We have always had data sharing. On paper for sure, stuffed in drawers and filing cabinets, and difficult to collate and distribute. The digital era has changed all that.
People seem to have an insane desire to share the minutiae of their lives on Facebook and the like, giving details of their private and personal information. Taken with all the other personal data retained by the businesses with whom we interact, data requested by the websites we visit, and Government and its agencies, ID theft is no rampant.
As a result, there are now laws concerning collecting, retaining, and processing personal data, principally from the EU and California in the US (GDPR and CCPA).
Another area in the same broad area is Digital Rights Management, in essence, applying copyright law to digitally stored media such as literature, music, and video.
IT Security needs to take heed of them.
Data Sharing and the associated Big Data databases created by data collection and attracting the interest of many people, ranging from marketers who want to use it to focus their marketing campaign to privacy advocates who want severe limitations on the use of data sharing. There are regular reports of abuse by individuals and corporations.
IT Security, therefore has several areas of concern, including:
- Reducing your Digital Footprint;
- Compliance with legislation;
- Prevention of theft of personal information as an individual and as a corporate entity;
- Misuse of Big Data.
Reducing your Digital Footprint
Anyone who uses the Internet has a digital footprint. You leave traces behind you as you surf websites, send and receive an e-mail, and use Social Media.
As an example, search for yourself on Google. You will be shocked by the amount of data on you that comes up.
How to reduce your footprint:
Avoid Google and Bing. Use a browser like Firefox that does not track your web surfing activity. One point to note is that Google is not your friend. Many sites use Google and Bing to gather statistics about your surfing behavior. Both offer a website developer add-on code that provides Google with details of your website usage. It will also populate webpages with ads focused on your interests. Google Ads also records where you have been, how long you stayed on a particular website, and what you bought from e-commerce websites.
Manage cookies, particularly tracking cookies. Some websites install tracking cookies on your device. Trackers follow you around the web to collect information about your interests and browsing habits. You must switch off tracking cookies. Most browsers allow you to switch them off in your browser. Periodically clear your cookie cache.
There are other steps you can take. Firefox, for example, has extensions that delete tracking cookies and block cookies and pop-up pages. Tools like Spybot will remove cookies from all your browser stores.
Be very wary of providing personal data to websites. If you are only browsing around and it’s not strictly necessary, use a false ID and information. Some sites try to get around this by asking for an e-mail address. Have a throwaway e-mail account on Gmail or outlook for this purpose.
For corporates, it’s a different story. Both regulations set out clearly what can and cannot be done with data. Many will need to review and change their data collection, processing, and retention processes.
The main impact for IT professionals is in the tightening up of data security. The threats of ID theft and stealing Intellectual property are very real. Continual monitoring of data traffic for early warnings of hijacking or steal attacks, including DDoS is vital.
Continual user education in protecting corporate data and avoiding threats, including phishing, is vital.
It can be quite simple to correlate or cross-reference two datasets to infer or identify exact individuals. Even anonymized databases can be linked and analyzed to infer or detect individual information. Allegations that data sharing analysis was used in the 2016 UK EU referendum to identify individual voters and their voting intentions won’t go away.
A second Data Sharing problem is the creation of Deep Fakes, a fully synthetic persona, including images, videos, and background information collected by Data sharing. A Deep Fake looks at first sight to be a real person, including artificially generated features, but it is found to be false on further investigation.
Both tools were allegedly used to generate momentum for a particular political view in the 2016 US Presidential election and the UK referendum on EU membership. Autobots and Deep Fakes spread high volumes of fake news and made comments on Social Media.