What are your internet privacy rights, and how can you ensure data privacy?
In light of Data Privacy Day yesterday, we thought it fitting to touch base with our CEO, Jens Wagner, to discuss how you can protect yourself online. Jens is passionate about technology and online privacy. In fact, he is considered a foremost expert in domain industry technology and internet systems and is an advocate for data privacy.
Most people don't think twice about protecting their privacy in their daily lives. We ensure our doors are locked, our home security systems are on, and our security cameras and lights are always on. With new technology popping up on a daily basis, it's important to think about your online privacy with the same level of awareness. Learn how in my Q&A with Jens.
Ana: What is online privacy?
Jens: Online privacy is the protection of your personal data. Personal data can include contact information, e-mail addresses, birth date, gender, and more. It is also the protection of your online activities such as your browsing history or your chat messages. Finally, it refers to the protection of information relating to online assets, such as crypto-currency wallets.
A: Why should the general public be concerned about their online information?
J: Your data has a value, and there is an ongoing fight over the ownership of that data. We should be the owners of our own data. However, those who should be considered the real owners of their data are not taking part in the fight. The general public doesn't realize how valuable their data really is, and how much it can affect them (for example, job applications, healthcare, shopping for insurance).
A: Who is entitled to online privacy?
J: Both individuals and organizations are entitled to online privacy. Individuals need to protect their personal data, while organizations need to protect their company data, such as corporate inventions and HR information. Organizations are also responsible for protecting their customers' data.
A: Who "owns" your digital privacy?
J: The questions you should be asking are: "Who owns data about you, and who protects your digital privacy?". Individuals should "own" their own data. Think about the concept of copyrights and licenses. You hold the copyright referring to your own personal data. Other parties need explicit licenses from you to use and process this data.
A: Can you specify the various levels of privacy violation?
J: For sure. I'll take you through what I consider low to criminal levels of privacy violation:
LOW: The tracking of user activity. Some examples include Facebook's "like" button, Google's tracking, and content linked from external content delivery networks (CDNs) and online advertisers.
MEDIUM: The analysis of private user posts or e-mails by the respective chat service or e-mail provider. Traffic analysis by the internet service provider also fits within this level.
HIGH: Sharing, forwarding or selling personal or private data to third parties. For example, Facebook providing information about private posts to advertisers, or Uber providing tracking information to divorce lawyers.
CRIMINAL: The creation of products with backdoor and selling those to governments and corporations, or providing third parties access to the data gathered. Backdoor is a term that refers to hidden access to a system. For example, you buy a webcam where you need to set up a password to access the stream. If it is backdoored, others (such as employees of the vendor) can also use your webcam, and watch its streams.
All companies are forced to keep their systems safe and close security issues as soon as they become known. If a vendor provides bugfixes (for example, firmware updates), a customer might be forced to install them, which can waste time and resources. While the vendors don't introduce such bugs on purpose, it is still the vendors' fault. By the time a vendor sells a backdoored product to a customer, they know that their product is risky and faulty and that it will cause hidden costs to the customer.
Backdoors are generally the biggest security risk. For example, a backdoored firewall can be used to access all devices in a network that is generally considered safe. There have been companies that vanish completely because they got hacked and never recovered.
A: Are you able to provide us with some real-world scenarios where an individual should be concerned about their privacy?
J: There's many, but here are a few possible scenarios:
- You take to the internet to search for medical information. This data is then instantly sent to your insurance company, where they become aware of your searches.
- You wear a fitness tracker throughout the day, and you hit a very high heartbeat at midnight. Your fitness tracker then reports this information to a vendor for possible target marketing or other purposes. The fitness tracker can also sell that information to an insurance company, or your employer (for example, the employee requested a sick day off, but the tracker confirms they are playing football). Recently, fitness app Strava came under heat for releasing secret US army bases from soldiers that used the app for exercise, according to The Guardian.
- When you are in a legal proceeding against a big corporation, the protection of your personal data becomes necessary.
A: What is end-to-end encryption, and why should we pay attention to it?
J: Messages sent using end-to-end encryption are only visible by two parties, the sender, and the recipient. If you want to ensure full confidentiality between the sender and recipient, you need to ensure that your messaging platforms use end-to-end encryption. Once anybody else is able to decipher the message, it's no longer end-to-end. If you don't know if your messages are private or not, I recommend you pay attention to this topic and ask yourself how you feel about your messages being accessed by someone other than the intended recipient.
A: What are your top three tips for people to better protect themselves online?
J: Great question, the following is definitely a good place to start:
- LEARN: There is no better weapon to protect your privacy than understanding the concepts behind it.
- THINK: How does a service you use make money? Do they sell your private data? If they don't charge you, you might be their product, not their customer. Ask yourself it the product or service your receive is worth sharing your data for.
- ACT: Default software and settings are usually not optimized for your privacy. Take action and get ahead of the problem!
A: Do you have any final comments or input in terms of protecting oneself online?
J: Similar to my answer above, keep in mind that for the most part, nobody gets paid to protect your privacy. However, many will get paid for your data. Be careful who you trust, question incentives and business models, and be a smart, well informed online citizen.