Earlier today, The Guardian UK wrote an article on current legislation in the EU parliament pursuing privacy rights on the internet: Data protection in the EU: the certainty of uncertainty
The author noted that lobbyists on behalf of “Big Data” collection are pursuing legislative language that exempts companies from the legislation if the data is “anonymous.” However, the article, using expert testimony from the Computer Science community in addition to the former United States Federal Trade Commissioner all stated that data can easily be decrypted and identify you with as little as four data-points in some instances!
Without summarizing the article’s conclusion that data-anonymity is currently impossible, I want to focus on what this means in the broader sense of new technologies.
Big-Data and anonymity have no business being in the same common sentence, let alone a legislative amendment. Big Data relies on your personal information to draw general conclusions for profit. While your name may not be connected to the data points, it very well could be. The massive volume of data collected every day, stored “anonymously” on servers god-knows-where is a massive security issue, not merely a privacy issue.
Increasingly, massive corporations and government institutions have become the victim of cyber attacks exposing sensitive user information including credit cards and emails. Well known examples of this style of attack include the PS3 Network, Stratfor and even the CIA! In addition to those notable examples, exploits are all the more common on websites thought to be traditionally safe, like Facebook and Twitter. Countless Phishing style attacks expose users to account-takeovers and thus loose sensitive information in the process.
So beyond the current impossibility of encrypting personal data aggregated by companies, we haven’t even seen companies secure and encrypt themselves!
Additionally, services that claim to wipe data for anonymity are equally flawed in their claims. Cellphone wipes are the most common. And despite software used to “wipe the hard drive clean,” forensic analysts have been able to extract everything from photographs to credit card data!
Ultimately, as the saying goes: if there is a will, there is a way.
If a user, or even scarier, a government entity or corporation wants to obtain your information, they can and will.
If the EU and other legislative entities want to protect user-privacy they will not allow “anonymous” exemptions. All data-collection is prone to exploit. All technology is prone to exploit. The concern with massive data-mines is that they are a hackers holy grail. Government should be doing everything it can to regulate companies to become compliant with not only privacy laws but the security of its consumers and internet users.
In the end, when I click “tell companies I don’t want to be tracked” on my Mac OS X Firefox browser, I MEAN IT. It’s time for regulators to MEAN IT too and stop this willful ignorance of the facts.