Who’s Got Your Data?
The headlines lately have been filled with the plight of Edward Snowden, along with his disclosures on how the US National Security Administration (NSA) has been gathering, cataloging, and examining all sorts of data about people in the world. It’s not just terrorists, criminals, or anyone suspected of illicit activities, but also many ordinary people that may not feel they should have been subjected to this level of surveillance. Whether you think this was a proper way to disclose this information or not, there’s a separate issue here.
We are producing a tremendous amount of data about ourselves all the time. There are so many ways in which companies can gather data points about us, often with logging activity that we might not find intrusive. Our houses produce logs of electrical activity along with the various types of services we might use (water, trash, etc.). We use cell phones, whose locations and usage are recorded, and we often use on line services for mail, research, entertainment, and more that all produce logs of our activities. Purchases on line are stored, and purchases off line might be stored if you use any type of loyalty card. I can imagine it not being long before any card purchase can be linked to the actual items themselves, regardless of whether you want this to occur.
We can add in any services we use that store data in the cloud, from physical activity to medical information to even your location from status updates. While much of this data is stored separately, and not necessarily aggregated, that might not be the case in the future. The government could potentially request this data, which is unnerving to me, but what is more disconcerting is the idea that businesses might engage in complex deals to share much, or all, of your data without you knowing about it. This could be under the guise of providing better services, which makes sense, but that’s not what concerns me.
What concerns me is the lack of care that so many companies take with our data. It’s lots constantly, and the more data that might be shared between companies, and need to be transformed and loaded into new data warehouses, the more people that will touch this data. And the more developers that will have copies of it on their laptops as they build new applications. It’s scary to think about the lack of control we have, and now many mistakes will be made in the future.
I wish I had a good suggestion on how to improve the situation, but I don’t. However I do think disk encryption, for all machines that touch data, is a good place to start.