AXEL.org

data

Why Data Breaches are so Damaging and how the Law has Failed Consumers

Very few times in history have a group of people sat down with the purpose of writing a set of new laws to improve society. Instead, what usually happens is that laws are written to solve specific problems. This leads to a litany of laws piling up over the decades. While it could always be debated how effective a particular law might be at accomplishing its goal, the rapid pace of technological advancement over the past 20 years – especially as compared to the pace of the lawmaking process – has introduced new challenges as laws become quickly outdated, sometimes even by the time they take effect.

The results of this are acutely apparent in the cross-section between the fields of cybersecurity and consumer protection, namely data breaches.

The magnanimity of consumer protection laws in the United States were written for a society concerned with immediate product safety and compensation for resulting injuries, not for the nebulous and incalculable injuries that may be sustained by potential millions when private records are exposed.

Why are data breaches so damaging?

The unique problem of data breaches stems from the fact that the breach of privacy carries in of itself no specific harm. Instead, it is the later misuse of information that has been breached that may lead to ensuing harm. However, with data breaches occurring on a near-daily basis, the causality of specific financial or reputational damage is nigh impossible to link to a single breach causally; with our laws written around the concept of calculable damages being the source of justified remuneration, we are left constantly and increasingly victimized but unable to seek just compensation.

Some would argue that even more problematic is the irreparable nature of many of the most severe data breaches. Once a name and social security number are leaked, that identity is permanently and irreversibly at risk for being used fraudulently. While one could always apply for a new social security number, the Social Security Administration is extremely reluctant to issue new identities, and while that is a debate for another time, it goes to show just how difficult it can be to recover from a breach. Victims are permanently marred and at increased risk for future injuries resulting from a single breach, no matter how much time has passed.

Because of the damage resulting from a data breach being so far removed temporally and causally from the actual breach itself, adequate compensation is rarely won, if it is even sought. Was it the Equifax breach, the MoviePass breach, or one of the innumerable other breaches this year that resulted in your identity being stolen and used to take out fraudulent loans a decade from now?

Moreover, even if you should find that it was MoviePass’ negligence that leads to your identity being stolen, what compensation can you seek from a company that has been defunct for years? Our laws were not written to address these issues adequately. Our legal system often does not ponder questions of uncertainty and possibility, and that’s the perfect summary of what victims face in the aftermath of a breach; uncertainty and possibilities.

For all the uncertainty victims face, the solutions going forward as a country are equally opaque.

It would be easy to write some draconian law to punish companies for exposing private data, but as is often the case, that could have unintended consequences, such as pushing data overseas where even looser security and weaker privacy laws may exacerbate the problem. Instead, it’s going to take a significant shift in our collective-consciousness over how data is handled.

Laws written for managing telecommunications and transmissions in that era are being used to handle complex cybersecurity and data privacy cases.

This can’t come just from one party though; companies need to seriously consider what data they need to collect, and what information needs to be retained on a long-term basis. Consumers have to take ownership of their data and demand a higher quality of service from corporations and governments over how their data is collected and used.

As a whole, we must recognize the value of data, and the dangers we expose ourselves to by collecting it (and why it might even be best to not collect data at all in many circumstances).

Just like holding valuables such as gold and art entails a security risk, so too does data. If people started treating data like the digital gold it really is, maybe then we could all come together to work out a solution.

But until then, I’ll be keeping my data to myself.

How To Sound Like A Cybersecurity Expert

Cybersecurity is a buzzy topic these days. Everyone seems to be clamoring for tips on how to stay safe online, and you read in a listicle somewhere that cybersecurity is currently one of the fastest growing fields. So how can you get a piece of the respect and professional prestige that a cybersecurity expert might have? Simply follow these tips.

Warn people about social media

Inform people that by posting photos of their brunch on social media, they are giving hackers and state actors the tools necessary to take you down.

But actually, that’s too specific and information-y to remember, and it’s kind of a downer. Make your warnings vague, as in, “that Facebook is up to no good!” or “be careful about Twitter!” This way, when the next terrible Facebook or Twitter thing happens, people will recognize your prescience.

Bring encryption up often

Now, you may not know what encryption is, and I certainly don’t, but what we do know is that it’s somehow important to cybersecurity experts. Talk about it a lot, and if you encounter someone whose knowledge on encryption is more advanced than yours, simply run away.

Make a big deal out of the dark web

Studies have shown that people love hearing about the dark web. Take advantage of this fact to improve your social standing by making a huge honkin’ deal out of the dark web whenever you can.

If you see someone holding a credit card, mention that there’s lots of stolen credit card information on the dark web. This will confuse them into thinking you can help them keep their credit card information off the dark web.

Extra points if you can explain to people what TOR stands for. But if someone actually asks you how it works, this is again the moment to simply run away.

Loudly proclaim that quantum computing is the future of cybersecurity

This is certainly true. Don’t ask me why.

If someone asks you to elaborate on your claims, run away.

Chant “identity, not perimeter” to anyone in your general vicinity

The idea here is that perimeter security, or the mighty firewall as some call it, will be overtaken by identity and access management security, which allows for more granular permissions to be set, and ensures that even if someone does breach the firewall, they won’t have access to everything.

But that’s sort of a long thing to remember, so just remember the chant. If anyone asks questions about the chant, tell them to stop interrupting the chant.

Start a group chat to share cybersecurity articles you don’t understand

You’re not legit until you’re sharing articles saying common facts that we all know about like “phishing is a thing,” and “hackers have our data.”

To solidify your standing as a thought leader, however, you need to take it one step further. Sharing articles about concepts you don’t understand will allow you to rise to the top of the cybersecurity fake expert field. Look for a title like “why you NEED quantum encryption TOR identity blockchain security NOW.” If someone asks you what that means, tell them it’s too late for them if they don’t know.

How Amazon Is Using Your Data To Make You Buy

In 2018 all eyes are on Amazon. Bezos got crowned the wealthiest man in modern history, and Amazon is overtaking Apple as the most valued tech company in America.

Which begs the question, what makes Amazon so successful? I believe their success comes from the ingenious way they use your data.

Today I’m going to talk about three incredibly smart ways Amazon uses your data to empty your wallet. Let’s dive into it.

Recommended For You Section

Go to Amazon right now and log into your account, I’m sure you’re going to see something similar to this.

The ‘recommended for you’ section uses data from your buying habits to recommend items that you’re likely to buy. The psychology here is very intuitive; as human beings, we have a lot of wants. We want things that we don’t even know exists; its Amazon’s job to show us that they do.

As you buy more things on Amazon, you create a profile of your buying habits. From this profile, Amazon’s algorithm can determine what type of products you’re more likely to buy.

For example last week I was buying chia seeds for a kind of snack I wanted to make. Take a look at the picture above, Amazon’s response was, ‘Hey we see you like healthy seed based products, here’s a few more you should check out.’

All of what I’ve mentioned about the ‘recommended for you’ section ties into a proven principle of persuasion called consistency. The principle of consistency states that you are likely to repeat a similar action that you’ve done in the past. Amazon knows this and with the help of your data they can utilize this principle to sell you more stuff.

Amazon Best Seller List

If you’re like me, from time to time you’ve gone to the best seller list out of curiosity. I remember for a time fidget spinners were at the top, and I couldn’t figure out why (maybe they’re just that fun!?). The ‘best seller list’ is a collection of the best-selling products on Amazon across each category based on buying data from users.

But what reason would Amazon have for giving, you, me, and everyone access to this data? If you think about it logically, Amazon should want to protect that data.

Amazon shares this data with us because it helps them sell more products. Yes, the ‘best seller list’ is ingeniously designed to help boost sales and awareness for products. The ‘best seller’ list achieves this goal by using social proof.

The concept of social proof is simple, in our heads it plays out like this – ‘If a lot of people are doing it, then I should be doing it as well.’

Similarly, when we come across a product on the best seller list subconsciously our mind goes – ‘Hey lots of people are buying this, wonder why people are buying it?’ That spark of curiosity is more than enough to cause a sale.

Frequently Bought Together

And who could forget, right before going to the reviews we always run into the dreaded ‘Frequently bought together’ section. I have a confession to make; this section has caused me to buy more things than I would have liked. If my anecdotal evidence doesn’t succeed in convincing you, I’ll go into the genius of this section.

First, it combines the two psychological principles (Social Proof & Consistency) we saw above. Think about it; Amazon has access to data of all transactions for any product. This makes it easy for Amazon to see trends in consumer buying habits for any product. And once Amazon sees a trend which looks financially beneficial they start pushing for it using the ‘Frequently bought together’ section.

Not to mention, if two products are told to be bought frequently together it also gets you wondering why that’s the case. In some cases, it might be enough curiosity for you to buy the product just to try it out.

It’s subtle, but it’s powerful. Using data from buyers (that includes you) Amazon can make compelling recommendations.

Is Your Data Safe?

After learning about all of this, you’re likely wondering if you should be worried about how your data is being used. The answer is yes, anytime your information is being used to manipulate your decisions, you should be concerned.

But is there anything you can do to make sure Amazon doesn’t use your data? Yes and no, let me explain.

If you decide to use Amazon, there’s nothing that you can do. As long as you buy things on Amazon, your purchase history will be available to Amazon. The only way you can stop Amazon from using your data is not to use Amazon. You’ll end your data going to Amazon, but on the other hand, you’ll miss out on the convenience of Amazon.

Also, as long as you use any e-commerce platform, your data is being collected. It’s not just Amazon who’s a culprit; I’ll bet money every platform is doing the same.

Now that you know how your information is being manipulated, you can be more aware of how things work. Your data is important, and you should be cautious of how it’s being used.

A Beginner’s Guide to Staying Safe Online

Every week it seems a new security breach is hitting the headlines so we can be forgiven for thinking the online world is a dangerous place.

Earlier this year, Facebook was lambasted for sharing user data with third party apps, while those with Androids were shocked to learn that their mobile was tracking their every move thanks to built-in location tracking tacked onto Maps and Photos.

And then there was the Amazon Echo incident, where customers realized their every interaction was being gathered together to build a case about who they are and their shopping habits.

So yes, we’d be forgiven for thinking the online world is a scary place.

Sure, the internet has impacted our lives in amazing ways, but there is a dark side just like with everything else.

But because we’ve been so eager to dip our toes into the countless benefits that the internet brings (being able to communicate with anyone, anywhere is pretty priceless), we’ve lost some of our personal privacy along the way. It’s kind of an exchange – we let you do this in exchange for this information about yourself.

This isn’t about to stop anytime soon.

We like the freedom to contact someone on the other side of the world with the click of a button. We like being able to next-day-deliver something we’ve coveted for all of five minutes. We like being able to read our favorite news stories without having to shell out for a hard copy.

Handing over our data for online freedom is the price we pay. Everything we do on the web leaves a digital trail that can be swept up and used by corporations and governments.

The problem is in the transparency of it all. Legalese in tiny fonts that are unreadable with the naked eye pull the wool over users’ eyes. We want to sign up to Twitter so we can see what everyone’s saying about the latest celebrity scandal, so we blindly tick the “yes” box without really agreeing to have our data scraped through and sold on for who knows what purpose.

Giving away even the tiniest snippets of data about yourself can leave you at risk from less-than-stellar companies, but there are steps you can take to limit how much data is siphoned from your internet activity.

If you’re not tech savvy and don’t know how to navigate the ins and outs of the World Wide Web, let us help you out.

Encrypt Your Email

Email is not going anywhere anytime soon. In 2017, more than 270 billion emails were sent, a number that’s set to increase to 320 billion by 2020.

We hear all the time about email accounts getting hacked, and this form of online communication has been hailed as the absolute worst for security. This is because a single email message gets passed around several different servers before it reaches its final destination.

You can keep the content of your messages private with encryption. Some email providers already offer this as standard, but for others you might need to download an add-on or a plugin. When it comes to the metadata that accompanies your emails though (the sender, receiver, time stamps etc), there’s nothing you can do as the internet routing system needs this information to do its job.

Hide Your History

We often get sucked into a wormhole on the internet and find ourselves knee deep in cute cat videos when all we wanted was to find a review for the new washing machine we’ve got our eye on.

It’s hard to believe that anyone would be interested in the meandering trail we took to get to the cat videos, but this information can be used by companies to know what sites we visit the most and how we get from one to the other.

This log of sites you visit is known as your “clickstream”, and you can take a look right now at the online journey you’ve taken over the past day by simply clicking “History” and then “Full Browsing History” when your browser is open.

This information isn’t private unless you always browse the web in Incognito mode so the sites don’t retain your Cookies (watch the video below to understand what Cookies are), or to download a free tool that obscures your clickstream.

Video:

Get Savvy with Your Social

It always seems to be social media sites hitting the headlines with privacy concerns (we’re looking at you, Facebook), and that’s because social channels are filled with a bounty of information about their users; from date of birth to restaurants you regularly check into and your closest friends, these sites literally have an incredible low-down on you.

But again, it’s the price we pay to stay in the loop and to share filtered pics with our nearest and dearest.

The best advice here for eliminating any chance of your data being scraped and used elsewhere is to delete all of your social media accounts.

If that seems too drastic, give yourself peace of mind by having your accounts on the highest security settings possible (here’s a great guide to help you do that) and leaving out any identifying information like your date of birth or your home town.

We can’t control what others post on social media (and sometimes they’ll post stuff about us that disappears into the ether), but we can control what we hand over to the grasping hands of big corporations.

Leave Your Location Out of It

There’s something thrilling about checking into a new place, whether we’re humblebragging about visiting the latest high-end restaurant or simply want people to know that we’re Out There Having Fun.

But location data can be incredibly valuable if it falls into the right hands.

Think about it: not only are you providing information about where you are and what you’re doing there, you’re handing over data like what time of day you like to do that activity, and you’re even giving nearby locations the chance to target you with ads while you’re in the vicinity.

The answer here is simple: turn off your location when you don’t need it and avoid using sites that require you to “check in” or need location information.

Other Things You Can Do

Encrypting your email, being elusive with your social media information, and avoiding the lure of “checking in” are good starting points for protecting your online data privacy.

But, taking it further, you can ensure that your password across everything is not something that can easily be guessed. Instead of having a password, go for a passphrase that is made up of multiple words, numbers, and symbols.

And, when it comes to your search engine habits, be ruthless.

Many of the big search engines make a note of your searches and build a profile of you to serve up relevant ads. If you want to avoid this, you need to avoid the big guys and instead use a search engine that doesn’t track your every search term (the oddly-named DuckDuckGo is good for this).

Protecting online data is a big concern for most internet users, but for the tech-phobic it can be truly terrifying, especially if you don’t even know how to start protecting yourself.

Hopefully these tips will point you in the right direction and help you get your privacy back under control, pronto.

The Hidden Danger of Virtual Worlds

On a summer afternoon, a number of Microsoft employees were invited to attend a training seminar.

But, instead of grabbing a pen and heading to the boardroom, they plugged themselves into a set of headphones and fired up Second Life.

This online social “game” was huge for a number of years in the early 00s, mainly because it offered average, everyday citizens an escape from the monotony of real life. Through a digitized landscape, users could create new “lives” that were as hedonistic as they chose.

For Microsoft employees, the pixelated replica of the Microsoft building was the location of their training seminar. But it wasn’t just Microsoft that jumped on the bandwagon – big-name rock stars lined up to perform virtual gigs and real-life travel companies sent correspondents into the melee to report on the latest developments.

For all intents and purposes, Second Life was real life – except you could enjoy it from the comfort of your own home.

The “game” (a term which should be used loosely in this context because, well, there’s actually no way to win at Second Life) was inspired by Snow Crash, the 1992 novel by Neal Stephenson. In the book, citizens navigate around a digital world created and run by independent entrepreneurs – a concept that’s becoming more and more real by the day.

The purpose of Second Life isn’t to gather as many gold coins as possible or figure out a mission set by a wiry old wizard. Instead, it is simply a digital escapist fantasy that allows users to be whoever they want and do whatever they want away from the restrictions of the real world.

While the possibilities were (and still are) endless in Second Life, one phenomenon was quick to surface; that normal people submersing themselves in the game were acting pretty much the same as they would in real life. This made it a fascinating environment to study the social behaviors of people in a pre-built stage.

Sure, stories emerged of people having affairs on Second Life that affected real-world marriages but, for the most part, people used it to escape reality and… do pretty much the same as they were doing in their real lives.

What is the Metaverse?

Let’s backtrack for a minute.

The Metaverse is a term that dates back to Stephenson’s sci-fi novel. It was the name given to the virtual world in which the characters interacted and lived, and it’s now the term being given to a blockchain project that essentially aims to replicate the real world in a digitized format.

In Snow Crash, “players” moved around as Avatars while the central strip – known as “the Street” – could be built on by developers, creating an even more entangled version of reality.

The goal of the Metaverse project is to build an entire universe where digital assets and digital identities are the basis of transactions to create a new kind of ecosystem that has the potential to completely change human society.

Even back in 1992, Stephenson had an insightful eye into what the future might hold for humanity. Today, our lives resemble those of the characters in the book – our work and lives are becoming more and more digitized, with people spending more time online than offline.

The way we communicate has undergone a complete transformation, where we now send clipped messages via the internet rather than having to face talking to real people. Soon, we might see even more transfers – both human and asset based – taking place on the blockchain which will shift the entire economic world.

It can be a hard pill to swallow, but some might argue we’re already halfway there. Enter the New Reality.

With people increasingly living their lives out online, there’s one big elephant in the room that keeps bubbling away below the surface – data privacy.

The Metaverse and its Effect on Data Privacy

In the real world, we don’t have to enter a username and a password to wake up in the morning and, when we pass people on the street, our full names and addresses aren’t typed out in a bubble above our heads.

Online it’s a different story. And, in fact, with the likes of Second Life and social platforms like Twitter and Facebook, users seem to be actively willing to hand over their information to access their feeds.

This raises the question of whether privacy will soon be regarded as an outdated social need or whether it will evolve into something else entirely. At the moment, the rules of the online world are considerably more open and vague than those in the real world, but this might have to change when the Metaverse comes into play.

Why?

Because so far, most virtual reality games and landscapes are built in a “walled garden” format. They run behind corporate firewalls and aren’t interconnected in any way. When you enter one world, you’re essentially caged in and avatars can’t travel between two different digital worlds. In this case, security isn’t necessarily a priority, because data isn’t being transferred from the hands of one corporation to another.

The problem arises when virtual worlds are built on open source software. This means avatars can travel between different virtual landscapes. And, for now, the majority of these platforms are built by developers in their spare time, which means that security is a low priority for them.

Take OpenSimulator, as an example. This software powers over 300 different public worlds and even more private ones, covering an area of 15,000 square kilometers. The software means anyone can set up a virtual world via the Oculus Rift without having to break the bank.

MOSES, one of the worlds built with OpenSimulator, is owned by the US Army, and the problems with security are already doing the rounds. At the moment, it’s difficult to know how to go about addressing data security issues when this new digital landscape is so new (despite its fictional origin in the 90s).

For now, it seems, the Metaverse is an experimental place to dabble in the future of humanity. The fresh excitement of it and the relatively unknown future it holds means security isn’t necessarily a priority for developers.

But soon, when more and more people start venturing into their online lives, we’ll have to sit down and seriously think about what data privacy means in this new landscape, particularly when it comes to things like authentication, content protection, and secure communications.

But, if Second Life is anything to go by, the population of people who are ready and willing to escape reality and immerse themselves in an online parallel universe are more concerned with who they will be there than who will take their information.

How The Government Just Killed Your Online Privacy

You aren’t valuable. Not to online companies. From a financial point of view, you just don’t hold much value to them. The money they make from having you as a user is relatively inconsequential.

It’s shocking to hear this, but it’s a fact of how online businesses operate. And once you understand how they operate you understand your true value in this world.

You see, you as an individual are not valuable…but…the data about you is valuable.

That’s what online companies are after. Whether it’s Facebook, Google, Twitter, or the Internet Service Providers (ISP), they all want data about you.

The more data the better.

They don’t care if your name is Max Jones. They care about your hobbies and interests. They care if you have a wife and kids, and the age and gender of each kid. They care about your education, what you do for a living, and how much money you make. They care about your political beliefs. You get the idea.

Your value isn’t in you as a person but you as a compilation of data.

This is how online companies make money. They compile as much data as possible on all their users to sell to advertisers. When Nike wants to advertise online, Facebook can tell them exactly which of their users are active athletes.

If this economy were a prison then your data would be the carton of cigarettes.

Needless to say, this setup should worry you. Whether you guard your privacy like a hawk or you openly share every detail about your life, it’s disturbing that your value is based on what people know about you.

And it’s about to get worse.

ISP-y on you without your consent

ISPs are, to put it kindly, not well regarded in the consumer world. As a matter of fact, they’re the most hated companies in the country. When you overtake airlines on the hatred scale, you know you’re something special.

The FCC understood the nature of ISP’s so they previously put restrictions on them with regard to your data. The restrictions required ISP’s to explicitly get your consent before they sold your data.

It was a good idea to do this so, of course, it didn’t last long.

Now, thanks to legislation passed in Congress, ISP’s will have an easier time selling your data.  All the previous restrictions that were placed on them have now been lifted.

Yup, the most hated companies can now take your data without your consent and sell it to the highest bidder.

Who says democracy doesn’t work?

ISP’s were able to successfully argue that since Google and Facebook don’t have restrictions on selling data that neither should they. This logic doesn’t hold up well for many reasons.

For starters, Google and Facebook are free services, while ISP’s are already taking a good chunk of your money.

There’s also the slight detail that ISP’s are essentially monopolies.

If you use a website (such as Facebook) and disagree with their privacy rules then you can choose not to use them or to use another website. But that doesn’t work with ISP’s. So you’re stuck with what you’ve got.

They know you don’t have a choice and they’re taking advantage of their monopoly. No wonder they’re so hated.

Privacy advocates are understandably upset about this whole scenario. In addition to data about you personally, ISP’s are also able to sell your browsing history, app usage, and even location information.

Your options are limited.

The one time you want to reduce your value

How ISP’s make money is their concern. Protecting your data is your concern. As it stands now, the battle is between you and them. So what can you do to fight this battle?

Well, we know your value to ISP’s is based on the data you (unwillingly) provide to them. So you can look into ways to kill your value.

If they can’t get your data then they can’t sell your data.

One of the best tricks you can use is to create a Virtual Private Network (VPN). A VPN essentially adds a layer between your computer and the internet, which hides your browsing from ISPs.

Related to VPN technology, you can also use a private browser such as TOR. TOR was created explicitly to prevent unwanted access to your browsing habits.

Search engines are another problem is this world. So many of them track your search history. If you want to use a search engine that doesn’t track you then you should try DuckDuckGo.

As you can see there are many tools available to help you protect your data.

Ultimately you can’t change how ISP’s operate, and you can’t change how your value to them is based on them violating your privacy, but you can change how much data they can access.

You can control your data.

It’s a shame that it we have to take these measures but the government is enabling this system so we need to protect ourselves. Hopefully, with enough outcry, the legislation will go back to putting the restrictions on ISP’s.

After all, why would anyone want the most hated companies in America to sell your data?