Who owns data on you?

I’ll tell you a little story first. True as it happens. Many years ago – decades actually! – I used to hang around IRC-based chat rooms talking to other techies and MUD gamers. One evening we got a troll, some annoying kid that believed the anonymity of the Internet allowed him to be as rude, obnoxious and basically na-na you can’t find me, loosers as he could. Despite him being on another continent, several timezones away, I sent him a live feed of his house shortly after and funnily enough he stopped being so cocky and vanished, never to be heard from again.

This was, of course, long, long before GPS, Facebook, Google or anything else you can probably think of. How on earth could I manage that, you may wonder. Well, people are predictable, they form habits, have tells, they leave clues without knowing it. We kept him talking while I made a list of his favourite insults, a mention of the weather, so forth. Simply based on this and the fact it had rained an hour ago earlier that evening in his state, I got his real name, address and found a traffic cam with an Internet feed on his street.

(Back then you paid by the minute to get connected and 9,600 bps was as good as it got. By comparison, I am now getting 152,000,000 bps. (Or 0.0096Mb vs 152Mb if you prefer). Data harvesting by spooks and big companies has increased at a similar exponential rate).

What someone like the NSA, GCHQ, Facebook or Google can do in this age of always-on, fast broadband and the ubiquitous social sharing explosion would stop you in your tracks if you truly understood the depths of it…

If you are a fan of ‘Person of Interest’ you’d probably grasp the idea, particularly if you watched Nothing to Hide (season 3, episode 2). This one featured the head of a fictitious internet company (Life Trace) which allows people to find others through information readily available already on the web. (As it happens I used a similar real company – decades ago – to find that troll I mentioned at the start). Life Trace offer a service, selling the information gathered to people who will pay for it. This episode related to those ultimately hurt by the information that was provided through the site.

With all that in mind :

Have you ever sat down to think about how much data in held on you, by whom, for how long and what uses it could be used for? Have you ever wondered about going ‘off the grid’ and removing all trace of yourself from the records? How hard could it be?

Consider a typical day, getting up, having breakfast and driving into town for a little shopping:

Your breakfast is again interrupted by the phone. The first, earlier, was someone trying to ‘help’ you claim money back from a mis-sold PPI (for a loan you never had!), this one is trying to sell you solar panels. Both are particularly annoying as, after registering under TPS failed to stop cold callers, you went ex-directory. Not even finished your morning cuppa and already any number of scammers and nuisance callers already have your name and number, often with other partial or complete information, possibly including your address and even the last 4 digits on your credit card.

As it was a call, you can add the telephone company (and mobile) to the starting list of people with your name, address, bank details and purchasing habits. BT et al will, of course, have a detailed record of all the calls you’ve made, to whom, for how long and labelled you accordingly. Such legally obtained details (often even mandatory for the service providers) can be made available to authorities on request, naturally. If you consider phones as a utility, feel free to add the gas, water and electricity boards to the people with similar records on you.

Breakfast done you take the rubbish out to bin, meeting the postman with a parcel from Amazon…

Bins are under the province of the local council and they too have a stack of files on you and everyone in your house. They know who is registered to live there, how long you’ve lived there and just how much you are worth to them in terms of poll tax and, if they can, parking charges.

That’s before we think about what they are doing with all those (now digital) surveillance cameras which are now using increasingly sophisticated recognition software. (These can record and analyse voice, eyes, walking stride and more, though not the ones bolted around your local shopping centre – YET.)

Talking of your home, that too has a history, methodically detailed and cross-referenced, all searchable with the right permissions or even just knowing where to look. Who owns the house, how much you paid for it, what price it was on the market for, how much is left on the mortgage. (Rightmove, for instance, record searchable past sales going back 20 years). Your title deeds, increasingly available online, can include who lived there before you – going back decades, centuries in some cases and even mentioning who died in the house and how!

This alone covers a long list of people and companies with a vested interest in knowing all about you. Solicitors, surveyors, ground rate companies, banks, mortgage companies. Talking of which, credit rating companies like Experian and Equifax are constantly assessing your worth – and your risk to lenders. Late with a payment, they’ll be told. Apply for another credit card, they’ll find out. CCJ against you, they’ll know that too.

Amazon meanwhile are adding that completed order to their profile of you, one that’s kept and expanded indefinitely. Send a birthday voucher to a relative, buy a book, order a coat… they really do know all about you, from your probable intellectual, political and hobby interests right down to your knicker size (if you order such from them). You only have to look at your order history or the from page to see the extent:

‘Related to Items You’ve Viewed’

‘What Other Customers Are Looking At Right Now’ (based on what we know about you)

‘More Items to Consider’ (based on the last thing you looked at)

– and so forth down their recommendations.

Nothing wrong with it in principle and I am fine with it myself, find it extremely useful. But this is where it starts to unravel because Ah, I see you are interested in psychology, criminal thrillers and ‘How to get away with murder’, Mr Fred Smith of Anytown!. That’s not Amazon mind you, that’s me, right now, looking at YOUR Amazon account because I can. Legally. Up to a point at any rate. This is because if you know even a fragment about someone, a last name, an email, then Amazon lets you search for and examine Wishlists. Handy if you want to share a birthday list with relatives, less good if you have a stalker! Of course it depends on if you even have such a wish list, but if you do if can be very telling.

Before you set off you decide to check your email and message a friend to meet up for a meal at lunch. Handy things, smartphones. You can check how many spammmers got or guessed your email, how many companies passed on your email and other details to ‘partners’ because you forgot to tick or un-tick a tiny hidden box. Perhaps you noticed it but didn’t have a lawyer handy to untangle the ambiguous, nested double-negatives of the option:

Untick here if you don’t want us to not share your details with our partners.‘ What!? Smiley is confused!.

Incidentally, while you are doing this your phone’s GPS may well be recording precisely where you are at the moment in a hidden database, a tracking list going further back and in more detail than you may be comfortable knowing. Just a thought as you are trying to find somewhere, the little pointer saying ‘you are HERE’ and dotted around it are hints of places you might like to visit, to spend your money, that perhaps paid the mappers for prominence and want a return on their investment. GPS? Cui bono: to whose benefit.

Oh look, a robin. Get a quick snap and upload it to Facebook (or Twitter, Pinterest, Flickr). What? You never use those? Of course, understandable. Facebook is procrastination incarnate, you wouldn’t be seen… Hmm? Is that you? It is, isn’t it? That’s you in a pink bonnet, the photo lovingly uploaded by your Aunt Mabel, seen by your mate Baz (as suggested to him by Facebook) and duly shared with a wholly embarrassing caption he kindly Photoshopped in.

That’s the thing about ubiquity, postings get everywhere and once they do they are grabbed, mined, copied, shared and before you know it the most embarrassing moment of your entire life could be a viral video seen by millions.

Well, I’ve got you suitably paranoid, I’d better not get into everything Facebook gather on you, eh. Or the rest. For instance on that trip to town you will encounter many of the following and never ever registered it until I kindly point it out to you.

The Tax office

DSS / benefits offices (now totally online. Making life misery for many!)

Any reminders of the DVLC (also moved online).

Or the police for that matter. You weren’t speeding were you?

Add to that insurers, car and otherwise. You can bet they are doing EVERYTHING they can to be allowed total access to your profile. If you drink, smoke, if your family has a history of heart conditions, if you have a genetic marker, they want to know. They want to know in the finest possible intimate detail and the day they do, premiums will skyrocket!

Your gym memberhip and any other members clubs you are in.

Anywhere you eat, drink or shop – especially if they have loyally cards and/or take credit card payments. This applies a hundredfold if you are buying online.

Your dentist, doctors, hospital, all your medical files are increasing being moved to computers for easier reading, easier sharing. Even the vets’ record of your pet’s treatment.

Your school, college etc. They’ll all have records on you, many of which they’ll have shared in ways you might not think of at first. References, perhaps. Maybe you want them to confirm the exam certificates you claim you gained (those you can’t find the originals to, anywhere). But what about… the school play you were in? Remember, you were 6 and played a lamb, you wore your dad’s sheepskin coat inside out? Remember? No? Well, Aunt Mabel does, she found the polaroids and got your cousin to scan them for Facebook. She also found the article of the event, covered by the local paper – now digitised – and added a link to that. So kind.

Of course your employers have access and input to many of the above, let’s not forget them. Perhaps the above incident made you decide to look for a new job. Suppose you get short-listed. Guess what, certainly for higher profile jobs, it’s now a common policy to look online to see just who they are hiring. And everything you ‘liked’ on Facebook, every photo you shared, ever embarrassing comment on Twitter, the minutiae of your LinkedIn profile, your entire life is spread out for inspection.

I’ll leave you with a couple of quotes from Google’s CEO, Eric Schmidt:

If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place
(Said to CNBC’s Maria Bartiromo in an interview. (Dec 2009)

Google policy is to get right up to the creepy line and not cross it. With your permission you give us more information about you, about your friends, and we can improve the quality of our searches […]
We don’t need you to type at all. We know where you are. We know where you’ve been. We can more or less know what you’re thinking about.

(Told to the Atlantic at the ‘Washington Ideas Forum’ (October 2010).


You might also want to read :

Irony is lost on cold callers

Endgadet : Google search ‘Find My Phone’ to locate your missing Android

CNN : FBI launches a face recognition system

Wired (2012) : How much data did Facebook have on one man? 1,200 pages of data in 57 categories. Note that was back in 2012, they were still young then; their arsenal is now (2015) so sophisticated they have facial recognition software that can look at a photo, detect who it is (within 97.5% of a human studying it), and pull in links based on who they have found!

Wall Street Journal (2010) : The Web’s New Gold Mine: Your Secrets

The Economist (2014) : Getting to know you : Everything people do online is avidly followed by advertisers and third-party trackers

ProPublica, Journalism in the Public Interest (2014) Everything We Know About What Data Brokers Know About You

Moz (2008) : The Evil Side of Google? Exploring Google’s User Data Collection (In 2008 Google needed around one million servers to handle their search. Think they got any smaller in the past 7 years?)

Huffington Post (2010) : Google CEO Eric Schmidt’s Most Controversial Quotes About Privacy

The Guardian (2010) : How I became a Foursquare cyberstalker

The Guardian (2013) : How supermarkets get your data – and what they do with it:
It doesn’t matter if you are part of a loyalty scheme, pay by card or even cash, ‘Big Brother’ supermarkets know your every move.

The Guardian : (2015) Facebook ‘tracks all visitors, breaching EU law’. It adds that "the Opt-out mechanism actually enables tracking" i.e The very act of saying do NOT follow me creates a files to be passed around, duly flagged and monitored, to the effect, "Hey, this is Fred, he doesn’t want us to know about him. Just saying…"

Simply Zesty (2012) : The Rise Of Big Data And How Social Media Uses It
The Atlantic (2012) : I’m Being Followed: How Google—and 104 Other Companies—Are Tracking Me on the Web

Neurotechnology : VeriLook Surveillance SDK
Face identification and movement detection

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.