A word on your privacy

Following a couple of coversations I’ve had over the couple of days, the first with a friend who’s uni email system will happy expose what classes she would be in at any any given time, and the second with a housemate who’s work email system has crashed due to sheer volume of emails overloading its hard drive (ideally an email server should be set up to warn of limits coming near, but still.  Email is tricky to set up).  I digress.

The first friend said she was “getting worried” by what I told her about what could be found out about her online, the workplace at which the email server crashed doesn’t use Google Applications because the system administrator doesn’t like the idea that Google have control over what people privately to each other.  This post is why you shouldn’t worry as much as the likes of the online media might have you think.

What’ve you got to hide anyway?

The first question in all of this is above, what do you have to hide anyway?  I don’t mean this as a kind of “What are you? A criminal?” way, more as a catalyst to actually make you think it over.  Yeah Facebook knows what you think of your boss, do they care?  Google or Microsoft can possibly read you email, do you write anything worth reading?  Your doctors surgery knows what illnesses you have, other than wanting to keep them quiet for your own personal reasons of vanity, does it actually matter? No. It doesn’t.

It’s the modern way

Contrary to what it seems, this isn’t about the increasing storage of personal information in the modern world.  Whilst the amount computers the world over know about you has increased dramatically in recent years, it has been the case, even before computers, that many people will have access to your data as part of the course of their jobs.  In the 1950s, your doctor’s surgery would have all of your medical data stored on paper in their office, where a secretary, receptionist, administrator, nurse, doctor or casual burglar could read it.  The access to info was more easily obtained, and less trivial.  What’s changed in the modern world is that information stored is on a wider span of things, but in fact for getting on towards a century, the really sensitive data about you has been stored where some people could see it.

Halt! Who goes there?

In this modern age of databases and huge HDD banks storing all your data, it’s surely a bad thing that so many people can potentially see your data, yeah?  Well no.  Let’s go back to the doctor’s surgery of the 50s for a second, and have a look at the differences again.  Then, upon fetching your records (on paper), whoever had them had access to all the information the the practice had about you (which at a doctors would be quite extensive).  Now, when you go to make an appointment, you give you name, maybe some other identifying info, and make an appointment, the admin staff can instantly see your past and future appointments, repeat prescriptions and address info, maybe even hospital appointments and so forth, they can’t access doctor’s notes and medical records (on the ideally set-up systems at least) and they have less access than they did in 1950.  Whilst this is not always the case, sometimes they will have full access, you see that computerisation has created the equivalent of a piece of paper that checks ID before being read.  A stolen record, if encrypted, is nigh on useless.

Distributed storage

Assuming you didn’t like my “who cares anyway?” argument, and well you may not, purely on principle if nothing else, have a think about how information could be misused.  The nightmare scenario, as shown in films like Hackers and The Net is to have hackers alter your data to somehow change your life.  Maybe your credit rating would be dropped, or your existence changed entirely.  But let’s actually think about this for a second:

Nowadays, all of your data is stored many times over on the computer systems of many different organisations and individuals.  If a deviant hacker changed something, then they would have to change it in many locations.  Imagine that your credit records agency security was comprimised and your credit rating altered.  Putting aside why anyone would bother targeting you, what could you do to correct this?  Well…

In order to change your credit rating negatively, the hacker in this case would have to add bad debts, unpaid arrears and so on to your credit record.  (Contrary to what people seem to believe, your credit rating isn’t just a number, it’s a record of events)

Once you have bad debts against your name, your tenure with lenders will fall, but you’ll notice this won’t you?

A bad debt in actual existence would involve records on the computers of a lending company, a credit agency and a bank.  So once you’ve noticed your credit is low, you can ask to see your credit report, in the UK you can do this for £2 at a bank.  Having found fraudulent entries, you can ask the agency to remove them, and having not found any records to confirm them with a lender, or a bank, your record will be corrected.  It’s a pain, but it’s cost you £2 and an hour of time.

The duplicity of the records, their ability to confirm or deny each other, sets up a system that can correct itself.  Admittedly it needs a bit of paperwork done to do this, but because the records support each other, the system can easily recover from a single hack.

In case you’re wondering whether the hacker could just alter all records concerning that, no, not really.  Hacking anything takes a while, hacking both a credit agency and a lender takes two whiles, and hacking a bank generally takes your freedom.  Banks have some of the most monitored networks in the world.  Yes, I know people have hacked them in the past, but what the news generally fails to mention is that they were almost always caught, and that people hack banks to steal from them, not to create false transaction records.

So there you go, Facebook knows everything about your social life, and Google everything about your business life, Google Latitude knows everything about your mobile and your bank knows where you are.  All-in-all it doesn’t matter, because people’s locations make for pretty dull reading.

Your biggest weapon against computer security breach is your lack of interesting phenomena.

Related posts:

1. A word on online personas
2. Another word on FSCKVPS
3. Shock! Horror! I’m in favour of ID cards…sorta.