Privacytown Overview
To help you on your travels through Privacytown, this primer will give you a basic overview of privacy issues and some of the problems that can arise when personal information is collected. Tips on how to play it safe are available throughout Privacytown. For example, check out "Home" for ways to deal with privacy issues that arise at home.
Personal Information
Personal information - also called "pi" in the privacy biz - consists of facts and information about you, or that identifies you and distinguishes you from other people. There are many different kinds of personal information, but some examples are: name, address, date of birth, religion or creed, occupation, place of work or school, buying and spending habits, medical conditions, hobbies, transaction data such as records of your phone calls and electricity use and personal preferences and opinions.
- What's Old is New Again
- Why Do We Care About Privacy?
- Some Privacy Hazards
- Encryption and Secure Surfing
What's Old is New Again
Privacy isn't exactly a recent concept. In fact, you might argue that it is the world's oldest obsession -- well, maybe the second oldest. But Canadians are more concerned about it than ever before, especially when it comes to commercial activity. You probably are too, or right now you'd be off visiting other web sites -- and perhaps dropping all sorts of personal information as you go.
Why Do We Care About Privacy?
There are a number of reasons for this new focus on privacy:
Everyone Wants a Piece of Your "Pi" ("Personal Information")
Businesses and other organizations have come to see a special value in developing an intimate understanding of existing and potential customers, to better market their products or deliver their services. This has made marketing strategies more sophisticated and aggressive, and turned your personal information into a very valuable commodity that can be bought, sold and traded by third parties. Some very elaborate sales promotions, such as customer points schemes for example, have been created primarily as a way to track the personal information of consumers and purchasing patterns, so that the information can be used or sold.
We should also not forget that unscrupulous parties - aka criminals - are also anxious to collect your personal information in order to use that information for illegal purposes
The Evolution to a Revolution
Twenty five years ago, when computers were the size of small buildings, governments and businesses found it very expensive to collect large amounts of personal information. And when they did collect it, it often sat in scores of paper-based files which couldn't be manipulated very easily. The evolution of new technologies has brought about a revolution in the gathering, storage, and manipulation of consumer data and personal information. This revolution has taken place on several fronts:
- The emergence of new computer technologies and specialized software used to identify and collect personal information
- The move from face to face, oral transactions where data is not easily captured, to electronic commerce where information is gathered in a digital form that can be stored and used
- The birth and rapid growth of the Internet
- The development of new and predictive medical techniques for the diagnosis of illness
- The evolution of new surveillance technologies
Personal information that used to cost too much to collect or use can now be easily assembled in massive databases and used in new ways. Genetic information can be used to predict the odds of future illness and affect insurance and employment risk.
Video and computer surveillance allows for dramatic intrusions into previous private spaces.
Lastly, with greater involvement of governments in health, education and social assistance, governments at all levels are now massive collectors of personal information, much of which is in electronic format. As a consequence, the personal privacy of consumers - and citizens - is challenged as never before.
Some Privacy Hazards
When personal information is used improperly, consumers can face theft, financial loss, personal embarrassment, loss of insurance coverage, or become the target of annoying or sneaky marketing.
Just like every other area of our lives, we reduce our risk of accident by making ourselves aware of the possible problems and following some basic safety rules. Protecting your privacy when driving the information highway or participating in the knowledge-based economy is actually easier than protecting your safety when driving your car. Knowing the risks and what steps will minimize them is what Privacytown is all about.
The knowledge-based economy: Developed economies have traditionally relied on the production and sale of manufactured goods, like steel, cars and consumer goods. In the modern knowledge-based economy, it is the creation and management of technology and information that drives commerce and the creation of jobs.
Here are some of the major pitfalls that consumers should be aware of:
Data Mining
When you look at a single piece in a big jigsaw puzzle, you'd have to be psychic to be able to describe the complete picture. So most people don't worry when they provide a bit of personal data here and another piece of personal information there, because they're only small pieces in a very large puzzle. But when enough pieces of personal information are floating around, they can be assembled in a database to provide a fairly complete blueprint of an individual's personal likes, dislikes, habits, hobbies, buying patterns, opinions, medical conditions, financial status and lifestyle. That information can then be sifted through to pull out whatever specific information a third party wants.
A life insurance company may be interested in the information on that irregular heartbeat you had last year, while a sporting goods company may be more interested in those memberships at the gym, the recreational hockey league and your local tennis club.
Secondary Uses
There's an old saying. It's never the problem you see that gets you, it's the one you don't see. So it is with secondary uses of personal information. This hazard arises when information is collected for one legitimate and authorized purpose, and then later used for another, unauthorized or illegitimate purpose.
Consider the following example. You willingly provide the names and ages of your children when you enroll them in a book club, to allow the club to send monthly catalogues to each child with a list of books suitable to their ages - after all, you're all in favour of your children reading high quality books. You are not particularly pleased, however, when telephone solicitors from another company begin to call your home, ask to speak to your kids and pitch the latest children's video series.
Surveillance
Surveillance used to mean a crime, a crook, and a couple of plain-clothes police officers in a rusted car sitting outside of a seedy motel, eating stale donuts and trying to look inconspicuous. Times sure have changed. When we talk about surveillance today, we mean the ability of not just government, but businesses and individuals to track our actions at virtually every stage during the day.
When we make a phone call, use our bank machine, or make a purchase at the store, we leave an electronic record of our whereabouts and habits. This in itself is not a problem. But if that information is gathered, organized, "data mined" and used in inappropriate or unwanted ways, our privacy could be left in tatters.
Think for a minute about the tools we use in a day that allow others - invisible others - to collect information about us:
- cell phones
- cordless phones
- faxes
- telephone call display, call trace and last number features
- answering machines or voice mail
- bank automated teller machine cards
- debit cards
- video rental records
- credit cards
- security access cards
- store, traffic, building and bank security cameras
- e-mail accounts and Internet connection
Then check out A Day in the Life to find out more.
Internet Privacy
Think of the Internet like a boat. It can be a watertight boat, or one that leaks your privacy like a sieve. there are a few things you can do to keep the boat afloat, but these days every internet user should be aware that they are distributing personal information whereever they go.
There are two main types of privacy leaks - leaks caused by the actions of third parties, and leaks that you make yourself. Examples of third party privacy leaks are data shadows, cookies, and data interception. You create your own privacy leaks when you voluntarily give websites and newsgroups personal information without proper security or without knowing what they will do with it. In both cases, you can take steps to protect your privacy.
Data Shadows
Data shadows come in many sizes, shapes and forms. For example, when you create and save a file on your computer, it is permanent unless you delete it. Even after you delete it, forensic tools taht are readily available can usually resurrect it. In the same way, every time you connect to the Internet, you create an electronic record -- a data shadow -- that shows every web site you have visited while on-line. This kind of shadow is temporarily recorded on your Internet service provider's (your "ISP's") computer. Whether it is deleted frequently, or kept permanently depends on your ISP. Now governments have asked service providers to keep that data, to help fight the war on crime and terrorism.
Participating in newsgroups is another excellent way to create a permanent data shadow. Remember that silly and insensitive comment you made to Marcie Wylie in 9th grade? Well, say something like that in a newsgroup and it may be saved permanently by archive services, for anyone to see for years to come. That's not to say you shouldn't participate in a discussion group, but it is to warn you to think before you type.
Search engines like Google now routinely comb the internet every week to update their directories...can they find out what you have said at a public forum, or on a blog or chat group? Yes they can!
Individual web sites can also use things like cookies, discussed below, to gather and store information about you. Web sites can also easily identify:
- the name of your Internet service provider
- the unique Internet address you are connecting from
- the kind of Internet browser you are using
- the software plug-ins installed on your system
In some cases, if precautions aren't taken, a clever and unethical web site can identify your name and e-mail address, and even access files on your computer's hard disk.
Cookies
Cookies are little bits of text that are sent to your computer by a web site to help the web site identify you. Cookies aren't always bad, and can serve a number of useful purposes:
- keeping track of the items you have purchased when you shop on-line
- avoiding the need to go through a time-consuming log-in when you visit a site frequently
- telling the web site about your personal preferences or personal information so you don't have to re-set them each time you visit
- allowing the web site operator to see how many users are return visitors
But there's always some irresponsible person ready to ruin good, clean fun for everyone else. There are web sites and marketers who use cookies to try and actually track your movements across the Internet. They secretly place the cookies on your computer, and then retrieve them in a way that allows them to build detailed profiles of your interests, spending habits, and lifestyle. Combine this knowledge with the danger of secondary uses and there is the potential for a privacy meltdown.
Some cookies are created to last on your computer for years, and are called "persistent" cookies. Others expire as soon as you leave the web site, and are called "session" cookies. Cookies are supposed to be only accessible from the site that placed them there, but there are bugs that in a very small number of cases may allow other sites to download the cookies too.
Information Sneaks
Ever have a friend who innocently asked you to do something for them, and it turned out they had an ulterior motive? Welcome to the world of information sneaks on the Internet. Personal information is worth its weight in gold these days, and some web sites will concoct all manner of sneaky schemes to get you to hand over not just your money, but a piece of your personal information.
Heading the list are the "freebies" offered by on-line clubs, free electronic publications, and free memberships - especially the ones aimed at children. You may get "free" access to a special part of the web site, or a "free" piece of software, or a "free" newsletter, or "free" enrolment in an on-line club or mailing list. All you have to do is provide your name, address, age, income, personal preferences or other personal data. It may seem like a good deal, but it's all designed to collect your information so it can be sold or used in ways that you might not realize. It is particularly worrisome when children are targeted in this way. This isn't to say that you should never join a club on-line, just that you should be aware of the potential downside, especially if the web site doesn't have a clear and trustworthy privacy policy.
By the way, it's helpful to remind yourself that this kind of information sneaking doesn't just apply to the Internet. It happens with many free "clubs" and "promotions" in the real world as well.
E-mail Privacy
Imagine that everyday you leave your open diary on your desk in a crowded office. What are the odds that what you wrote will stay private? Many people will respect your privacy and avoid reading it. Other will not be able to resist the temptation. Still others might want to use the information to their own advantage.
Sitting by yourself in front of a computer makes it easy to believe that your activities are more private than your open desk. But that is not necessarily the case.
Un-encrypted, personal e-mail is fully open to interception, and any private material you send this way must be considered public. A message sent by e-mail travels to many different computers, and can be intercepted at many points along the way. In some situations, an open postcard sent by land mail can be a more secure form of transmission. Especially if you are sending it to a place where cyber-crooks may be lurking.
And guess what? E-mail is not removed from ISP servers or corporate servers when you delete it on your machine. It is only removed from the servers when your ISP or the network manager at your office deletes it. That means e-mails like to hang around, and may be read by third parties long after you thought they were vaporized.
Identity Theft
When I was a kid, we used to walk 12 miles to school barefoot over broken glass - every day. And we actually used to conduct business, or talk to our family and friends, face to face or over the telephone.
These days, kids have shoes and neighborhood schools, and a great deal of business and communication is done over the Internet, and through e-mail. The parties never meet face to face or voice to voice, which makes it hard to be sure that the people you are communicating with are actually who they say they are.
Identity theft has always been a problem, but the lack of personal contact is what makes identity theft a real problem today. Identity theft occurs when of pieces of information about you - your credit card number, social insurance number, or some other piece of personal information - are hijacked by a third party who then represents him or herself as you for fraudulent or improper purposes. This can have very serious consequences. Huge credit card bills may be run up in your name. If the charges on the illicit purchases are not paid, your credit rating may suffer. Someone posing as you might withdraw funds from your bank account, or commit a serious fraud.
Identity theft can happen in a number of ways. The most common involve the theft of credit card or personal identification numbers, either on-line or in "real space." This can happen when you provide your credit card number over the phone, on-line, or in person to someone you don't know or whose identity you can't verify. It may also happen if you leave your credit card number or PIN in a place where it might be seen by unauthorized people.
As electronic commerce grows, more and more credit card information is being sent over the Internet. Many people are concerned that their credit card information is at risk. It is important to realize that if the transaction is taking place over a secure, encrypted line, to a reputable vendor, you have no more to worry about than if you provided your card to a cashier at your neighborhood department store.
The Transparency Trap
One of the most troubling aspects of privacy intrusion is that it often occurs "behind the scenes" -- without your knowledge or consent. It is one thing if you know what information is being gathered and how it is being used. But what if your information is being used without your knowledge?
For example, entering a draw for a prize at a home show seems harmless enough. If you don't win, you smile and move on to the next exhibit. But behind the scenes, the use of that information may just be beginning. Your name, address, age - and any other information you provide - may be sold to a marketing company and used to target you for direct mail, phone solicitations or promotional e-mail.
An excellent example of this dynamic is on-line profiling - the use of data cookies to tailor web sites to match your marketing profile. Cookies are generally collected surreptitiously and allow the web site to alter the look of their web pages for your profile, displaying certain ads or information, or targeting special e-mails at you to tempt you to buy their products.
The point is, if you are being target marketed using your own personal information, you should know about it so you can make an informed decision.
Medical Information
It's hard to think of a more intimate kind of information than that relating to our personal health. Who, after all, would appreciate others getting access to his or her psychiatric records? It is also information that affects important considerations like our ability to get a job or obtain insurance coverage. In a University of Illinois study of Fortune 500 companies, half admitted to using medical records in employment decisions! And unlike many other kinds of personal information, we often don't have much choice when medical information is gathered about us. Privacy protection for medical information varies depending on who is collecting and handling it. See the Hospital, Doctor and Pharmacy sections of Privacytown for details.
Encryption and Secure Surfing
Encryption is the process of scrambling data sent over the Internet to ensure that it can only be read by the intended recipient. Anyone else intercepting the data will get only gibberish. Encryption is what turns Internet sites from very public places into to very private ones.
That's where encryption comes in. A web site that uses proper encryption protects the information being sent to the site. It scrambles it so that no one else can intercept it. Because only the owner of the web site has the encryption key that de-scrambles the message, you can send your credit card or banking information with very high confidence of privacy.
Now, you may have read about computer specialists cracking the encryption codes used by software browsers like Netscape ® or Internet Explorer®. That's true, but it's no cause to worry. In order to break the codes in just one encrypted message, these specialists had to call on a tremendous amount of computing power. In order to de-code the credit card information you sent when you bought that new $50 sweater on-line, a data thief would have to use more computing power than that available to most nations. While your credit rating is probably excellent, chances are it's not worth that amount of cost and effort. For all practical purposes, therefore, sites that use encryption are as private - or more private - than a credit card transaction at the local mall.
