When you record electronic data, you will probably be concerned about security. (If you are not, then your first major data loss should make you sit up and take notice). The privacy of our data is an additional concern that most of us are probably not taking seriously enough.
Security is about preventing loss, including theft of your data. The risks include destruction, corruption or unauthorised copying. Privacy is about protecting your personal information from others who may wish to cause you harm.
The approaches we use to achieve safety and privacy are broadly the same. Just as we lock our front door to prevent burglars from coming in and taking our property out, we also lock it to prevent people coming in and interfering in our personal lives. Something similar usually applies on-line. Areas where privacy is important include:
I often hear people saying "I'm not worried about on-line privacy, I have nothing to hide". That might have been true twenty years ago, but in the meantime vast amounts of our personal data have been collected, often without our knowledge and our permission.
Only recently, in his recent documentary series "Can't get you out of my head", Adam Curtis concluded that maybe we are worrying too much because the private data being collected is mainly about our shopping habits.
But data-harvesting objectives are now going, quite rapidly, far beyond that initial agenda. Much of your personal information is no longer private; your data is often available to numerous "bad actors" who may attempt to impersonate you or influence you socially and politically (especially via social media). Such organisations attempting to collect your information without your knowledge and permission include:
In the medium term, this list will grow, smaller startups know that if they get you to trust them with a data collecting product, they can get lots of money when they eventually get bought out.
In the early days of the world wide web, many people explored the anonymity that the new cyberworld provided. The philosophy was that an individual could have many personas, each supported by a reputation built up on-line. These personas could be different from our identities in the real world, which remained private. Now, there is a vast amount of information about each of us, recorded "out there" somewhere, with additions occurring nearly every day. For most of us, there is already a raft of data that could profile and even define our real-world identity.
Connectivity and Big Data allows a step-change in the level of state control. Just look at the rapid development of the Chinese social credit system.
The Chinese social credit system explained |
With this type of social credit system, if you collect enough "penalty points" then the authorities may ban you from using the internet. There are concerns from many commentators that USA is heading down the same road. Will other counties be far behind? In the EU and the USA there are already moves to introduce an internet licence so that "illegal activity" can be tracked. Many authorities wish to remove all privacy on-line.
We have already got to the stage where accounts are suspended on US-owned social media if they disagree with the political views of those who own the platforms. Our historic posts are open to examination for anyone wanting a "character reference". It's not just social media posts: every text message that anyone has ever sent may be trawled through to find evidence of a thought-crime.
‘If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged.’ | ||
Cardinal Richlieu | ||
If we say something that worries the authority, then they can suspend or ban us from the platform, or as we saw above, from the internet itself. Censorship is an obvious tool, but a blunt one. "Tech" offers far more dangerous and effective options to those who want power over others. The first choice is to spy on us, and then there may be attempts to misdirect and then control us.
In order to mitigate the threats to privacy, we have to look at where our private data can be harvested:
All of these data streams can now be trawled through by intelligent robots which can be developed and programmed by unknown and unregulated "techies" with unknown and unregulated ethics. Most of us underestimate the progress and power of recent developments such as facial recognition and audio speech processing. Artificial Intelligence (AI) and learning systems can turbo-charge the attacks; massive analytical power can be applied to track the digital trails to all your assets.
The invasion of your privacy and the theft of your credit card credentials are bad enough, but these pale into comparison when your passwords and account details - in effect, your identity - are stolen. Your property and your support systems will then be at risk, all the things that make up your life.
On top of losing your property, malicious posts can be made in your name and your reputation damaged as a result. False information can be spread far and wide, attributing all manner of falsehoods about you as a person or as an organisation. In this increasingly Orwellian world, we may start to doubt ourselves, who we really are. And that is the ultimate destruction of identity.
The risks are growing, as is our dependence on the digital world. We must all be careful what we put out there, and where we put it. We will look at this more closely in future issues.