Familiar digital privacy may suffer more from negligence and mass surveillance.
In 2007, most of us believed we could happily surf the web uncaring and ignorant of where the data went. In today’s age of Big Data, we know that everything we do online leaves a digital footprint leading back to us.
In 2015, the UN recognizes the world's online users face enormous barriers to digital privacy against continuous storms of exposure: government mass surveillance, market data surveillance and data breaches.
It all seems like an impossible fight to win, until you realize just how responsible you are for how things are actually going with your digital privacy.
Here are 10 reasons why your digital life isn’t private.
1. Casual negligence of basic information security hygiene and computer maintenance.
It’s natural for some of us to put up partitions in our minds for computing and security against the stack of things we must do. That is, until updates and installs slide further further down on the To-Do list, until they are forgotten altogether. Our culture has lulled us into making a mistake.
We are spoiled with smoothly operating technology. We take easy, user friendly interfaces for granted. When things work, we often don’t see the sense in maintaining computers. However, no one feels as abandoned in the middle of an information security crisis as the person who didn’t take the advice of their IT administrators on web security maintenance. Take responsibility for your computing now before it becomes a legal liability to you and others who depend on you.
If you use a computer, conduct updates, scans and installs regularly to reinforce your computer’s security. Get regular maintenance of your aging computers. Old programming and hardware gets weak and vulnerable to attacks. Don’t wait. Follow a scheduled regimen and recommended advice given by IT administrators at work. Model a personal information security practice based on professional best practices.
Take greater responsibility for your role in network security. You don’t want to be the one waiting on an expensive InfoSec team to finish an audit of your network during a breach crisis. Especially, if they find you were the one who left the ‘Welcome’ mat out for hackers due to negligence. Even if you own a small business site trading baseball cards you may be held liable for breach damages. So don’t be the weak link. Get your plan together if you buy, sell or exchange online.
Don't have an Information Security Officer? If you need more help, look into hiring someone who can help you. Otherwise look in the mirror at your new ISO.
2. Lack of preparedness in the event of a data breach crisis.
Periodically you will see a PSA urging households to get a fire safety or flood insurance plan. They advise families to discuss crisis escape routes. Businesses often have data breach protocols in place to avoid liability. Why wouldn’t you organize a household plan to help navigate an information security crisis, like a bank breach or identity theft?
A good part of information security maintenance includes prevention and crisis planning. Data breaches and hacker infiltration are on the rise. Even the most average Joe with the most basic computer needs should develop a plan.
While every plan should fit the people who use them, it should include some core fundamentals to be effective. Your privacy crisis plan should include: what you and your family should do in the event of a data breach, contacts for law enforcement & regulatory agencies following a cyberattack incident, education on safeguards for key health and financial information, routine information security check ups, regular back ups of the family hard drives, technical recovery resources for personal information and a discussion about cybersecurity insurance.
To help you prepare, a free data breach recovery and instant crisis planner is available for free to all who sign up.
3. Poor ‘Operational Security’ planning with your friends and family.
It’s the middle of the day. Does your family understand the difference between what’s considered private and whats “ready for Prime Time” on social media? Do they know that information has an afterlife, even if you delete it? Do they know your position on sexting? Will your elderly parents see it on your feed? How will a company or employer handle your pithy assertions on Twitter? How would the NSA interpret your backhanded IRS policy recommendations over the phone if you are super mad about your tax statement? If you don’t know the answers to these compelling questions and more, you probably should make efforts to develop your own Operational Security or OpSec plan.
It may be time to have a “gate keeping” discussion with your friends and family tailored to the information age. If you want to keep your cell traffic signals off of public surveillance radars you have to discuss the reality of mass surveillance. You have to decide together if and when to shut down your phones. You have to develop a family strategy to keep your private “stuff” private.
If you want more digital discretion in your life, you have to include the people closest to you. If you don’t explain to your friends & family how important your privacy is to you, you can’t get them to respect limits to sharing the basic things they know about you like, an address or a phone number or even a picture online. You should have a discussion about off-limits topics for wireless chats and mobile phone conversations, how to improve their security with encryption and settings management.
Even if you managed your own settings, without good OpSec rules your privacy plan could fall flat. You managed the settings on your phone. You installed Tor and Whisper Systems on your smartphone and use better encryption. If you plan to give your phone number to your young nephew, he’s should understand why he can’t add any of your personal information to social media apps on Facebook or Google+. However, if you still get a Batman picture sent from a Facebook app after your talk, he will need to understand the consequences he just imposed on your privacy. Perhaps he should pay the 30$ to change your phone number or he can clean your basement for the next 2 weeks. Then you discuss whether he gets to call you at your new number.
Unfortunately, not everyone is going to go with you on your journey to be more private. Be aware of the people in your family who are reckless with their own information security habits. You can only go with them so far. Stay true to yourself by limiting information shares with people who have poor regard for privacy. Make sure they won’t get access to personal information that will hurt you down the line.
4. Ignorance of how personal information is handled by the people you give it to.
Ignorance is the undoing of many unsuspecting data owners using digital cloud based services. If you don’t know the privacy and information security policies of the companies you give your daily data to perhaps you should look into it sooner than later.
A quick way to gauge how well a digital service regards consumer privacy is to read the Terms of Service agreement. A shortcut is to perform a document word search for terms like: data, retention, privacy, or “subject to change”. If the Terms of Service agreement are unclear, seem legally slippery or prove virtually useless to you as a consumer, it’s best to cut your losses. Leave the service behind.
You don’t “owe” a digital service any business if you understand they will exploit your data. Your friends and family may feel a loss if you leave a social network. They may not have accepted the liability they are subjecting themselves and others to by staying on themselves. However, you owe it to yourself to be as private as you need to be. If that means leaving a service who puts your information at risk for theft, exploitation, or other harms, don’t wait for permission.
5. Too Much Information becomes a storage and security liability.
Before digital privacy and mass surveillance policy were a popular concern there were data scientists organizing ways to analyze and monetize your data contribution to their platforms. In fact, monetizing data analytics (Big Data) are how companies like Google became very rich. Your account data in 1997 couldn’t be narrowed, cleaned and personalized the way it is now. Today stores may automatically send you pharmaceutical ads targeting your fungal infection before you said anything. That’s the difference Big Data makes.
Today your online habits have generated over a petabye of data collecting over a period of years. Big Data has become a huge commerce racket for people who analyze and move data around. Procuring your permission to move and sell the data you generate is just not in Big Data’s business model. They get lawyers who know you lack the patience to read the Terms of Service to get your consent before use. The only thing that troubles them is how to get it, managing it and where to store it, not necessarily if the data is secure.
Big Data has a big problem though. As so much information piles up rapidly, storage capacity becomes a security issue. Data backups are something that requires more and more space as well as maintenance. Years and years of compounded data can lead to system vulnerabilities, data leaks and eventually data loss if storage is not clinically maintained. Big Data suffers from the size of its appetite. Data loss signs dot the road of technical incompetence or negligence dead ending with an opportunistic hacker.
The only way to fend off Big Data is to look into the data retention and privacy practices of businesses who rely on cloud services. If data custodians don’t dispose of assigned data regularly, abiding with legal guidelines or best practices for data retention, information security will falter.
Unfortunately, the legal time frame for hanging onto data sometimes exceeds the capacity to securely store information. If that is the case you will see more breaches and critical data loss. If a company can’t manage data efficiently, you may need to consider getting your data out of there and leaving the service. Ask to see their data retention policy.
6. You don’t know that you own your data.
You own your data. All of it. All personal information or data generated by you is owned by you. In most legal interpretations following a breach protocol, you are identified as the Data Owner. That is why you are notified by companies and corporate information authorities responsible for holding you data, also known as Data Custodians.
This means you have a lot of rights when it comes to how your data is managed. If you choose to stop any corporate or government entity from buying or selling your information, they are compelled by law to regard your wishes. Your information is your property. If someone breaks or misuses your property, like in any other case, you can hire an advocate to pursue civil damages.
7. Criminals are hacking every computing network.
Criminal hacking enterprises are so ubiquitous information security specialists simply presume they are already inside your computer network. Information security specialists are now developing ways to stopping exfiltration, or the ways hackers get data out of computers. Until they can pass those gifts onto computing consumers, there are a variety of ways you can help adopt more protection to fend off hacker advances.
Better privacy protections and tools are available in the marketplace to make it inconvenient for hackers to access to your computer. There is software that will help comprehensively encrypt all of your hard drive files like TrueCrypt, FileVault & BitLocker. Smartphones have better encryption tools available through services like Signal and Silent Circle. Email conventions are also being progressively improved for adoption of PGP encryption and cloud mail services like Proton Mail. Developers at the US State Department now have an operating system and haystack obfuscation application available free to users around the globe. Many people have success obscuring online traffic using a Virtual Private Network (VPN). VPN is very affordable and available for most computing devices. Even private chat applications are coming up in the world like Jabber and CryptoCat.
Criminal hacks are hazards which come with computing use. Privacy applications can be tricky to use and operate on an advanced learning curve so you may need help. If you use tools and planning available to you, you will have advantages others won’t when their data is being compromised. You can also sign up for updates and follow Information Security pros on social media to stay ahead of security threats once they become known.
8. Governments are using criminals to hack your networks.
In early 2015, publishers of the Snowden leaks, Der Spiegel & WSJ, released news that criminal hacking exploits were being co-opted by NSA surveillance campaigns. Backdoor exploits or network infiltration bugs opened up by one set of hackers are being used by governments to enter computing networks. For instance, hackers will insert code to keep a penetration point open if they want to come back to visit. Then governments simply walk right in the backdoor because a hacker left it open.
The NSA and other governments opportunists use a diversity of tactics initiated by other hackers. Spies monitor traffic using a technique called deep packet inspection to look for network penetration points. Packet sniffers tell them how hackers got in and out of the networks and even who they might be. The NSA will also “piggyback” on adware, spyware and malware code to have a look-see at cookies, web history and anything else that will tell them what you’re doing or where you’ve gone online. They also get into the market for Zero Day software exploits from other hackers.
The knowledge governments allow criminal hackers to do priming work for them isn’t comforting, but it is one reason why you are not as private as you may want to be.
9. Privacy isn’t yet a real priority.
We have busy lives. There is school, bills, shopping, work plus more work, and family. Everyone is fighting with an army of electronic distractions. You are also fighting people who text while driving and stopped talking at the dinner table due to device infiltration. Just when are you going to squeeze in human interaction that competes with an invisible electronic helmet, much less a regard for privacy?
If you can argue that privacy protection is a need, not a want, you will start looking at the gilded electronic cage we built around ourselves with fresh eyes. You will start seeing your online use in context of how you feed the Big Data beast. You will see how your data is being capitalized as currency, with no personal benefit to you. You start seeing how the habits form around bypassing a preference for privacy to convenience & instant gratification. Mindfulness towards your online privacy will save you from investing in something sure to compromise your personal interests and compounded with a sense of overwhelm and futility.
Once you notice your habits you can increase steps to make yourself more private. Ask yourself the test question, “Is this really private?” Apply some privacy goals to your online use. Review the Terms of Service policies. Pay attention to computer “hygiene” with scheduled updates and maintenance. Install privacy software applications on your devices.
Privacy is now a thing to be reclaimed. You don’t own anyone failure in the matter of protecting yourself from online threats or privacy disclosures.Your privacy outlook won’t shape up overnight. However, with dedicated practice your security prospects will improve. You’ll regain confidence in how you apply privacy controls online and in life.
10. You simply won’t do what you can to get ahead of a crisis, when you can do it.
Procrastination. That old devil is the root of undoing for many when it comes time to tackle problems. To take action in a timely way is the difference between acknowledging a problem and living with the damages. For instance, if you apply time to “other things” against items you know are on fire, the priority will burn down at loss. Privacy can pass unnoticed unless something is “on fire”, but by then it’s usually too late.
Prevention beats regret any day of the week. Get a privacy plan together. Discuss what’s private with your family. Evaluate public policy action based on how it protects your interests in a timely way. Take action on computer updates and privacy ware as it is made available. You can build a discipline around privacy and prevention that forms new habits that will protect you for years to come. When crisis does breach your walls, you will be more resilient, recover faster and be a leader to those less fortunate in similar straits.
Until public policy changes, Internet users should adopt a more-vigilant-than-yesterday stance toward computing. There is a lot you can do to take control of circumstances that could easily get the better of your privacy prospects while you were asleep. Do whatever you can do, when you can do it. By seeking out and applying privacy and information security best practices in a timely way you will eventually escape certain crisis unharmed.
##
Sheila Dean is the author of the forthcoming book “Rebalance Your Privacy: Removing personal barriers to digital privacy & data reclamation”.
Sheila is an active voice for more technical privacy provisions to improve the digital user experience. She also hopes to help optimize a new modern social discipline necessary to be more private. What started as a dedicated practice tour of the human rights and digital policy lansdcape has landed on the edge of a technical self-leadership approach to reclaiming ownership of personal data.