leaving difficult – and if it is a reaction to the market – it sent us instructions on how to leave the service. The 14 day period is for your own good. Here’s what the press office has to say:

“We do save data for a short two week window, in case a person chooses to delete their profile by accident, or changes their mind having deleted their profile. This window also prevents the loss of potentially incriminating evidence – for example, if a person was harassing another person.”

Trust us.

As industry watchers know, companies are already tracking what you do online. Each time you go to one of the major web browsers (Google, Bing, and Yahoo! for example) a cookie is placed on your computer which can be used to help in tracking your search history. The claims are that it helps them to remember your search preferences, making your searching experience more personal and comfortable. 

From Microsoft’s privacy policy: We also use technologies, such as cookies and web beacons, to collect information about the pages you view, the links you click and other actions you take on our sites and services. Additionally, we receive certain standard information that your browser sends to every website you visit, such as your IP address, browser type and language, access times and referring Web site addresses

Quoted from EFF (Electronic Frontier Foundation): “Google, Yahoo, MSN, AOL and other search engines record your search queries and maintain massive databases that reach into the most intimate details of your life. When revealed to others, these details can be embarrassing and even cause great harm. Would you want strangers to know where you or your child work or go to school? How about everyone seeing searches that reference your medical history, financial information, sexual orientation, or religious affiliation?”

It’s not OK for your friends, family and certainly not for strangers to monitor these things, but corporations fall into the latter.

On top of this, analytics services are all over the place, offering solutions that help companies understand the traffic on their websites so they can adjust their marketing to fit your search behaviour.

Some companies have been caught using more extreme methods than just cookies. Kissmetrics were exposed for tracking users using dubious, hard to evade methods.

Using ETag technology, Flash, Silverlight and others means that even if you deleted your cookies, they could still gather information by recreating the cookies and continuing as usual.  They have come under heavy fire for using these methods and they, along with a number of their more high profile clients, are now being sued over user privacy

In addition to companies trying to keep your information and follow you around the web, governments worldwide are attempting to push through more and more legislation which allows them increased rights to view your data and activities, too.

The US has been trying to push through a bill which would force ISPs to keep logs of all of their users for 18 months. It’s titled “The Protecting Children from Internet Pornographers Act of 2011” or “H.R. 1981”. Aside from making ISPs keep your name, address and other details, it would make them track your movements online.  

It’s already made it through committee.

H.R. 1981 is supposedly meant to combat child pornography online, really what it’s doing is keeping a database of all American citizens and their online activity.  It will be shocking if it passes, given the backlash from not only privacy groups, but also government officials and the public at large.

Getting through committee and that in itself means there’s some people in government in the US who believe it’s actually a good idea. It means that similar legislation may have more support in future, perhaps not even under the guise of ‘Please, think of the children!’.

Does that sound incredibly far reaching to you? Try being Norwegian.

They have recently passed what is possibly the scariest EU directive yet, ‘The Data Retention Directive’, meaning ISPs are obligated to store traffic and localisation data from landlines, mobiles, internet, email and other devices and services.

The information is stored for up to six months and can be accessed by police with a court order. They are only allowed to use traffic data for crimes punishable by at least four years, and localisation data for crimes punishable by at least 5. These far reaching laws, monitoring users, are already there. It already exists.

New legislation is proposed all over world all the time. You read articles about new restrictions on where you’re allowed online, what you’re allowed to do, how you can and can’t conduct yourself. So what does this mean for the future of your choice when it comes to your surfing?

BT was recently told by the High Court in Britain that they had to block access to the popular file-sharing website Newzbin2 under the 1988 Copyright, Design and Patents Act (CDPA). It was quickly overturned amid censorship fears. But again, much like HR 1981, whether it’s in effect or not is not the whole concern.

A judge deemed it acceptable and the MPA and BPI stroked their beards, considering who to go for next. The fact it passed in the first place makes future censorship certain. Opinion will slowly be twisted and rights will be eroded as a result. 

The trouble with blocking this content is what’s stopping all file sharing websites – which are often used by people who are sharing legally, too – being blocked in the UK? If one ISP is being told it has to block content, how long before the others are told to bow down and follow suit? 

What about other groups becoming angered by the content of a site, and insisting that be blocked too?  It’s removing the rights of the user to decide what they want to see for themselves. The state is doing it for them.

Obscenity laws have deemed some online content illegal where it previously wasn’t. Some time ago, the ISP BT blocked access to images on 4chan for this reason. Some content being displayed there was deemed obscene or illegal. It’s an open forum where anyone can post anything, so the content being there was the responsibility of an individual, yet BT began denying access to the majority for the actions of a few. 

Changing the colours of the 2012 logo can potentially turn it into child pornography in Australia due to the shapes resembling child Simpsons characters. So what’s stopping every website that displays any kind of morally, ethically and legally questionable material being blocked in future – not much.

Or for open forums facing censorship because ‘someone might post something we don’t like’. It sounds like a ridiculous extreme, but if we allow the new trend of restrictions to continue, we are leaving ourselves vulnerable to such extremes being imposed. 

It’s just a case of whether those in power feel like employing them, and how much we’re willing to fight to stop them.

Companies are not only collecting and storing more of our data, but recent online protests by hacktivist groups LulzSec and Anonymous, among others, are continuing to expose the fact that data is not being protected to the standard that we should demand.

The lax database security means fairly simple methods to those with a bit of knowledge are allowing groups to steal our details, passwords, emails and so on, and post them online. 

Although the methods are morally grey, it surely must force companies and government agencies to become accountable and responsible when handling our information. 

You’ve got to think about the companies and agencies who haven’t been attacked. How are they handling it? It’s hard to imagine much has really changed for the majority, and it can only lead us to question exactly how secure we should feel. Can you really say that your name, address, phone number and other details won’t appear on pastebin one day?

Even the NHS ‘security has been found by LulzSec to have security vulnerabilities. Although the vulnerabilities were not exploited, think of the amount of highly sensitive data the NHS holds on you.

The NHS is doing a good job in leaking that information, it doesn’t need a helping hand

Though LulzSec may only be ‘doing it for the lulz’, there is an important underlying message of a need for accountability, freedom and security.

In 10 years time it’s hard to see that the ever extreme legislation and ever controlling companies won’t slowly sway public opinion. It’s a constantly changing compromise. “We’ll impose this, it means we can watch you everywhere on the internet and have rights to see everything about you, and we’ll have joint ownership of all of your intellectual property!”. 

The response from people who know is utter disgust. People want their basic right to have control over their own information. 

Unfortunately it usually leads to us compromising our privacy regardless. 

The compromise generally has no teeth, and it reads something like: “Well you didn’t like that idea so we’ve toned it down a bit and it’s not as invasive, sorry about that! We’ll track you in these areas, block you from accessing this, we’ll only keep some of your personal information and we’ll only have rights over your information while you’re an account holder”. 

Even though there’s still privacy groups pulling their hair out, the masses don’t gather to protest and the terms are accepted. The people still decrying the policy are then likened to conspiracy theorists and their concerns are met with rolling eyes, tuts, and being offered a tinfoil hat.

More of us are living out our lives online.

Facebook’s facial recognition for photo tagging is a prime example, it makes things simpler for us, but it also means they now hold the world’s largest facial recognition database. Most people weren’t even aware of the ramifications of keeping the default feature on. Many people still aren’t.

In 10 years time, medical records, legal documents, and so on, you can be assured that it will be stored online. We’re going to have to start using much more secure forms of authentication in order to access it. The use of retinal scans, facial recognition and fingerprint identification are all on the increase.

Obviously this means that a database of such details will be necessary for it to work. Will they be well protected, or will there be releases from hacktivist groups consisting of 70,000 fingerprints, retinal scans, and who knows what else.

Perhaps the ongoing data war will make us face up to a need for improvement, but you can be certain that the value of data will increase as a result. If there is value in it, someone will want it. Serious hacking is already on the black market.

As for our online habits, we can be quite sure that whatever we’re doing is going to be watched.

This could be at the hands of private companies making money from it, buying and selling it for marketing or other purposes, governments holding it in case you’re suspected of doing something illegal, or perhaps both. There is little chance of us having any form of anonymity without the use of VPN and pseudonyms.

We already have people creating false identities to keep their online lives privacy today – some would argue it’s already a necessity if you want your business to be your own now, and in the future.

We are all playthings in a data war, whether we want to be or not. Unlike Facebook’s facial recognition we can’t opt out.

Privacy advocates have already told us, off the record, that we must ‘be prepared to fight for your digital liberty’. And if we don’t? Who knows. 1984 indeed.