Is it Too Late for Data Privacy?
The numbers are staggering. Last year’s Equifax breach, along with more recent additions, have resulted in nearly 150 million Americans—more than half of all those 18 and older—having essential identity data exposed, such as Social Security numbers, addresses, and more. And that’s just in the past year. In 2016, 2.2 billion data records of various types were poached via Internet of Things (IoT) devices—such as smart home products. Just yesterday, a judge ruled that a class action case against Yahoo (now part of Verizon) regarding the data breach of all 3 billion (yes, with a “B”) of its Yahoo mail accounts could proceed. Is it any wonder that according to a survey by the National Cybersecurity Alliance, 68% of Americans don’t trust brands to handle their personal information appropriately?
The situation has become so bad, in fact, that there are some who are now questioning whether the concept of personal privacy has essentially disappeared into the digital ethers. Talk to many young people (Gen Z, Millenials, etc.) and they seem to have already accepted that virtually everything about their lives is going to be public. Of course, many of them don’t exactly help their situation, as they readily share staggering amounts of intimate details about their lives on social media and other types of applications, but that’s a topic for another day.
Even people who try to be cautious about their online presence are starting to realize that there’s a staggering amount of information available about virtually every one of us, if you bother to look. Home address histories, phone numbers, employment histories, group affiliations, personal photos, pet’s names, web browsing history, bank account numbers, and yes, Social Security numbers are all within relatively easy (and often free) reach for an enormous percentage of the US population.
Remember all those privacy tips about shredding your mail or other paper documents to avoid getting your identity stolen? They all seem kind of quaint (and, unfortunately, essentially useless) now, because our digital footprints extend so much farther and deeper than any paper trail could possibly go that I doubt anyone would even bother trying to leverage paper records anymore.
While it may not be popular to say so, part of the problem has to do with the enormous amounts of time that people spend on social media (and social media platforms themselves). In fact, according to a survey of cyberstalkers reported by the Identity Theft Resource Center, 82% of them use social media to gather the critical personal information they need to perform their identity thefts against potential victims.
My perspective on the extent of the problem with social media really hit home a few weeks ago as I was watching, of all things, a travel program on TV. Like many of these shows, the host was discussing interesting places to visit in various cities—in this case, one of them was a museum in Nuremberg, Germany dedicated to the Stasi, the infamous (and now defunct) secret police of former East Germany. A guide from the museum was describing the tactics this nefarious group would use to collect information on its citizens: asking friends and family to share the activities of one another, interceding between people writing to each other, secretly reading letters and other correspondence before they got passed along, and so on.
The analogies to modern social media, as well as website and email tracking, to generate “personalized” ads, were staggering. Of course, the difference is that now we’re all doing this willingly. Plus, today it’s in easily savable, searchable, and archivable digital form, instead of all the paper forms they used to organize into physical folders on everyone. Frankly, the information that many of our modern digital services are creating is something that these secret police-type organizations could have only dreamt about—it’s an Orwellian tragedy of epic proportions.
So, what can we do about it? Well, for one, we all need to pull our collective heads out of the sand and acknowledge that it’s a severe problem. But beyond that, it’s clear that something needs to be done from a legislative or regulatory perspective. I’m certainly not a fan of governmental intervention, but for an issue as pervasive and unlikely to change as this one, there seems little choice. (Remember that companies like Facebook, Google and others are making hundreds of billions of dollars every year leveraging some of this data for advertising and other services, giving them absolutely zero incentive to adjust on their own.)
One interesting idea to start with is the concept of data labelling, a la the food labelling standards now in place. With data labelling, any online service, website, application or other data usage would be required to explain exactly what information they were collecting, what it was used for, who it was sold to, etc., all in plain, simple language in a very obvious location. Of course, there should also be options that disallow the information from being shared. In addition, an interesting twist might be the potential to leverage blockchain technology to let each person control and track where their information went and potentially even financially benefit from its sale.
The problem extends beyond the more obvious types of information to location data as well. In fact, even if all the content of any online activity you did was blocked, it turns out that a tremendous amount of information can be gathered just by tracking your location on a regular, ongoing basis, as the January story about the tracking US military personnel through their Strava/Fitbit wearables fitness apps so glaringly illustrated. Even outside military situations, the level of location tracking that can be done through a combination of smartphones, GPS, connected cars, ride sharing applications, WiFi networks, Bluetooth, and more is staggering, and there’s currently no legislation in place to prevent that data from being used without your permission.
All of us can and should be smarter about how we spend our time online, and there are organizations like Staysafeonline.org that offer lots of practical tips on things you can do. However, the issues go way beyond simple tricks to help protect your digital identity. It’s time for Congress and other representatives to take a serious look at things they can do to protect our privacy and identity from the digital world in which we live. Even legislative efforts won’t solve all the data privacy issues we face, but the topic is just too important to ignore.