What are they doing with my data? 

March 9, 2016 by Lux Anantharaman
What are they doing with my data? 
Before the lifting of the iron curtain, authorities in Eastern Europe required that anyone with a typewriter provide a sample typed page so any typed seditious material could be traced. Credit: Olivier Blondeau/Getty

You go shopping. You check-out at the cashier and are ready to pay. The cashier pulls out a camera and takes a picture of you, your bill and your credit card. You ask the cashier why. He tells you that the photo enables the supermarket to better profile customers like you—based on how you look, what mood you appear in, what clothes you wear, who you are with and what you buy. Demographic and behavioral information about you will be inferred from the information collected. 

You tell him that you gave him your number to complete the purchase, not to help the supermarket create a profile of you. You also ask him to delete the photo. He responds that this is company policy and that if you don't like it, you can take your business elsewhere. He adds that every other shop does the same—you don't have an option. Imagine being photographed every time you shop. Most of us would find this unacceptable, wouldn't we? 

But something similar happens every time we shop on the Internet. We are constantly profiled based on our shopping habits. Companies do this so they can:

  1. Recommend specific products and services
  2. Price discriminate and extract as much value as possible from each customer
  3. Influence you to change your buying patterns—during your pregnancy, for example.

In the 70s and 80s, in Eastern Europe, anyone owning a typewriter had to report to a police station once a year along with a typewriter and type a sheet of text. This enabled the police to track any typed material which they felt was objectionable or undesirable. Most of us today would find this unacceptable.

What are they doing with my data? 
Modern printers insert a set of barely visible dots so pages can be traced … how far have we really come?  Credit: Bet_Noire/iStock/Getty Images Plus/Getty

But how many people know that almost all modern day printers insert a barely visible set of yellow dots on every page printed, so it can be traced to you and the printer?  

You and your significant other engage in some lovey-dovey online video chat, believing that no one else will ever see it. But what if the online service provider who you trusted to safeguard your data wasn't so secure after all and someone was able to hack the online service provider and extract millions of video chats?  It sounds like something from a movie, but this is what happened in 2008, when Yahoo webcam feeds got hacked by British intelligence

You are watching TV and a luxury hand-bag ad starts playing. You want to check out the hand-bag online using a shopping app on your phone. When you open the app, you see a promotion for the very same hand-bag. You are wondering, how did my mobile shopping app know that I am interested in this hand-bag?  Is my phone listening to my TV? If my phone can listen to my TV, can it also listen to conversations in my living room?

Something similar is becoming commonplace. Companies like SilverPush are trying to figure out all the different devices you own. Unknown to you, the ad on your TV emits an inaudible, high-frequency sound that your mobile app picks up. Now, your shopping app retailer knows that you were watching the TV ad and browsing for the same product at the same time. Cross-browser tracking is the latest obsession for Internet marketers.

In the above three cases, our personal data, ostensibly collected for one reason, was used for other purposes. In some cases, such as online shopping, we are vaguely aware that data is being collected, but in others we may not realize that our information is being collected (for example, inaudible sounds linking devices, invisible dots on laser printers). While for each device we all 'agree' to an end-user license (which almost no one reads), the data collected may be used (or misused) for purposes not explicitly made known to us.

Take e-commerce, for example. We provide our names, addresses and to complete a transaction, never realizing that the same information is used to create a digital profile. Even more worrying is the use of sophisticated big-data algorithms that, based on what we buy and where we travel, can infer our likes, dislikes and even our personalities. Researchers have found that based on Facebook likes, computers can judge our personalities better than friends, family, even our partners.

Our mental models of ownership tend to attribute value to physical objects, whereas we don't typically view our personal data and information inferred from it as a commodity. Unlike tangible, physical objects, information can exist in multiple places at the same time—once it is released we may lose control over what happens to it.

But is it possible to know where our data is and how it is being used? Can we store data in 'capsules' in a secure, confidential manner and reveal it only to authorised applications and entities? Can the data capsule be cryptographically protected along with data-use policies? Can we design a system that allows authorized applications and entities to transparently access our data, only for specified time periods?  How do we create policies that are simple to understand, but are capable of representing real-world richness? All these requirements become important in the world that we will soon be in, a world of Big Data and Internet of Things.

Building on my previous work on enterprise digital rights management platforms and secure end–to–end data protection, I am currently researching solutions for creating data capsules to make our presence on the public Internet more private. My objective is to create mechanisms, both technological and legal, to ensure that our is only used for the originally intended purpose.

Explore further: Washington group spells out concern over cross-device tracking

Related Stories

Washington group spells out concern over cross-device tracking

November 17, 2015

Consumer privacy advocates find this seriously annoying: Some ads use inaudible sound to link your phone, TV, tablet, and PC. Dan Goodin of Ars Technica issued a "Beware" to readers earlier this month and the matter has concerned ...

What are my options for mobile pay?

December 11, 2015

With Wal-Mart Stores Inc. becoming the latest retailer to launch a mobile pay system, there are more places than ever to break out a digital wallet to pay for the things you want.

Facebook to test mobile app shopping tab

October 12, 2015

Facebook said Monday that it will begin testing a shopping tab for its mobile app as it works to ramp up advertising and online commerce offerings.

Team discovers how mobile ads leak personal data

February 23, 2016

The personal information of millions of smartphone users is at risk due to in-app advertising that can leak potentially sensitive user information between ad networks and mobile app developers, according to a new study by ...

Recommended for you

Protecting web users' privacy

March 23, 2017

Most website visits these days entail a database query—to look up airline flights, for example, or to find the fastest driving route between two addresses.

WikiLeaks releases CIA hacks of Apple Mac computers

March 23, 2017

The Central Intelligence Agency is able to permanently infect an Apple Mac computer so that even reinstalling the operating system will not erase the bug, according to documents published Thursday by WikiLeaks.

0 comments

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.