Technology

Need for vigilance as privacy faces online assault

WIRED: A growing snowball of personal data is just waiting for somebody to discover malicious uses

DANNY O'BRIEN
Fri Dec 09 2011 - 00:00

WIRED:A growing snowball of personal data is just waiting for somebody to discover malicious uses

LAST WEEK, a researcher in the United States discovered a bug within their mobile phone. Not a hardware bug, but a concealed piece of software that could potentially record every keystroke they typed, every call they made, and every website they visited, and retransmit it to their phone carrier. The software is called Carrier IQ, and is intended by phone companies to conduct network diagnostics on smartphones. The amount of data it collects, however, is potentially much greater.

Phone carriers already log a vast amount of data on their users. Privacy requests in Germany allowed one mobile phone subscriber to obtain logs that recreated her every movement over a period of six months. They know every phone call you make. And for most websites, they see every piece of data you send and receive.

A moment’s paranoid thought allows most of us to pile up the data that is kept on us. Credit card companies know where we buy goods. Major shopping chains’ loyalty cards allow them to monitor what we eat and even whether we’re using contraceptives or not. Mostly, we don’t care about such data collection.

READ MORE

Ireland, like most of Europe, has relatively tough privacy legislation. But the air of complacency about such data collection isn’t just down to a confidence that the law will protect us. Most Americans share the same casual attitude, in the absence of much commercial data controls at all.

I think our approach is down to three aspects. Firstly, we believe that most of this data is privately held, and therefore safe from prying eyes. Just as we are fine with our doctors seeing our medical records, so we don’t mind Tesco knowing our shopping habits. We are sceptical that even if that data was more widely available that much use could be made of it. Finally, if no-one else cares, why should we?

My sense is that all three of these pillars are built on increasingly shaky ground. A few years ago I asked a private investigator the difference between using the subscription services that she and any detective pays for, and the open internet. About 72 hours, she said. In other words, while it was slower to snoop out public data on the disorganised web, the quality and breadth of information available was about the same. (I’m sure those hours were billable, too.)

For those who spend a lot of time online, it’s hard not to notice this – especially when if we’ve been contributing much of that data ourselves, in our postings and commentary on social media. But I think the age of this data’s use – and misuse – is only beginning to dawn.

In the previous decade, most of the casual computer crime we experienced came from people trying to intrude into our online world. Spammers with something to sell, people intent on inserting malicious software onto our personal computers. But it’s my belief that there’s now sufficient amounts of openly available data on individuals that the next wave will be collecting enough information on specific users to conduct unlawful, or at least unethical, attacks on them.

To give an example: the vast majority of internet users have one password that they use for any site they log into. Databases of cracked websites are readily available online, including these passwords. It is hardly the work of a criminal genius to automate attacks on other sites, using the same usernames and passwords, and collect personal data. This data in turn can be passed on.

This growing snowball of personal data is just waiting for somebody to discover other malicious uses. If so much of our current commercial world – including print magazines, advertising, and sites like Facebook – are funded by the collation of personal information, how much more valuable would be the criminal use of such information?

As this private data slowly leaks into public and unlawful hands, we’ll also experience a chain reaction in the damage. Right now, identity theft is a serious problem, but it is at a level where most of us only know a few individuals who have suffered from it. But the majority of the private data that is now piling up on us all isn’t just about our identity. It’s not secret social security numbers and credit card details. It’s about our connections with other people.

This is doubly worrying. Our social relationships say far more about us than even our commercial transactions. They reveal who we like, and therefore what we like. They hint at our sexuality, and they are often what we hide from others. No matter how honest we are, we say things to one person that we would not want repeated to another. That is the core of what privacy is.

But most of all, the secrets I know about you are not just my secrets. They are your secrets, too. We used to not worry about the data collected on us, because no-one else was worried. But our complacency is about to be reversed. If anyone we know is sloppy about their secrets, our own privacy is going to be shattered as well. And I’m not sure any of us are ready for all our secrets to be revealed.

Business Today

Business Today

Get the latest business news and commentary from our expert business team in your inbox every weekday morning