To what extent should we worry about the details we disclose online?
Many people worry about the safety and privacy of their identity and personal ‘data’ online. People input their personal and banking details into websites many times a day. These details can be accessed by an increasing number of criminals to steal people’s identity / money / credit.
From personal details retained by social networking sites, like Facebook and Bebo, to shopping and banking, the medium for interaction and therefore storage of information is moving more and more to the web. Banking customers rarely have the opportunity to visit a local branch, owing to increasingly busy daily work routines, and it is more convenient, cheaper and simply quicker to use an online banking system. Shopping online has similar benefits, giving the customer the same, if not more choice than in-store shopping, comfortably and at any time from their PC. In most cases, these benefits outweigh the drawbacks.
It is the cases where this process goes wrong and details are stolen. There are ‘...sites offering medical histories, information about the shipment of goods and corporate e-mail and pension details’[1], known as data supermarkets, from which criminals buy data to avoid having to find it themselves. People’s bank / credit card details may be stolen and used to make purchases. Invariably, banks are able to monitor and understand patterns that identity thieves use, and do catch many criminals. But the real issue for the security, not just for the websites themselves, is where the data is then stored. There have been numerous cases of vast amounts of data being ‘misplaced’ or stolen, and this has led to many individuals losing money, or having their credit ratings destroyed.
Personal details shared on the web are just as sensitive as banking details. Basic elements of people’s lives are shared on social networking sites like Facebook. Users upload information such as their home address, phone numbers, photos of their family and friends. Access to this gives a comprehensive insight into their identity; all data for thieves to use to impersonate others to gain loans or credit cards, for example. Users’ passwords are often simple and the same for their access to many sites. These can be easily discovered by looking at e.g. a Facebook profile. Education in how to create a secure, hard-to-crack password is offered on many sites at registration, but it needs to be made clearer to help avoid identity theft. Britain’s information watchdog ‘found that 4.5 million people aged 14 to 21 had posted information on the internet which could make them vulnerable to identity fraud or blight their future careers.’[2]
Google and many other online marketing and advertising companies make billions from using captured / stored personal data to target internet users with advertising relevant to them.
In June 2007, The Times revealed that Apple’s hugely popular iTunes store was collecting users personal data, ‘including the name and e-mail addresses of purchasers, [are] embedded into the AAC files that Apple uses to distribute music tracks.’[3] In many cases, this information is presented to the user in terms and conditions pages. These pages tend to be very long and written incomprehensibly for the general public, and people often skim through them or skip them completely. Information Commissioner’s Office research found that:
‘1/3 of young people had never read privacy policies on social networking sites and did not understand how they could manage their personal information... 95 per cent of respondents said they were worried about website operators using their details to target advertising at them, or to pass the data to other websites or companies.’[4]
The vast amount of data that is provided by users via the web rarely leads to any kind of malicious attacks on the individual. In the case of social networking sites, the information a user provides is, consciously or unconsciously, the kind of information they hope to glean from friends’ pages withing their network. Gross, Acquisti, and Heinz support this theory: ‘The consideration of how information is expected to flow from node to node in somebody’s social network should also inform that person’s expectations for privacy of information revealed in the network.’[5]
Recent plans by the UK’s Home Office are leading to the clamping down on social networking sites’ sharing of users’ personal information. This is mainly to increase safety for children’s interactions through the web, forcing users to verify their real age. Users’ profiles would have to, ‘show a small logo to identify whether it is publicly searchable or not,’[6] as well as provide, ‘warnings on the dangers of giving personal information that might identify their home address.’[7]
Although most websites that require disclosing bank details for online purchases use https (with heightened security levels), other websites that involve disclosing other details that can be almost as useful for criminals, do not. Websites should be aiming to increase their security to give users peace of mind, and to lessen the potential of any sort of information theft. This may be done through (inter)national legislation (perhaps by amendments to the data protection act) and made mandatory for any online merchant / capturer of data.
With many day-to-day activities, like shopping or banking, there is not much other choice than doing it online. The convenience, practicalities, and occasionally financial benefits of such online activities highlighted earlier must be forfeited if the customer is anxious to use the web as the medium. For most, the web provides many convenient uses for day-to-day life, be it networking for new jobs, friends, or shopping or banking. The storage of personal details is a necessary evil for people to gain the benefits that the internet has to offer, but legislation must be applied soon to ensure the safety of its users.
[1] Thieves set up data supermarkets, http://news.bbc.co.uk/1/hi/technology/7363422.stm, 23.04.08
[2] Verkaik, R, and Taylor, J., Facebook backlash over sale of personal data, The Independent, http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-backlash-over-sale-of-personal-data-760221.html, 24.11.2007
[3]Blakely, R., Personal data found hidden in iTunes tracks, The Times, http://business.timesonline.co.uk/tol/business/industry_sectors/media/article1871173.ece, 01.06.2007
[4] Verkaik, R, and Taylor, J., Facebook backlash over sale of personal data, The Independent, http://www.independent.co.uk/life-style/gadgets-and-tech/news/facebook-backlash-over-sale-of-personal-data-760221.html, 24.11.2007
[5] Gross, R., Acquisti, A., & Heinz, H.J., Information revelation and privacy in online social networks: Workshop On Privacy In The Electronic Society, Proceedings of the 2005 ACM workshop on Privacy in the electronic society, 2005
[6] Kiss, J., Social networking safety plan unveiled, The Guardian, http://www.guardian.co.uk/media/2008/apr/02/facebook.myspace?gusrc=rss&feed=technology, 02.04.2008
[7] Kiss, J., Social networking safety plan unveiled, The Guardian, http://www.guardian.co.uk/media/2008/apr/02/facebook.myspace?gusrc=rss&feed=technology, 02.04.2008
