This is a case where I’d argue, all cleverness aside, you’re not paranoid if they really are out to get you. Last night we watched The Great Hack on Netflix, which walks you through the Cambridge Analytica debacle. Even if you’re not at all techy, if you’re using the internet and have email you really need to watch this film. Whatever your thoughts on this scandal and the morality, I find it hard to believe the idea that people with unknown agendas have 500+ data points on you personally and the ability to make custom messages directed exclusively to you won’t freak people out. (Ignorance may be bliss, but it never works out in the long haul as a protective measure.) I’m also slowly working my way through Shoshana Zuboff’s The Age of Surveillance Capitalism (too scary to read straight through–and I knocked out Helter Skelter in two days). So other than being somewhat stressed at the level of carelessness I’ve inadvertently displayed all over the internet for nearly three decades, what did I really learn that can help us all?
Two years ago I wrote a post with practical info on what to do if you’ve been part of a serious data breach. I think it’s still a good start post-hack, but that those tips are a bit like treating measles when you hit the hospital to try and stave off encephalitis (absolutely necessary if you’ve been infected) and I’m a big believer in vaccines (easier to never catch the virus).
Let’s start with what we know to be true. Data brokers collect information on each person in the world. They use as many different sources as they can access to aggregate that data. None of us are reading the terms and conditions but they are universally written to favor the business, not the consumer. Understandably, businesses don’t want to be bothered by nuisance lawsuits. Lawyers are expensive and time-consuming, so if they can make it very hard for you to sue up front, they do. And if they are breaking new ground where the laws don’t extend, they’ve got even more room to block. If you have no rights in a new space, like data, then there’s nothing to stop exploitation in future use cases that emerge as a business grows. There’s not a separate set of terms for nice people like us who would never file a nuisance suit. And government information, like who owns your house, has always been public if someone went down to the right office and paid any small fees required. The internet just means that there are now businesses that aggregate that info and make it profitable. See Zillow and put in your childhood address and you’ll see what your parents paid and what the current owner’s property taxes are.
Nothing to Hide?
Why would we care about all this data being public? Well, Google Maps knows where you went and when, Instagram knows what you ate there when you photographed it, Facebook knows who you were with when you were tagged in a friend’s post, anyone with your home address knows what you paid and when, and all the entities involved in your banking chain know how much you spent last month. From that, over a month, it’s not too hard to determine your religion (if any), vegetarian/vegan, country/rock, credit rating, work address, profession, pets, Uber/Lyft/car owner, and basically everything else. A data aggregator or broker scoops up all this information, as well as public info (leases, property taxes, loans, phone numbers, emails),