A P Insights
  The Insights on News you can not find other places

Controlling Your info

Controlling Personal information in the Digital Age

by Bob Littlefield  

If you ask Americans if they want their personal information to be private and secure, almost all would respond with a resounding yes.  But what does it mean to keep your personal information private and secure in our digital age?

Most of us desire different levels of privacy for different types of personal information.  If you are cheating on your spouse, embezzling money from your employer, or have some “unusual” sexual habits you probably want that information kept totally secret.  Conversely, there is some information that most people are fine with making public, such as their business telephone number.   The third category is information that we want to be available to selected people but not to the public at large.  I call this category conditional information.

Each of us his different criteria for what types of information fall into each of these categories.  Most of us are fine with our home address and telephone number being public (remember the white pages phone book, where this info was public by default and you had to pay a fee to keep it unlisted?).  However, if you are being stalked or have an order of protection against a violent ex-spouse, keeping this information secret could be a matter of life and death.  Conversely, while most people who have “unusual” sexual habits probably want that information kept totally secret, some people take pleasure in making this type of information public

So the real issue in protecting personal information isn’t really secrecy, its control – making sure that our personal information is available, but only to those who we want to see it.  In the pre-digital era exercising this was easier.  When my wife and I purchased our first house in 1975 we gave the mortgage company a great deal of personal information in order to qualify for a mortgage.  We gave them this information voluntarily in exchange for something we wanted, namely a loan which allowed us to buy the house we wanted.  In that pre-Internet, pre-personal computer era it was easier to control where that information went and had access to it.  We had to print or type our information on to paper forms.  When these forms were processed data entry clerks coded the information on to punch cards which were fed into a mainframe computer.  Since this mainframe computer had minimal external access it was unlikely that the information could be stolen from the computer – someone who wanted it would have had better luck stealing the paper file than trying to hack into the mainframe computer.

This story illustrates the four main issues in controlling our personal information, collection, storage, access and replication.  The personal information on my original mortgage application was difficult and expensive to collect, store (both the part that was in digital form and the hard-copy file), access and copy.  In today’s digital age by contrast, personal information is easy to collect, store, access and copy.

In addition to the personal information we enter directly on to easy-to-use online forms, tons of information about ourselves and our activities are collected automatically, often without our knowledge.  The most obvious example of this is location tracking.  Our cellular devices are transmitting our general location whenever they are turned on and are in range of a cell tower.  Even more pervasive are the GPS chips that are becoming ubiquitous in mobile devices. And the cost of storing all of this data has dropped by orders of magnitude, to the point where it has become almost an afterthought.

But the biggest threats to protecting the privacy and security of our personal information are the advances in access and replication.  The mainframe computer that stored the digital portion of my mortgage application data might have had at most a 110-baud analog modem for administrative use.  Hacking into that mainframe to steal data was physically impossible.  By contrast, almost every server in today’s environment is connected to the Internet via high-bandwidth connections, not to mention that they are all running operating systems all of which contain known and exploitable vulnerabilities. 

Not only is it easier to access (and thus steal) our personal information, copying and disseminating it has also become easier.  In the analog age every time a piece of information was copied it lost some resolution.  Digital data, by contrast, is infinitely replicable with no loss of resolution.  This means that once your personal information is stolen it can be sold to as many customers as the thief can find with almost zero incremental cost per transaction.

All of these trends I have described in this article will not only continue but they will undoubtedly accelerate.  The bottom for those of us who specialize in information security and privacy is that the task of helping individuals control their personal information will continue to become more difficult. We cannot just improve and evolve our current tools.  We need revolutionary leaps in the technology for giving people control over how and when their personal information is collected, stored, accessed and disseminated. More about what these evolutionary leaps might be in my next blog.

Bob Littlefield is an IT consultant specializing in information security and privacy and is an editor on the apinsights team.  He can be contacted at bob@netxpertsystems.com.

Copyright . A P Insights. All rights reserved.
Web Hosting Companies