Imagine a supermarket that knows what you want before you go in, or even before you leave home. It’s got an e-basket ready with everything on your list (and some items you forgot) and once you sign off, the goods will reach your home before you do.
Play out this scenario for any environment—the hospital, the airport, the office—and it works just as well. That’s because there’s a cloud-based avatar of you that knows your habits, desires, needs and preferences with timeliness and pinpoint accuracy. It sounds futuristic, but it’s entirely achievable now thanks to the data you supply companies with.
Increasingly, this data is being aggregated, and that gives rise to at least two major, interlinking concerns. First, do we know what the companies, organizations and governments we’re surrendering our data to can and will do with it? Second, what happens when any one of these multitudes of data sources is breached?
The Data We Give Away
We all worry, at least occasionally, about our personal data being stolen or misused, and we should. But we should also be aware of all the information we willingly give up. Think loyalty card data being logged into CRM systems, passport information we enter online, fitness trackers that know every health detail, biometric devices for fingerprint and iris recognition, networked security cameras studying faces, and of course the riches of personal nuggets we share via social media.
In fact, the number of options that doesn’t require you to give over your data is severely narrowing. What happens when bus rides are card-only (as they already are in some cities)? How about when it becomes impossible to buy a plane ticket without entering your passport information into an online form? It gets worse: there are many freedoms we’ve already lost. Try asking your employer to pay you in cash instead of bank transfers.
Keanu Reeves’ character in The Matrix had to choose between living in a digital world—where he unwittingly powers machines that control humans—or in Zion, a settlement on the margins of civilization. Unless we make a concerted effort to curb the way organisations collect and consume data today, this is alarmingly close to the choice that will face all of us, if there is any choice at all.
Nothing demonstrates this urgency more starkly than the Cambridge Analytica scandal. That data was not stolen; it was given. The public, although ignorant of how the data would be used, willingly submitted information—which they deemed to be valueless—to Facebook, where it was accessed by a company that found it very valuable indeed. The handful of companies involved bought and sold the data, and used it to influence elections; the millions of individuals involved got nothing.
Apple CEO Tim Cook recently lamented this issue in great detail, describing a "data industrial complex" that trades billions on the basis of likes and dislikes. Moving forward, many more data points will be collected and passed around: think Face ID, which of course comes from…Apple.
Let’s also not be fooled into thinking that all this information only serves a greater good, such as preventing crime. In late 2016, the Chinese government decided to create a ‘social credit’ system that quickly morphed into a kind of ‘digital dictatorship.’ The system assigns a score to each citizen that changes over time based on video surveillance and other personal data. It directly affects every individual’s chance of getting a job, buying a home, purchasing a train ticket, personal Internet speed, etc.
What would your score be if cameras tracked your every move? (Don’t answer that.)
The Data that Can Be Taken
These are only the intended circumstances; what happens with a data breach or cyber attack? Cathay Pacific recently saw 9.4 million passengers’ details leaked, including 840,000 passport details.
Would you want that to happen to you? If not, what can you do to prevent it? And what happens to the data we haven’t yet given up, but surely will in that magical supermarket scenario? How much data will the average IoT touchpoint capture? And what about when we have no say in the matter? We’re all under constant surveillance—what happens if the bad guys intercept video traffic and modify the footage?
What’s the Cost of Convenience?
The convenience and technical wizardry of the modern age are truly wondrous, but let’s also consider the ramifications of data use and abuse. There’s no easy answer: Greater regulation is surely needed to control how organizations, public and private, collect, use and protect data. This includes proper sanctions for misuse and incentives for organizations to take the proper steps. However, we need to regulate our own actions, too.
In 1984, George Orwell wrote: “The choice for mankind lay between freedom and happiness, and that, for the great bulk of mankind, happiness was better.” We have the same choices to make now.
About Leigh-Anne Galloway
Leigh-Anne Galloway is the Cyber Security Resilience Lead at Positive Technologies where she advises organisations on how best to secure their applications and infrastructure against modern threats. Leigh-Anne has chosen to specialise in payment technologies and regularly carries out research in this area.
Leigh-Anne started her career leading investigations into payment card breaches, where she discovered her passion for security advisory. Her keen eye for new technology has led her to work with companies such SilverTail Systems (acquired by EMC) and vArmour where she helped shape the direction of each.