Most of us value our privacy but have succumbed to the allure of technological conveniences. With mobile devices, applications, social media and the Internet of Things (IoT) made up of smartwatches, smart TVs, smart cars, smart appliances, etc., so much of our privacy has now disappeared.
Today’s technology and apps allow stalkers to easily track their victims’ whereabouts. Burglars can easily determine what valuables we possess and when we are not home. Hackers can use your personal information to create very believable email phishing attacks. They send you emails that trick you into clicking on links, responding, and providing more personal information or opening attachments and downloading malware. In order to protect ourselves and our businesses we must be able to recognize what information we are releasing, what is being collected, what is available and who has access to it.
What is Collected on Us?
In reality, everything from email addresses, email content and social security numbers to our current location, shopping and buying habits, employers, mortgage information and photos. The amount and frequency of collection is astounding.
For instance, you can go online and do a background check on anyone at sites like www.backgroundalert.com, which advertises 37 billion public records from thousands of federal, state and commercial databases. Some of the information is free, but for a small fee you can dig deeper. A simple search will provide access to full contact information, criminal history, arrest history, traffic tickets, marriage records, divorce records, address history, known relatives, neighbors and co-workers.
Apps Make It Easy
Most of us are familiar with and use apps on our phones and mobile devices. But we don’t usually pay attention to the required permissions. So what are we agreeing to? LinkedIn, for instance, asks for permission to access phone status and identity; your precise location (GPS– and network-based) and to be able to modify your contacts. It also asks to read your call log; read your contacts; write to the call log; read your calendar and events plus confidential information; read, modify or delete the contents of your SD card. And, it wants access to add or remove accounts; create accounts and set passwords; find accounts on the device; gain full network access; receive data from the Internet; view network connections; control the phone’s vibration and prevent your phone from sleeping.
Other apps, like Google +, want permission to take pictures and videos, record audio, access your photos, download files without notification, control the flashlight, set wallpaper, control audio settings, and much more. This is just a small sampling of the information that is collected about us.
Who is Collecting?
The list of data collection sources includes federal, state and local governments. It’s also those in the private sector including:
- App developers
- Internet Service Providers (ISPs),
- Browser companies like Google, Firefox, and Yahoo
- Social media sites like Facebook, Twitter, LinkedIn, Snapchat and Instagram
- Background check companies
- Services like Zillow, Spokeo, etc.
So who is really accessing the data and why? Advertisers and those seeking to sell your information who then target you with ads.
For instance, through a browser like Internet Explorer, advertisers are able to track your browsing activities. Recently Microsoft, claiming they needed to provide users a choice, changed their “Do Not Track” (DNT) policy from a default setting of “On” to “Off.” Implementing “DNT” will require action on the part of users and possibly some non-intuitive knowledge. Most will likely not know about it and many of those who do will do nothing. Even if “DNT” is implemented, advertisers and others are merely requested by Microsoft to honor this request.
As the IoT expands, more and more data about us is available and collected. Google collects data sent to and from Nest’s Wi-Fi home heating appliances. Nest products track detailed information about their users’ movements, in addition to things like a user’s Wi-Fi IP address and whether the specific address is a home or a business.
Other companies like Dropbox, Microsoft, Apple, Yahoo, Facebook and Skype all read user data and grant the government access to this data. AT&T was sued and is paying a $25 million settlement fine to the FCC because employees illegally stole names and the partial social security numbers of more than 280,000 subscribers so that resellers could unlock used phones, according to a New York Times article.
How is Data Collected?
A recent study conducted by Carnegie Mellon University revealed the astounding number of times apps access information on peoples’ phones. One individual participating in the study was told, “Your location has been shared 5,398 times with Facebook, Groupon, GO Launcher EX and seven other apps in the last 14 days.”
So, how is the data collected? Today, most of it is through electronic means, but some local government agencies and businesses, like medical offices, still collect data using paper forms. Some government agencies are now scanning and putting paper documents into electronic storage, which is now publically available and vulnerable to hackers.
Many of the electronic means of collection include the apps on our phones or mobile devices; the cookies on the browsers we use; and our usage data collected by our Internet Service Providers (ISPs); our phone service providers and email providers. Depending on the type of phone you use, your apps may utilize the location services, your contacts, your browsing history, and much more to collect information.
To learn how to protect your information online and prevent third-party data collection read part two of this series or the “Technology Offers Convenience, Privacy Pays the Price” Global Knowledge white paper.
Related Courses
Legal Issues in Information Security
Cybersecurity Foundations
CyberSAFE (Securing Assets for End-Users)