Theft of personal data has become so common we are beginning to ignore the headlines, like the latest politician telling lies, or a Hollywood star sleeping in the wrong bedroom.
Of-course the whole world has no choice but to swallow US news feeds every day regardless where they live, but all over the world this grand scale theft has been happening too, even if less well publicized. I only want to point out the sheer breadth of the risk to you and your close family and friends and to beg the obvious questions scarcely anyone seems to be asking.
What on earth are all these businesses doing that justifies them holding our personal data?
What scares me most and hopefully you, is not that they are infringing on human rights and freedoms, not that they are refusing to even communicate without collecting our personal data, not that the scammers are offering to “Enrich” that data with extraordinary levels of personal and financial private data about us for a tiny charge, not even that the personalisation engines have decided who we are and excluded us from the information we want and need in favour of what they believe we want. I’m not even complaining about the interference with the democratic process that has threatened our livelihood in the UK and put all of us on a path to WW3.
What I can’t come to grips with is this: There is no benefit whatsoever from having this personal information for nearly all business, in fact, apart from criminal intent there is really no reason to store it. Not only is it of little value to anyone, the little value that does exist in some of this data for a few businesses, is almost never leveraged and outweighed by risk, certainly next year.
E.G. As an ex marketer who still gets involved a lot with business change and strategy, I frequently sit with top tier CMOs and marketers who, for whatever reason, take your pick, don’t even do meaningful segmentation for the vast majority of direct campaigns. For the sake of brevity let’s just focus on this best known and most widely accepted strategy that, like High school sex, almost nobody is actually doing very well. You would never segment on data of birth, maybe on age group, one to two decades is typical. Location is useful at a country level or occasionally at County level, but rarely. Every marketer will nod to the theory that this type of segmentation increases response up to 15% because they were taught this plausible theory, but can’t prove it. Every salesman (people who have to deliver the goods) will tell you that every time you generalise like this you drive away a lot of people and at best you might gain as many as you lose.
The problem here is twofold:
Marketers have never had to deliver the goods in a way that can be reliably attributed and measured, hence most of the theories are exactly that and the initiatives are ways to get their hands on more budget and grow the team. CXOs who give them this budget are guilty of being fooled by randomness, there is a book of that name and it’s a good read.
I know several publications that have high reputations for selling information to sports gamblers and to the stock market traders that have never beaten pure randomness other than by random variance, but simply know how to fool the already foolish.
I personally would prefer not to have any supplier making assumptions on my behalf based on where I live, my age group or anything else, much less my home address, bank account number, date of birth, social security number and what I dreamed about last night ( you guessed right), but I would allow them age group and county and a few scraps of this nature if it keeps them in a job. If I’m shopping for my daughter’s birthday, then I would of course have to borrow her laptop or she ends up with stuff she wouldn’t like, just as I use a VPN to read the news as it was written and try to get a balanced view.
Back to Privacy, Human rights and Freedom of individuals.
Why does an internet based company that does not even display its physical address and will never deliver anything to my business, nor my home believe it has the right to demand my home address and then store it as it sees fit indefinitely? But more aptly, Why for god’s sake?
Is there really any justification for anybody to store my date of birth, or my social security number?
I’d love to hear your opinion, I know that I struggle to see it.
In fact, in the spirit of a free society and small government that our forefathers were motivated to win our freedoms, there was no place for the state acting as our jailors either, let alone private companies. If you live in a country and pay taxes (everyone who buys stuff pays taxes) and that country provides medical care for example, you should be treated and not questioned. The potential cost of a few aliens getting treated is so minute as to be meaningless and certainly not worth the price of all of us living like prisoners in our own country and being stopped and ID checked.
Just how big is the risk? how bad can things get?
I could write many chapters on the nuisance of having a dumb shopping app decide in advance what you like and hide from you what you are looking for.
I could certainly write about the manufactured news feeds coloured strongly to your country, age group and any preconceptions they may have or have been paid or instructed to have and perverting the course of democracy.
I could chill you with tales of people’s bank accounts emptied by fraudsters, especially older people and I could warn, but you probably would not listen about the prevalence of stealing identities and using them to send mail campaigns and spread nasty material in your name, but all of this pales into insignificance when you consider the risk of allowing implied knowledge about implied knowledge about inaccurate information based on old, wrong, or hacked data to find its way into the hands of police and security professionals.
Let me ask you about your phone. Is it Android? Do you use Google maps? If yes to either, are you aware of what settings you chose for whether Google can collect a trail of geolocation data? The most common scenario is; Yes, I use Google -maps and what settings?
By accessing this data store, which many of your apps can because you didn’t read the conditions and gave them permission to do so, these apps can circumvent the fact that Google supplies the data in (so-called) anonymised form very easily indeed. One simple method is to check where you spend your sleeping hours and look that address up on the electoral roll if UK, Mortgage database in US or many other means. Now it is no longer anonymous. Suppose you spent an hour at a doctors or attended a political meeting, or place of worship, or any one of hundreds of defining addresses on that map, then your stalker, yes that is what he/she is now has personal secrets you might not even be sharing with your closest partner and family. Once they have run a Facebook search ( they can do this with your mobile phone number) they know as much about you as your closest friends do and possibly more, yet as you just admitted, you don’t even know they exist much less what they are doing to you, do you?
Now you may be thinking it’s only Google and the Like playing god with your privacy, but not long ago the UK information Commissioners had to intervene when it emerged that A UK health trust, a public sector body supposedly subservient to it’s citizens was found to be sharing the private and personal medical records of millions of patients with Deep Mind the Alphabet(Google) Owned deep learning company. Yes that’s the one that stalks you all day via your phone as you move around. Worried now?
The same firm (Google) and many others run re-marketing tools. These tools are able to track you as you move around the web because their adverts and banners are allowed by browsers to place cookies on your hard drive. Everywhere you go, their banners will silently record the time and page and the metadata of the page. This way they can stalk you as you as browse the internet and record every page, every product and so forth. Are you beginning to see the picture?
Of course if you live in US the NSA has been doing far worse for a long time including listening to conversations via the microphone on your phone and observing via the camera even when switched off and in the UK (also members of five eyes) we know it is most likely the same, but for now at least, better hidden from citizens. While none of this government interference under the pretext of protecting us form imaginary or manufactured enemies is acceptable or constitutional at least it is government. They are much harder to bring to book, but we know where to find them.
When businesses engage in this behaviour to make money it is flat wrong and beginning with GDPR they will pay hefty prices and find the doors increasingly slammed in their faces as law catches up and people wake up. The saddest part however, is all the businesses that are doing all of this at great expense and earning nothing at all from it.
When you collect information about people, you have a duty to be right, or at least accurate. Any programmer who has written NLP algorithms as I have done knows that the amount of reliable information in words is very small indeed and the knowledge extracted by a reader is a combination of the context in which it is read, faith in and assumptions about the source and what the reader already knows of the subject matter. Hence, making even trivial decisions becomes hazardous. Most subjects are too vague to be exchanged in this way when someone’s life or freedom might be at stake. Yes a number of unimportant assumptions can be made with extraordinary accuracy (well a lot of the time) , but far too many critical or life threatening decisions can be woefully wrong as a result of the tiniest unavoidable error.
A chilling example to consider
Some time ago there was an incident whereby a terrorist attack was expected for some reason we will never know about for certain, quite likely misinformation. A young student with a certain level of suntan carrying his books in a knapsack on his way to University and fitting the description of a “reported potential terrorist” got on a train. An amateur spy (busy-body) sent in a report that brought this student to the attention of an undercover security agency. These men then set out to approach him on the train. Their assumption ( inaccurate information) was that this man was potentially dangerous and up to no good. The young foreign student who had grown up in a violent city saw a group of tough looking men heading towards him and made a move to avoid them. They then lurched towards him, he ran, they filled him with bullets. That boy could just as easily have been my son or yours. He did have a mother.
The above is a rough description of a true story, but the important thing is that we know this could happen tomorrow to our loved ones. Misinformation is lethal in any hands.
Do I need to remind anyone of the IRAQ war that never should have happened and the fallout that is still with us.
What to do now
1. Start by sharing this article with everyone in your organisation who designs ecommerce forms, manages customer databases or in any way influences your strategy for collecting and holding customer data and to everyone you know who cares about their own privacy and all of our freedoms.
2. The next time some blogger says to you that there is value in data, ask him to explain to you in simple terms which data he means and if he answers ask him what value he is referring to. I think that will answer your question if indeed you were ever in doubt. If he does in fact have a salient answer it will very likely involve illegal activity whether he knows it or not.
3. Stop giving your own personal data to people who don’t need it. Just say no, or use a different website, or app, or supplier if there is no option, or buy a cheap old burner.
4. Stop collecting data that you know you will never use at all, let alone for anything useful or legal. Delete all the data you hold that you know you will never use and should not really be holding.
These steps alone might just save you a fortune in servers and power not to mention potential fines up to 4% of your turnover and maybe you will save someone’s life one day.
Some important facts to help you with GDPR
Contact the author