Once you are aware of common threats like spyware and phishing websites, your data can still be at risk from legitimate companies.
GPS location, mobile calls, web searches—these are all convenient tools. You use them to find directions, chat with friends, and browse websites, often without considering the data transactions involved. According to security experts, such activities give rise to a new issue: they leave a detailed “digital footprint” about where you go, who you talk to, and even what you think. These footprints can persist for decades, with no laws in place to protect such data. As long as your digital footprint exists, your data can be sold off or accessed by hackers and competitors.
All of our personal traces are increasing, and recent cases demonstrate how easily they can be scrutinized.
Crossing the Line
GPS devices can be great tools for navigation, saving time, and many other tasks. A recent court case highlighted how dense personal details about your geographic location and driving habits can be collected and used against you.
In Connecticut, USA, American Car Rental installed GPS devices in their rental cars to monitor the speed and location of renters. These devices wirelessly reported back to headquarters whenever customers drove faster than 127 km/h for more than two minutes to impose fines. The company faced a lawsuit, and the court ruled that they could not charge customers for speeding fines, but it did not prohibit the company from using GPS to track speed and location.
Legal Troubles
Because there are currently no laws specifying what businesses (or government agencies) can do with your data, a company could be bound by seven or eight types of privacy protection laws, according to one expert. For years, lawmakers have attempted to establish a unified standard but have yet to succeed.
Consider personal privacy like watching TV. Cable companies must adhere to current laws, which clearly dictate what they can and cannot do regarding viewers’ TV habits. For instance, they are prohibited from sharing viewer information with third parties. However, digital video recorders like TiVo fall outside the scope of this legislation.
While TiVo does have a strict privacy policy, that policy is driven by business motives and could change at any time.
According to a security expert, the current challenge for users is that products or services may have various privacy policies, and not everyone is aware of them all.
Find and Catch
Users concerned about personal security should be well-informed about what a company is actually doing with their information. For example, the company may know your internet search habits.
Once you get your search results, you often forget about that search and move on with your tasks. However, search companies do not forget. They retain search data, often associated with an identifier indicating who performed the search; the level of data security varies depending on the search service.
According to an expert, it is crucial to know how long personal data is retained by companies, what it is used for, and what companies will do if law enforcement “comes knocking” at their offices.
In one instance, the U.S. Department of Justice recently found a vast amount of information from Google’s search index and demanded that Google provide the search queries that users entered. Google successfully resisted this request, and the court ruled that the government could obtain a list of some website addresses in Google’s index but could not know the specific search terms users entered. The government also would not obtain information about who entered those search terms.
Google does not “disclose” its data retention policies and does not respond to questions about those policies. However, according to an expert, data older than 180 days may be more susceptible to demands for “production” than newer information.
Similar to Google, Yahoo’s search uses unique cookies; each search is associated with that identifier. This code does not link to personal data, such as your age or location, but if you search while logged into Yahoo, that search will be linked to your Yahoo profile.
Yahoo retains these search details “for as long as necessary,” according to a Yahoo spokesperson. Nevertheless, the spokesperson also stated that the company keeps personal information private: even when Yahoo works with partners on special advertising and promotional campaigns for users, the company never shares user data with partners.
Phone Disclosure
Even if a company is not willing to share your personal information with third parties, you are still not safe. Your detailed phone bill can easily fall into the hands of outsiders. They can simply call your phone service provider, impersonate a customer, and obtain a copy of your phone bill, complete with a list of incoming and outgoing calls. Some websites sell such lists. A silver lining is that such websites are gradually being “shut down,” but nonetheless, your data remains out there, and experts suspect it will end up in the “underground world.”
| FOUR WAYS TO RECLAIM PERSONAL DATA |
Reclaim your personal information by controlling the data that businesses or other organizations can access. • Opt-out: Companies can share much of your data unless you explicitly prohibit them. The Center for Democracy and Technology in the U.S. offers a fantastic free service at opt-out.cdt.org, linking to opt-out forms for various service types. Similarly, when signing up for any new service, be cautious of special promotions and ensure that you do not automatically enroll in that service. |
PC World USA 06/2006
