In this part one of a two-part article on data privacy and our security, learn just how un-private our private lives may be.
Edward Snowden is a household name thanks to his allegations about NSA and spying on U.S. citizens. Exactly how deep this spying goes is unknown – well, it is known to some at NSA but they aren’t talking – but in reality, we voluntarily give up our privacy all the time. Virtually every day we send signals about websites we visit and even where we are located using our phones, tablets, and computers. It is most common, for example, that if you use a smartphone or tablet, your location is known each time you open an application.
Presumably we accept this lack of privacy as a condition of convenience. For example, each time we access a website it is known where we came from and how we got there. But most of the time, conveying such information is really voluntary in that we have a choice but don’t exercise discretion. A simple example is when you download a new app. They ask if location services can be activated and most times we say yes without really thinking about it.
The internet is awesome about allowing us to have so much data virtually at our fingertips but for those who are concerned about outside access, it really depends on what prompts the concern. For example, are you worried about NSA or law enforcement uncovering some sinister illegal act? How about hackers who might want to access your credit card or other information? What about an employer finding out that you are seeking employment elsewhere? Or are you concerned about a spouse learning about an affair? Also, there are more than a few parents concerned about the activities of their teenagers. In the end, everyone has their own desires for a certain amount of privacy but clearly the amount of privacy varies among all of us. For me, my ‘affair’ is with a competitor hotel brand or airline, and for this, there may be times when I want one brand to see I’m staying somewhere else and to ask why.
Some data is easily accessible. For example, Google searches are stored on the server, not secure at all. There are a few other locations where data can be accessed. The first is while in use on your device and the second is during transmission, such as an email or text message. There is also “the cloud,” a generic term for anything that is stored off-device but accessible via internet connection usually through a password. Some of these storage systems are better protected than others.
And sometimes we just make it too easy for others. I am thinking about the very loud person on their cellphone at the airport, often in a lounge. They just have to broadcast how they are working on a big business deal with all the details. One time this backfired. I could not avoid listening as one very vocal passenger described how he was bidding on a certain contract. I learned about his methodology and his actual bid. Unknown to him, I was working for a competitor. Bad move on his part. When I worked at Deloitte, screen protectors were issued for our laptops and mandatory classes instructed us never to talk about a client in public places such as at a restaurant or on an airplane since you never know who may be listening. We also had encrypted thumb drives.
Thanks to PC World Magazine, we have a trilogy of articles that examines these security issues. Their first article by Lucian Constantin looks at encryption, something valuable to everyone but understood by few. This is a good reminder to review a company’s privacy policies to see the level of your data protection. For example, at Smart Women Travelers we do not store any credit card data. Once a transaction is complete, all credit card information is removed. While we realize this is an irritant for some returning customers, we believe protection of credit card information outweighs these concerns. Some companies, on the other hand, allow you to create a password to their sites where such information remains. Is this information secure? Maybe … maybe not.
Will more encryption really work to protect data? In this second article, Zach Miners offers a distinction between metadata and hard information. Metadata, which is nothing more than tracking patterns – who you called, who called you, websites visited – is comparatively harmless in most cases. This reveals nothing about actual phone conversations or website visits beyond you accessing a particular site. The article acknowledges there are ways to increase encryption but as they say, sometimes it is cost prohibitive. One thing is pretty clear: If NSA wants to gather information about someone, they will have a way to do it.
The third article is the scariest of all, bringing home in detail just how much information an eavesdropper can learn about you. Setting up in a local coffee shop, writer Eric Geier wanted to see just how much he could learn from other patrons about their internet access. Since this is an unsecured location, it should not be surprising that quite a bit of information can be transferred to others. This includes not only passwords but access to some of your accounts. We also learn that some websites that begin with a secure login become unsecured once we are on the site and begin navigating within their pages.
So what can you do to maximize your privacy? Whether you are traveling or at home, here are a few tips:
- If you have a VPN (Virtual Private Network), use it. This is an extra layer of security that adds to hacker headaches. Lifehacker wrote an article to help you choose the best VPN for your needs.
- Only visit websites that use SSL (secure sockets layer). They are easy to see with their https secure lock.
- If you must use a phone, keep conversations quiet even if it means moving to a more secure area. You never know who might overhear. Just putting your hand over your mouth isn’t good enough.
- Longer passwords are always better than short passwords.
- Make all your passwords more complex. This means a mixture of caps and lowercase letters, numbers, and symbols. And don’t attach sticky notes to your laptop with written passwords!
- Do not post of Facebook or anywhere else that you will be traveling out of town. Remind your children to do the same. Set your Facebook settings so that only your friends see your posts and not the public.
In part two, I’ll share an interview with a security pro where I admit to a major credit card faux pas that you may be committing also! You’ll learn which states in the U.S. have the highest number of complaints of identify theft (unfortunately the state I live in ranks #1). So stay tuned for Part two and in the meantime, be safe out there!Photo courtesy of Ed Yourdon.