Posts

Digital Footprint: Exposing Your Secrets, Eroding Your Privacy

Does your digital footprint expose your secrets to the wrong people? 

National Public Radio and the Center for Investigative Reporting recently presented a four part series about privacy (online and off) called, Your Digital Trail. To get the gist of how little privacy you have as a result of the social media, credit cards and mobile technology you use, watch this accurate and eye-opening explanation of how you are constantly being tracked. 
Marketers, data aggregators, advertisers, the government and even criminals have access to a vivid picture of who you are. NPR calls it your digital trail; for years, I’ve referred to it as your digital footprint. Let’s take quick look of what makes up your digital footprint.

What is your digital footprint? 

Just like a car leaving exhaust as it runs, you leave digital traces of who you are without even knowing it. Here is a partial list of the ways that you are tracked daily: cookies on your computer, apps on your smartphone or tablet, your IP address, internet-enabled devices, search engine terms, mobile phone geo-location, license-plate scanners, email and phone record sniffing, facial recognition systems, online dating profiles, social networking profiles, posts, likes, and shares, mass-transit smart cards, credit card usage, loyalty cards, medical records, music preferences and talk shows you listen to on smartphone apps, ATM withdrawals, wire transfers and the ever-present, always rolling surveillance cameras that tell what subway you rode, what store you shopped in, what street you crossed and at what time. Is there anything, you might ask, that others don’t know about you? Not much.

What happens to your data that is tracked? 

According to NPR, a remarkable amount of your digital trail is available to local law enforcement officers, IRS investigators, the FBI and private attorneys. And in some cases, it can be used against you.

For example, many people don’t know their medical records are available to investigators and private attorneys. According to the NPR story, “Many Americans are under the impression that their medical records are protected by privacy laws, but investigators and private attorneys enjoy special access there.”  In some cases, they don’t even need a search warrant, just a subpoena. In fact, some states consider private attorneys to be officers of the court, so lawyers can issue subpoenas for your phone texts, credit card records, even your digital medical files, despite the HIPAA law.

Kevin Bankston, senior attorney with the nonpartisan Center for Democracy and Technology, explains that the laws that regulate the government regarding privacy were written back in the analog age, so the government often doesn’t have many legal restraints. When the Fourth Amendment guaranteeing our rights to certain privacies was written, our Founding Fathers weren’t thinking about computers and smartphones!

Specifically, the Fourth Amendment states, “The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated.”  In the “old days” police would have had to obtain a search warrant (showing probable cause) and search your home for evidence of criminal activity.

But since the 1960’s and 1970’s, the Supreme Court and other courts have consistently ruled that if you have already shared some piece of information with somebody else, a warrant is no longer needed.  So now when you buy something with a credit card (letting your credit card company know what you’ve purchased), or drive through an intersection with license plate scanners (telling law enforcement where you’ve been) or Like something on Facebook (letting the social network and everyone else know your preferences), you have, in essence, given the government (as well as corporations and criminals) the right to gather information about you, whether you are guilty of anything or not.  So much for probable cause.

In this age of cloud computing, the issue becomes even more, well, clouded.  Take the case of a protester arrested during an Occupy Wall Street Demonstration in New York City.  The New York DA subpoenaed all of his tweets over a three and a half month period.  Of course, his lawyer objected, but the judge in the case ruled that the proprietary interests of the tweets belonged to Twitter, Inc., not the defendant!

How can we defend our digital footprint against privacy violations? 

My takeaway from the NPR piece? We are so overwhelmed by the tsunami of privacy erosion going on, by the collection, use and abuse of our digital footprints, that the surveillance economy we have created will only be resolved by broad-stroke, legislative action. Until that happens, corporations, criminals and even our government will consume all of the data we allow them to. And so will we.

John Sileo is an expert on digital footprint and a highly engaging speaker on internet privacy, identity theft and technology. He is CEO of The Sileo Group, which helps organizations to protect the privacy that drives their profitability. His recent engagements include presentations at The Pentagon, Visa, Homeland Security and Northrop Grumman as well as media appearances on 60 Minutes, Anderson Cooper and Fox Business. Contact him directly on 800.258.8076.

Screen Shot 2013-10-11 at 2.11.21 PM

Are Millennials ignoring online privacy protection?

,

The Millennial generation tends to have a lax approach to online privacy protection – and it might put all of our security in jeopardy.

Those in their teens, 20s and early 30s – the “Millennials” – have widely prompted discussions as they enter and redefine the modern workplace. Recent information gives us a more in-focus picture of the general operating philosophy of this age group when it comes to handing out personal information over the internet. It’s been found that a devil-may-care attitude is much too prevalent.

A survey from the University of South California’s Annenberg Center for the Digital Future revealed that more than half of the Millennials it questioned would willingly give their personal information to companies in exchange for some sort of coupon or incentive. And then a disconnect occurs because the same study interestingly showed that 70 percent of those same Millennials believed their personal data should be kept private.

Perhaps the young Millennials simply don’t have enough experience to understand why giving away their personal information is so detrimental. The older Millennials, however, choose to ignore that their loose surfing, online buying and phone habits leave behind a digital footprint. They disregard that their identity and their online privacy is a type of currency, and the more they squander it now, the less they have later. And all the while, Facebook and other social networks are all too willing to profit from this data.

This isn’t to say that other generations were impervious to making bad decisions in the folly of youth. They just weren’t made in the online world we now know. How much easier it was when our bad decisions were wrapped in privacy! We have to remember, too, that online privacy protection is not the onus of just one group of people. It’s up to all of us to ensure that we’re not putting ourselves in danger through our digital interactions.

John Sileo is an online privacy protection expert and in-demand speaker on digital reputation, cyber security and online asset protection. His clients included the Department of Defense, Pfizer, Visa, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.

Online identity nightmare: will Twitter meet the challenge? Will we?

The jaw-dropping attack on the Associated Press last week may finally cause Twitter to start safeguarding our online identity – and it may even jolt us out of our apathy.

We’ve seen serious Twitter breaches for months. Hackers have damaged the digital reputations of major corporations and cultural groups. But Tuesday, the whole world was jolted when hackers falsely sent an AP tweet reporting that there had been two explosions at the White House. Within seconds, investors unloaded $139 billion worth of stocks, as reported by AP. Not all those investors were human; many were computers on autopilot doing high-speed trading. But the consequences are just as real and far reaching.

The ease with which organizations like the Syrian Electronic Army or LulzSec can infiltrate a powerhouse like Associated Press alerts us as to how vulnerable our digital footprint is. The universality of this threat is very real. Don’t be lulled into complacency because you think you’re not as attractive a target as AP. Hackers will continue to test the limits of our online identity security, especially on a platform like Twitter where messages can easily be deceptive or misinterpreted. Anyone with an internet connection has something to lose.

Shortly after the AP breach, better user-authentication was demanded by users and Twitter finally took notice, declaring it would make passwords stronger. Twitter announced it will soon implement the two-step process of authentication similar to that used by Google and Facebook. I doubt anyone today is skeptical about how much damage can be caused by a mere 140 characters.

Another security measure is available to ensure that a user is the only one logging into their account. If an unregistered device (e.g., not your home computer) attempts to gain access, a verification code can be sent to a registered device like a smartphone, reducing the risk of an unauthorized user.

Twitter is not alone in protecting our online identity

Effective security checks don’t let us humans off the hook. All the security checks can swoosh down the drain with one click on a bad link. Though we’ve been hearing it since the days of AOL and dial-up, if you don’t recognize the sender or you feel even a slight suspicion of the link, don’t click on it.

Your online identity, or digital footprint, is a composite of everything you watch, post and link to. When it’s compromised, how you are seen by others can be forever changed. Twitter’s response to the breach acknowledges that national security is at stake and signals a desire to encourage security for its users. It’s your responsibility to stay alert and take every possible precaution to protect your digital footprint.

John Sileo is an online identity expert and keynote speaker on digital security, reputation protection and social media privacy. His clients included the Department of Defense, Pfizer, and Homeland Security. See his recent media appearances on 60 Minutes, Anderson Cooper and Fox Business.