Data and Goliath

Read Online Data and Goliath by Bruce Schneier - Free Book Online Page A

Book: Data and Goliath by Bruce Schneier Read Free Book Online
Authors: Bruce Schneier
Ads: Link
our relationships. It’s quite obvious that you can be uniquely identified by your
     location data. With 24/7 location data from your cell phone, your name can be uncovered
     without too much trouble. You don’t even need all that data; 95% of Americans can
     be identified by name from just four time/date/location points.
    The obvious countermeasures for this are, sadly, inadequate. Companies have anonymized
     data sets by removing some of the data, changing the time stamps, or inserting deliberate
     errors into the uniqueID numbers they replaced names with. It turns out, though, that these sorts of tweaks
     only make de-anonymization slightly harder.
    This is why regulation based on the concept of “personally identifying information”
     doesn’t work. PII is usually defined as a name, unique account number, and so on,
     and special rules apply to it. But PII is also about the amount of data; the more
     information someone has about you, even anonymous information, the easier it is for
     her to identify you.
    For the most part, our protections are limited to the privacy policies of the companies
     we use, not by any technology or mathematics. And being identified by a unique number
     often doesn’t provide much protection. The data can still be collected and correlated
     and used, and eventually we do something to attach our name to that “anonymous” data
     record.
    In the age of ubiquitous surveillance, where everyone collects data on us all the
     time, anonymity is fragile. We either need to develop more robust techniques for preserving
     anonymity, or give up on the idea entirely.

4
    The Business of Surveillance
    O ne of the most surprising things about today’s cell phones is how many other things
     they also do. People don’t wear watches, because their phones have a clock. People
     don’t carry cameras, because they come standard in most smartphones.
    That camera flash can also be used as a flashlight. One of the flashlight apps available
     for Android phones is Brightest Flashlight Free, by a company called GoldenShores
     Technologies, LLC. It works great and has a bunch of cool features. Reviewers recommended
     it to kids going trick-or-treating. One feature that wasn’t mentioned by reviewers
     is that the app collected location information from its users and allegedly sold it
     to advertisers.
    It’s actually more complicated than that. The company’s privacy policy, never mind
     that no one read it, actively misled consumers. It said that the company would use
     any information collected, but left out that the information would be sold to third
     parties. And although users had to click “accept” on the license agreement they also
     didn’t read, the app started collecting and sending location information even before
     people clicked.
    This surprised pretty much all of the app’s 50 million users when researchers discovered
     it in 2012. The US Federal Trade Commission got involved, forcing the company to clean
     up its deceptive practicesand delete the data it had collected. It didn’t fine the company, though, because
     the app was free.
    Imagine that the US government passed a law requiring all citizens to carry a tracking
     device. Such a law would immediately be found unconstitutional. Yet we carry our cell
     phones everywhere. If the local police department required us to notify it whenever
     we made a new friend, the nation would rebel. Yet we notify Facebook. If the country’s
     spies demanded copies of all our conversations and correspondence, people would refuse.
     Yet we provide copies to our e-mail service providers, our cell phone companies, our
     social networking platforms, and our Internet service providers.
    The overwhelming bulk of surveillance is corporate, and it occurs because we ostensibly
     agree to it. I don’t mean that we make an informed decision agreeing to it; instead,
     we accept it either because we get value from the service or because we are offered
     a

Similar Books

Written in Dead Wax

Andrew Cartmel

Intrusion: A Novel

Mary McCluskey