Forget your drunken photos on Facebook. They already know about them, and you know they know. Don’t worry about tracking cookies either.
As Crikey reported last week, they’re nothing new and everybody uses them. It’s what you don’t know they know that you should worry about – and frequently your website use is even being tracked without the knowledge of the site you’re visiting.
“I think that cookies is probably the most visible and most easily understood issue, but I think there’s a lot of other elements that we need to be aware of,” said Kevin Shaw, president of the International Association of Privacy Professionals — Australia and New Zealand (iappANZ). “For me it’s more [about] the professional data mining that goes on on the internet.”
Shaw is referring to data aggregation companies like Acxiom, ChoicePoint and LexisNexis. They buy collections of personal data from businesses as diverse as car hire firms, hotel chains, frequent flyer programmes and Australia Post – the “partners” glossed over in their privacy policies – and compile profiles of you as an individual.
Even the boxes you tick on competition entry forms can end up in the mix.
These profiles were initially built up for commercial reasons, to better target advertising. But as Shaw told this week’s Patch Monday podcast, “You can imagine a lot of the behavioural mining could be just as useful for security purposes. Potentially if that database then gets hijacked, it could be used for nefarious purposes.”
This kind of data mining has been going on for years of course, even decades. But the advent of cloud means businesses large and small are moving their data from dedicated facilities directly under their control to cloud storage. This can deliver massive cost savings but, as I’ve written elsewhere, it also introduces new security challenges.
“For me confidence always comes with evidence. I don’t think anybody wants to be in a position of just blindly believing that large organisations are going to do the right thing,” Shaw said. “From an end-user and consumer point of view we should start demanding greater clarity from organisations as to what they’re doing with our data and how they’re protecting it.”
Such clarity would of course require online businesses to know what data is actually being collected. But Krux Digital checked out fifty popular US websites and found that nearly a third of the tracking tools were installed by third-party companies without the host site’s knowledge or permission.
Meanwhile Shaw is dismissive of the media attention given to the perceived risks of social networking sites.
“Look, I think it’s a risk, but I don’t think it’s the only risk and it’s probably been elevated out of proportion to some of the other risks that we as end users and customers face,” he said.
“I think the only solution around things like Facebook is an education process to the end users as to what can go wrong, and what is appropriate and not appropriate to put up on social networking sites.”