Sunday, March 18, 2012

How Personal is Your Personal Information?


“Using software to monitor the transmission of data from a Google Android mobile phone onto which a range of basic apps had been downloaded – The Sunday Times (4th March 2012) discovered that private information – including telephone numbers, email addresses and even the phones location had been sent to companies in China, India, Israel and the United States,” (p.9).
Now I’m not an ‘app’ person, but I’m becoming more and more aware of people trying to access my personal information, which they don’t need to have. It makes me very suspicious of what is going on behind the scenes and where this might lead in the future. There are already too many reports of identity theft, which can destroy the lives of the ‘real people.’

Of course, in some cases we must blame ourselves, as according to a poll by YouGov, 70% of people do not read the terms and conditions before agreeing to them. But then some of these terms and conditions make ‘War and Peace’ look like a short read and where the language they use ranks in the category of ‘bullshit baffles brains.’ So I imagine the majority of these 70%, naively trust the service provider, thinking ‘what’s the worst that could happen’ – which is great, until the worst does happen.   
Another part of the problem is that the people developing apps in many cases are simply focusing on the ‘app’ and the fortune they hope to make from it – rather than the detail behind their service. As one app owner said “since we are still beginners in the app development business, we might have been a bit naïve and didn’t even think about such things. We will contact the company trawling this information from our customers and ask what the reasons are behind getting such information about users through us.” 
Of course, asking and stopping are two different things and I’d feel a little happier if the immediate response to these allegations were to prohibit the ‘theft’ of one’s personal information.
What about Google’s new, all en-compassing privacy policy, where the search engine has now combined all the information it holds on users, gathered from its Gmail and YouTube services.

Google, which receives most of its $38 billion annual revenue from advertising, says this will help to ‘personalise the experience’ of users, allowing search results and accompanying adverts to be tailored to their individual habits. Users cannot opt out, although there are ways to minimise the amount of information Google can access.
Privacy campaigners have however branded the move ‘creepy’ and the European commission has questioned its legality.

And it doesn’t end there – “last month the scope for fraud from the use of personal data was highlighted when US officials revealed how Indian call centre staff had posed as ‘phantom debt’ collectors to swindle millions of dollars out of more than 10,000 Americans,” (Mahmood, M and Ungoed-Thomas, J; 2012; p13). “Officials think more than 20 million calls have been made over the last two years with collectors using aggressive and language to demand payments for debts that did not exist. The total cost of this one fraud has been estimated at £3.2 million.”
As Mazher Mahmood and Jon Ungoed-Thomas mention “the Indian authorities and British firms who take advantage of the low wages paid to call centre staff have sought to play down the threat of security breaches. When details of 1,000 British consumers were sold to newspapers by an IT worker last year, the Indian government – anxious to preserve the reputation of an industry worth an estimated £3.7 billion a year –described it as a freak accident,” (p.13).

Senior officials in India said “as far as we are concerned, officially the position is that there is no problem of people here selling stolen personal information- simply because none of the banks or other large companies pursue complaints against criminals stealing the data.”
Yet for a small sum of money the Sunday Times reporters were able to get hold of 45 different types of data of customers having Mastercards or Visa cards with banks using Indian call centres including; first name, last name, address, account, city, postcode, alternate number – that can be a mobile number, office number, date of birth, bank name, name on card, card type, card number, start date, sort code and CCV (card code verification) number.

So will we ever really know what’s happening with our personal data, if we don’t have the technology to check for ourselves? We are having to put our trust and ‘data’ in the hands of people, who clearly don’t earn or deserve that trust, assuming that nothing bad will happen to us (which, naively, is a bit like a smoker assuming that cancer is just something that happens to someone else).
References

Henry, R. and Newlands, P. (2012). In a flash, your details are on a server in Israel. Sunday Times, 4th March 2012, p.9.
Mahmood, M and Ungoed-Thomas, J. (2012) Tuppence a fact: the starting price for your stolen life. Sunday Times, 18th March 2012, p.12-13.

No comments:

Post a Comment