Necessary Privacy

15 years ago, I held the position that governments and technology providers were not only able to, but were actively monitoring data communications through several dragnet operations. Dismissed as a conspiracy theorist left me with very few people to share gpg keys for email encryption; not that this stopped me from storing my information encrypted, hiding my online tracks, and other actions that furthered the perception that I was a bit paranoid. A typical conversation on this topic usually led to the question “what do you have to hide”? I’ve never had anything incriminating to hide, and it was never about that.

It was about control over my own personal information, where it ended up, who had access, who was rewriting it, and who was selling it. It was also about being labeled something I wasn’t, just because of an acquaintance or affiliation.

Around the time that I started really taking privacy seriously, I pulled out my soapbox and started preaching to anyone within earshot usually to their chagrin. I observed that most people considered their privacy to be a right, and placed trust in the authorities to regulate and manage any of the information collected about them.

Fast forward to today. A simple civilian-accessible search on someone’s name can get you emails, phone numbers, addresses, current and past employers, images, purchases on eBay. Using this information can further reveal more and more information until an entire profile is built on this person.

Or you can just add them Facebook.

So what is the problem with all of this information being collected and processed?

  • This data is persistent; it will not be deleted

  • The data is only good if it’s properly related to other data from the same person; processes are in place to ensure the validity, although there is no guarantee that your data isn’t linked erroneously

  • There are no regulations or laws saying that all of your data must be accessible to you (even through FOI/FIPPA)

  • There are no mechanisms in place to opt out of this collection

But what happens when the analytics engine fails? When we’re talking about big data, we’re talking about a staggering amount of information. No single person or group could manually sift through this data and draw correlations. A program or process handles that work load. History has taught us that programs and processes have bugs. Suddenly, you may find yourself on a list among sex offenders, political dissidents, or worse. Just because you had a common friend with a wanted criminal, and your grandmother’s computer had been infected with a botnet that was being used to distribute anti-government propaganda. There is no one you can call to get this association removed.

So what can you do to prevent this in the first place? You can become translucent, obfuscate, and protect. Starting with your web browser and email, encrypt everything that you can.

  • HTTPS for web connections, and GnuPG for email

  • Don’t bother trying to encrypt to keep the NSA out, just try and keep data mining apps and scripts from hauling off your personal data

  • Try not to leave tracks by requesting that sites do not track you, turn off scripts with NoScript, disable incoming ads, and don’t accept or store third party cookies

  • Shred your bills and other hard copies with personal information

  • Don’t give your postal code or personal details to merchants

You cannot escape the data dragnet entirely, without going completely off the grid. But you can minimize the chances of a disastrous theft of identity by corporate interests, governmental bodies, or other types of nefarious criminal organizations.