Change your thinking: Personal Data
Data as a picture!
Note: There are different types of data and those types are also defined differently by different jurisdictions. Within this piece we are referring to it in general form and the mental picture we form in our heads rather than referring specifically to a predefined type of data.
When we think about data we probably think of a large database each company we have an account with or interact with has about us. This database put onto a spreadsheet would be loaded with words, numbers, and codes that would take tedious hours to read and comprehend if tasked to a human being. It would be a big spreadsheet with our home address, phone numbers, order history, login times, login locations, product preferences, browsing habits and so forth. It is this lifeless mental visualisation of data that needs to change if the general public is to start valuing their data in the same way companies do and apply some level of cybersecurity to it. Data can be boring so let’s replace it with a picture (be it a photograph or hand drawn illustration).
Each individual bit of personal data is like a single picture, it is a picture of your birth certificate, a picture of your marriage certificate, a picture of your car & home, a picture of you using each of favourite products, a picture of you attending your favourite sporting teams game, a picture of your wages, a picture of your children, a picture of each of your friends, a picture of your hobbies and so forth.
In isolation these pictures are somewhat broad, uninteresting, and useless and most organisations you deal with would only have a fraction of those pictures (but they don’t all have the same ones). It’s likely there would be thousands of such ‘pictures’ (data points) about you out there in the online world with Facebook and Google likely having the most, though not all.
The danger with data, or these pictures as we’ve reframed, is when a bad actor is able to gather enough of these pictures and put them into an album all about you! Imagine that – an album containing pictures of you based on your historical interactions! What would this album give away? Well enough to know you very well without speaking a word to you, enough to steal your identity and enough to commit various fraudulent activities in your name to say the least.
Data is only valuable at scale though and each individual online interaction or event (booking a flight for example) doesn’t require enough pictures for such scale. In other words, these pictures are only useful in an album and most individual online interactions, in isolation, don’t complete a full album.
These pictures help companies profile you, for example, if a company had pictures of you:
- Searching about the causes of acne
- Reading emailed newsletters / blogs about acne treatment
- Following acne treatment product companies on social media
- Having an online account with and purchasing products that treat acne
Multiply those four generic examples to a micro level of individual events and it could extrapolate to 50 or 100 pictures. That is enough pictures to fill an album titled “this person is a sufferer of acne”. However, only a handful of such pictures wouldn’t have the same value – you may be a parent of a child suffering from acne doing some research or searching for a acne treatment gift pack as a Christmas present to a relative (they’ll love that won’t they?). As mentioned, – the pictures (data) need to be at scale to prove valuable. A KPMG report worth reading titled Crossing the Line states:
“One leading data broker says it has information on 700 million consumers worldwide and over 3,000 ‘propensities’ for nearly every US consumer” 1
Being likely to purchase acne treatment products would be one propensity by the way! For the remainder of this piece where you read data – just think pictures instead!
Change your thinking: Privacy
When it comes to your online interactions privacy can be the eraser of those pictures and the foreshadowing from above makes what’s written in this particular paragraph predictable. By taking privacy first precautions and safeguards, you not only have less pictures taken now but also reduce how many existing pictures remain out there for possible collation to an album. For example, there could be many pictures of you and your favourite car brand, however without pictures of your marital status, dependency of children, current car, mortgage status and salary – that picture doesn’t have the same value to an than if they did have pictures of those other factors.
There is a bigger, more personal point about changing your thinking about what privacy is (or rather what privacy protects). The pictures (data) we’ve discussed to now has been quite innocuous and unthreatening. Stop to think if there were pictures of what’s listed below. As you read these points below, please stop and reflect for a few seconds about what that picture is for you and what would happen if came to light in the public domain.
- Your sexual fantasies and history
- Your biggest losses and failures
- The big secret you’re keeping from your spouse
- The worst thing you’ve ever said about a parent
- A family relation you said you wished you didn’t have
- What you really think of your boss and colleagues
- The inappropriate thing you said or did to someone
- The time you lied to or used someone to get ahead
- The moment in your life you’ve felt most ashamed of
- Your current diseases and health concerns
- Your inadequacies and fears
Privacy isn’t simply about erasing the pictures needed to serve personalised ads or having a personal email account compromised. It is also about protecting ourselves from the harmful pictures already out there being used against us, even if those listed above haven’t been communicated via a medium that logs or creates data (email, sms, message boards etc). There is a risk someone you’ve told verbally has, or finds themselves, bribed or extorted to disclose such a picture. Furthermore, you don’t have to be the one that creates this picture, for example – if you fail to mask or delete your browsing history of adult sites appropriately, pictures or data can be created about you out of context.
Complicating this of course is our life in the real world with the sharing of such vulnerable pictures with those closest to you being a vital part of relationship building. You can’t be married to someone and have them not know your fears and vulnerabilities for example, anyone who cares about you is aware of these and tries to keep you safe from them. The answer then isn’t to be reclusive and keep everything to yourself, you will generate vulnerable pictures throughout your life and have no choice but for them to exist outside of the bounds of your own head. What we write about at Privacy Rightfully serves to reduce the amount of pictures but there is no way to eliminate all existing and potential pictures. Even if you live off the grid by yourself – some can still be made about you.
Change your thinking: “I have nothing to hide, to fear, to protect…”
This is a common objection to taking cybersecurity based precautions and to Security Fatigue more broadly. You may think you’re a nobody, with no huge assets on the line or of no valuable insight – you’re just an average person in an average nuclear family with an average house, car, job and salary. However, you are a somebody you have income to spend and power to influence, both of which are being fought for daily. Consider:
- Product selling companies: want you to spend your money with them, they use any pictures (remember: data) they can get of you to build a profile of what you like and don’t like and tailor personalised advertising to your email or social media feed
- Bad actors: want your pictures to form a comprehensive album about you to exploit
- Insurance companies: want to use pictures to assess your risk-taking behaviour
- Employers: want to know as much as they can about a new recruit and will generate pictures from psychometric tests and their own searching of you online. This isn’t just about a hiring decision but also profiling your personality to see if you’d fight for your workplace rights or work late without protest when competing for a promotion, for example
- Health Industry: with medical records going online a number of sensitive pictures of you are being generated
- Government: as a voter all political parties have great interest in your pictures (think of Cambridge Analytica). Also think about the Snowden revelations regarding government surveillance, would governments be so interested in your pictures they were worthless?
Even if you aren’t convinced of the value of your own individual pictures don’t forget you are part of a community. You are a child, parent, neighbour, professional advisor, friend or colleague amongst a network of people. Your place in this network goes back to what we discussed earlier about the value of scale and album building. So many apps ask for access to your contacts for this very purpose – your place in a community to start building links between related pictures.
It’s no secret that these pictures are a form of currency now and we won’t go into detail here as it’s been written about ad nauseum (simply search ‘data as currency’ to read about it). We do acknowledge that we have access to so many free apps and tools that make our lives easier, more convenient or more enjoyable as a result. The reason they’re ‘free’ is because we pay with our data which we agree to in the Terms & Conditions which we rarely read before accepting. By now we hope you see that these pictures of you do have value – look at the various industries trying to get as many as they can. It is something to protect, hide and, in growing circumstances, fear. We know everyone who claims they have nothing to hide still lock the door behind them when the use a public bathroom! Glen Greenwald also frames it appropriately:
“Over the last 16 months, as I’ve debated this issue around the world, every single time somebody has said to me, “I don’t really worry about invasions of privacy because I don’t have anything to hide.” I always say the same thing to them. I get out a pen, I write down my email address. I say, “Here’s my email address. What I want you to do when you get home is email me the passwords to all of your email accounts, not just the nice, respectable work one in your name, but all of them, because I want to be able to just troll through what it is you’re doing online, read what I want to read and publish whatever I find interesting. After all, if you’re not a bad person, if you’re doing nothing wrong, you should have nothing to hide.” Not a single person has taken me up on that offer.” 2
The two layers to our logo
When you first look at our logo its design is obvious (we hope), the blue ‘P’ stands for ‘Privacy’ and the gold leaf extending from the ‘P’ turns it into an ‘R’ for ‘Rightfully’. There is however a second layer to its meaning, and it has to do with something we say regularly throughout our content. We say ‘Don’t be the low hanging fruit‘ usually followed by ‘for bad actors‘ which we use as a broad term for anyone who can benefit from having your data, but usually referring to hackers and similar serious negative connotations.
Based on the tagline the ‘P’ represents the tree and the gold leaf intentionally extends to the bottom, closest to the ground, where the easy pickings are – the low hanging fruit. The leaf symbolises the path upwards from being low hanging fruit toward the ‘P’ which as we’ve said stands for ‘Privacy’. By using our content we hope you become educated and informed to take precautions based on your desired levels of openness and appetite to risk you can move up from being low hanging to any part of the tree of privacy – as high as you desire.
We’re always conscious and careful not to scare monger and say you should enact every precaution we write about as everyone has varying levels of privacy in general. This position we take may not be a good business decision as we’d no doubt gain more of a following by overstating things and playing on our readers fears and emotions. However, we’d rather take a moral and balanced position first and this position is intentional for another reason.
Everyone has met strangers in social circles (such as weddings or nightclubs) and corporate circles (such conferences or networking events) who have had varying levels of openness. Some strangers will tell you their life story, their current challenges, show photos of their children and offer their phone number to catch up again within an hour of meeting them. No doubt we’ve also met others from the other end of the spectrum who we’ve struggled to carry the conversation with and who give nothing away.
We are used to labelling people as ‘introverts’ or ‘extroverts’ and say they’re ‘friendly’ / ‘easy to talk to’ / ‘a bit too much’ or ‘rude’ / ‘closed’ / ‘boring’ when describing them later. This is usually done mentally and compared against our own openness which we are used to from our familiar and trusted circle of friends and colleagues. We rarely think ‘they’re just a private person I suppose, and I should respect that‘ or ‘maybe they just want to get to know me before they start opening up‘. This translates to you, our readers, who can be:
- Some readers are very privacy conscious who the average person might label ‘tin foil hat wearers’ or ‘conspiracy theorists’. Such people want to maximise all of their online and offline security and privacy – deleting as many pictures of them and their associations as possible.
- Some readers are growing more privacy conscious as the years go by and want to start making some changes but aren’t sure how or where to start. These readers are usually mature aged, have accumulated assets, and believe they have a lot to lose if they fall victim to a scam, identity theft, dox etc.
- Finally, some of our readers on the younger end of the spectrum are looking into the future. They regularly see media reports how a social media post made in poor taste from the distant past can impact someone’s reputation and career potential today. They wish to take simple precautions to minimise their future exposure by removing risky pictures and ensuring those out there are only the pictures they define as low risk.
The point is we don’t judge you, your personality, your circumstances and your judgment regarding how much you do or don’t have to lose. However, as discussed earlier – don’t underestimate or short-change the value of your pictures and the importance of starting to use an eraser.
Conclusion
- Data isn’t just a boring collection of records on a spreadsheet. It is a picture of you and the more there are, the more insights about you can be made. Consider the countless insights you can make from seeing someone’s holiday album
- Privacy is about both reducing the amount of these pictures and the ability for them to be collated into a detailed album in the future
- As an individual your pictures may seem worthless but collated together, against your network and to scale, they are valuable and in demand.
Whilst these pictures may be working for you now, giving you access to free apps and software and not resulting in any negative event it doesn’t mean that will always be the case. You may indeed continue take no precautions seeing one white swan after another, after another, for years and years. However, that doesn’t mean a black swan won’t ever grace your presence – each data leak puts more photos into the hands of bad actors who can keep collating these pictures into albums over a number of years before using them against you. Taking privacy first precautions stops new pictures being created and can be the eraser historical ones.
In this piece we have tried to challenge the way you think when you hear ‘data’ or ‘privacy’ by linking them everyday items in pictures, albums and erasers. We hope it helped get a better understanding of the value of data and why yours is worth protecting.
References:
1 KPMG: Crossing the line. Report (2016): https://assets.kpmg/content/dam/kpmg/xx/pdf/2016/11/crossing-the-line.pdf
2 Glen Greenwald: Why Privacy Matters. Ted Talk (2014).
This article is written in line with our Terms & Conditions and Disclaimer. As such all content is of a general nature only and is not intended as legal, financial, social or professional advice of any sort. Actions, decisions, investments or changes to device settings or personal behaviour as a result of this content is at the users own risk. Privacy Rightfully makes no guarantees of the accuracy, results or outcomes of the content and does not represent the content to be a full and complete solution to any issue discussed. Privacy Rightfully will not be held liable for any actions taken by a user/s as a result of this content. Please consider your own circumstances, conduct further research, assess all risks and engage professional advice where possible.