Issues Magazine

Privacy – Safeguard Your Digital Identity

Issues 71: Privacy

Issues 71: Privacy

By Timothy Pilgrim

What are the privacy issues around digital identity and how can we protect our privacy in the digital age?

The past five years have seen an explosion of social networking sites. Add to that the popularity of Twitter and smart phones, and you have a whole new world of communication. As always, young people are fast to pick up and rely on new technology. They are able to be in constant electronic communication with their friends, often by using a number of smart applications at the same time.

Every sci-fi or conspiracy action film/TV show since the mid-1990s is full of people using technology for good and evil, from the Die Hard 4.0 villain shutting down the entire country by taking electronic control of infrastructure to the current Dr Who using the locator device on an iPhone to write a code that will track and locate a psychopathic alien.

But what does this electronic networking of our communications mean in the real world? And what impact does all this sharing of our personal information have on the way we regard privacy?

Why Does Privacy Matter?

Privacy is a human right. It is important because it pertains to our identity – who we are, what we do, what we want to do, what we think and the people with whom we have relationships. Once lost, privacy is very difficult to retrieve. Personal information can include information such as medical records, bank account details, photos, videos, and even information about what we like, our opinions and where we work. In Australia, laws such as the Privacy Act 1988 (Cwlth) protect people’s personal information.

Traditionally our social circles have been clearly defined – we can easily identify our immediate or extended family, our close friends, our wider friendship circle and acquaintances. But today’s preferred mode of electronic communication, often online and via social media, has changed all that. Do people delineate between different audiences as they post online, and where does privacy fit into the picture?

Your Digital Identity

Have you ever considered that when you share personal information online, you are building a digital identity? This is the online picture of you – the sum of all the photos (including tags posted by others), posts and comments, searches you make – that relates to the online profiles of the services you use. The issue of digital identity is of particular relevance to you who, unlike previous generations, have “existed” in an electronic form for much of your lives.

If you aren’t careful, elements of your present digital identity could easily be the information that a potential employer finds in five years as they search your name online. It could be what a journalist finds if you become a professional public figure. It could be what a partner or employer finds in ten years, simply by doing an internet search, or what an identity thief uses to create a fake profile in your name. Your digital identity is real, and it is important to treat it as such.

Online Behavioural Advertising

Did you know that most internet browsers and websites collect information about where you go and what you search for when you are online? In this way, service providers can target you with information that relates to your browsing habits and personal interests.

Companies use this type of “online behavioural advertising” to try to match the ads you see while browsing online with your interests. They do this by placing a “cookie” on your computer. This is a text file that tracks where you go online and helps service providers create targeted interest categories based on all the online information that is available about you. This includes the sites you visit, the topics and words contained in emails you may have written using free services, and the apps you download. When this information is combined, advertisers have a detailed picture of your online activity and target ads to you accordingly.

Some people don’t mind receiving ads that are targeted to their interests, but it’s still important to be aware of how information about your browsing habits and interests is being collected and what your choices are. Some service providers allow you to exercise more control in deciding how much you are willing to share about your online behaviour, and others offer very little. It is up to you to choose service providers that provide you with the privacy options that suit your needs.

Check the privacy settings to find out how your information is being used, and what your options are in controlling this, including whether or not you wish to accept cookies (see the fact sheet Online Behavioural Advertising: Know Your Options at www.oaic.gov.au).

Social Media: What Do You “Like”?

Facebook is the world’s most popular social networking site, with an estimated 955 million users. Twitter is already in the top ten most used sites on the internet. It is estimated that Twitter has 500 million active users. These numbers suggest that social media is overtaking more traditional modes of communication and that the notion of what is “private” and who is a friend must be framed in an altogether different context today.

The University of Queensland’s (UQ) Centre for Critical and Cultural Studies conducted an online privacy survey in December 2011 (http://cccs.uq.edu.au/personal-information-project) that shows that 94% of 18–24-year-olds use social networking. The UQ study also shows that 64% of people rarely or never read privacy statements.

This figure supports 2010 research conducted by myself and colleagues as part of an Australia–Pacific Privacy Authorities Privacy Awareness Week survey which found that although 83–87% of respondents across 11 countries claim to understand the privacy settings of the social media sites they use and to have changed the settings, 59% said they had never read the privacy policies or terms and conditions (www.privacyawarenessweek.org/2011/index).

Other research by the Australian Communications and Media Authority (ACMA) shows that teenagers primarily use social networking to chat to friends at school and to make social arrangements. While 76% of 16–17-year-olds are aware of privacy settings, 24% of teenagers don’t know how privacy settings work.

Drawing from this research we can assume that for every 1000 school students, 240 of them have no, or insufficient, privacy settings on their social media pages. This is significant when you consider that social media is all about broadcasting with a default privacy setting that is “public”. So unless someone has changed their privacy settings, a message posted on Facebook is designed to be seen by as many people as possible, in contrast to emails where users actively decide to whom they will send information.

Mark Zuckerberg, the creator of Facebook, said in an interview that people have become comfortable not only sharing more information and different kinds, but sharing it more openly and with more people. He also said that people today have one identity:

The days of you having a different image for your work friends or co-workers and for the other people you know are probably coming to an end pretty quickly. Having two identities for yourself is an example of a lack of integrity.
– D. Kirkpatrick, The Facebook Effect: The Inside Story of the Company That Is Connecting the World, Simon & Schuster, 2010

Whether you agree with his opinion or not, there are many good reasons why people should consider their personal privacy by thinking carefully about not only the kinds of personal information they share, but also about the security of their account settings.

Unintended Consequences

The consequences of not protecting your privacy can be serious. The recent hacking incident experienced by technology writer Matt Honan, which destroyed his entire digital life in just one hour, is just one example of why it’s important to protect online privacy (http://www.wired.com/

gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all). Matt had one password that allowed him access to and linked together all his digital accounts.

Many people, like Matt, would be in the habit of “daisy-chaining” their online accounts together to make it easier to access them through one platform. Others “set and forget” their passwords, not bothering to change them regularly, or use the same password for all their accounts so they don’t have to remember more than one.

What Are the Risks?

Among the consequences of Matt’s poor security practices were that his Google account was taken over and deleted, taking with it a wealth of personal data. Matt’s Twitter account was used by the hackers as a platform for racist and homophobic messages. By accessing his AppleID, the hackers were also able to remotely erase all of the data on Matt’s iPhone, iPad and MacBook. None of this valuable data was backed up.

Matt’s story is a great example of identity theft. There is no doubt that hackers are becoming more sophisticated and the numbers of people affected by these kinds of data breach incidents are on the rise.

The kinds of personal information that may be at stake includes names, birth dates, addresses (both street and IP), telephone numbers, credit card numbers, bank account number, driver’s licences, passport numbers and student numbers – and the list goes on.

Not surprisingly, when this kind of personal information is lost or misused, there will often be consequences for individuals, such as:
• vulnerability to the threat of identity theft and fraud
• potential loss of control over who knows what about you
• risk that people can be using the information for unwanted contact, like marketing
• the inconvenience of changing a raft of details such as credit cards and bank accounts.

It is not just like losing a physical asset that can be replaced. Once breached, privacy can be hard to regain. There can also be significant problems in getting the integrity of your identity back, especially if someone pretending to be you has been posting public comments that misrepresent you in serious ways or making financial transactions using your name without your knowledge.

Protect Yourself

Matt’s story provides good reasons why you should take the time to ensure that you protect your privacy. But to do this you need to think about what you are doing online and consider the contents of your posts. You must also make an effort to actively control how much information you are giving away by adjusting your privacy settings. This requires a level of effort on your part, but it is worth taking the time to consider privacy as you go about your online life so you can avoid some of the adverse consequences.

First of all, think before you post. Think about the information you share and how it’s being used. For example, what might a future employer or partner think if they read it? Remember that the internet lets your information be collected and shared easily. Harmless information you post could be added to the mix, creating a very full profile about you. Who might see it?

Sharing information with just a few people doesn’t stop it reaching a wider audience. Remember that they might pass things on. You could consider establishing “friend” groups to control the access that different people in your life have to your personal details.

Although seemingly easy to use, many social networking sites are considerably more complex than they appear initially, with many levels and layers of options that you may not be aware of, so consider where your posts may end up.

When it comes to protecting your account, you can make it harder for hackers to steal your information and pretend to be you by keeping your accounts separate rather than linking them. For this reason you should not use the same password across multiple services. Choose passwords that have a combination of numbers and letters, and that use capitals as well as lower case letters. Change them regularly and don’t use anything obvious like your date of birth or your name.

Don’t allow internet browsers to save your passwords, and think twice before you agree to third parties accessing your devices. Be especially wary of offers that ask for “remote access” to your device.

Before you download software and apps, make sure they come from a reputable source. Professional-looking pop-ups that say you must download software in order to protect your computer are particularly risky.

A Phone Is Not Just a Phone

The past decade has seen an explosion in the popularity and prevalence of smartphones, such as the iPhone and Blackberry. It is estimated that mobile phones have reached 120% penetration in Australia: 52% of Australians have a smartphone, of which 70% are Apple and 20% android. Today, the types of things we do with our phones can involve all kinds of personal information including sending emails and making financial transactions. People check social feeds more often and this is in part due to smartphone technologies.

Always keep in mind that when you share from a mobile phone, a vast amount of other personal information is also accessible from that device if it is lost, stolen or otherwise compromised. You should therefore be careful about what personal information is stored on your phone.

One of the more popular features of smart phones is their inbuilt GPS. Smart phones have a built-in feature called a geolocator that can pinpoint your location. This data is often published online through social networking sites, or used by location-based services such as maps and retail services. It can also be embedded in images you take with your smart phone camera.

It’s important to remember that geolocators tell people where you are, but also where you are not. That is, by checking in somewhere you are making a public statement for all to see that you are not at home. Additionally, if you post an update, comment or photo that has embedded geolocation onto a social media site then you may be telling people in real time where you are. You may also, simultaneously, be providing them with a photo from which you could be recognised or identified. Many of these small “identifiers” may seem unimportant on their own, but you also need to consider how they interact as a whole to build up an identity profile of you that may be more public than you think.

To ensure strong privacy protection, consider turning off the geolocator on your smartphone unless you absolutely need to use it, and make sure that your location is only visible to friends you know in the real world. It’s also a good idea to check that the service doesn’t show your details to those nearby, who you might not know.

What Else Can You Do?

Other things you can do to protect your privacy include:
• reading the privacy policy of the sites you use – this should explain what they will do with your information, and what you can do if you’re unhappy with something. If you are not comfortable with what is on offer, consider using an alternative service provider
• using the privacy settings tool available – take the time to set up your privacy protections before you start networking
• making sure your anti-virus software is up to date – this can help protect you against viruses and privacy invasion such as hacking.

Even more importantly, make a practice of considering how your personal information can be shared, tagged, tracked and aggregated online, and pay attention to any changes to how an online service you use might do this.

By taking a few moments to regularly check your privacy and security settings, you will be taking active steps to ensure your privacy and the integrity of your digital identity and minimising the harm that may be caused by a malicious cyberattack.