Governments, consumers dangerously exposed as data becomes new currency

People are giving away large amounts of personal information in order to use free apps

Would you sign on to a Wi-Fi service that promised to maliciously steal your data?

That’s what dozens of people at an Ottawa communications conference unwittingly agreed to this week when they signed a free Wi-Fi waiver, with the alarming clause inserted to emphasize the importance of consciously reviewing terms of service.

It was a playful but poignant reminder of the need for heightened vigilance online, as corporations and criminals alike look for increasingly intrusive ways to feed their insatiable appetite for data.

Related: Final count is that 8,000 Canadians, 145.5 million Americans affected by Equifax breach

But there are harsher ways to learn about the importance of cybersecurity.

Richard, a Toronto-based entrepreneur, is one of the thousands of Canadians whose social insurance numbers, birthdates and other critical information was stolen in the massive Equifax Inc. data breach announced this fall.

The news has already had resounding effects on his life and could have implications for many years to come.

“Someone could assume me entirely, duplicate me basically,” he said, now worried enough not to want to share his last name. “I can’t concentrate on my work, because I’m thinking, oh my God, what’s going to happen?”

Cybersecurity experts fear the sheer scale and pace of change in the information economy has caught governments flat-footed and left citizens vulnerable, requiring increased vigilance from individuals when signing up for services and sharing online.

Compounding the problem is that many of us willingly hand over our information every time we download an app or use social media. There’s even a caveat emptor for the times: “If you’re not paying for the product, then you are the product.”

Too many people agree to the terms of use without understanding the consequences, said Paul-Olivier Dehaye, a data privacy advocate.

“It’s very hard, it’s very opaque, to know what’s going to be done with the data, how it will impact them.”

The Swiss mathematician said even though consumers can be nonchalant when signing up, many are stricken with a sense of alarm when they are confronted with the reams of data collected on them, or when they’re shown some of its uses, like manipulating online prices based on personal profiles.

Related: RIMS Canada Conference 2017: Full CITB coverage

Earlier this year, Dehaye helped a woman retrieve 800 pages of data that dating app Tinder had amassed on her, including the age-rank of men she was interested in, her physical location while using the app, and every personal conversation with potential dates.

Facebook is particularly adept at building deep user profiles, pooling data like job titles, the type of phone users have, favourite hobbies, buying behaviour, and relationship status into precise customer profiles for advertisers to target. Users can get a sense of what Facebook has collected by navigating to the ad preferences section of the site.

The push for data goes beyond advertisers though, with insurance companies making some of the boldest pushes into having people willingly give up personal information.

Manulife Financial Corp. recently launched a program in Canada to track the heartbeats of users and other health statistics through an Apple watch in exchange for discounted rates on life insurance. Similarly, both Desjardins and TD Insurance have launched smartphone apps to track detailed driving habits, including speed and stopping behaviour, for a discount on car insurance.

However, people should be vigilant whenever they are asked for their data, as governments have been slow to update Canadian privacy laws, said Kris Klein, a lawyer with nNovation LLP.

“There has always been a responsibility on the end user to take certain steps to make sure private information remains private.”

Klein said Canada’s efforts to protect personal information lag those of the European Union and the U.S. The EU has approved sweeping changes to data protection laws that are set to take effect next year and include the “right to be forgotten” and require “clear and affirmative consent.”

In the U.S., nearly every state has entrenched data breach disclosure laws and federal regulators can impose harsher penalties, including fines, on negligent companies.

He pointed to the example of the now infamous hack at Canadian affair-seeking website Ashley Madison, which was forced to pay US$1.6 million to settle with the U.S. Federal Trade Commission. Canada’s privacy watchdog merely urged it to comply with a list of recommendations.

From the archives: How hackers hack

How hackers hack

“Data protection in the United States is taken a fair amount more seriously than it is in Canada, because there’s a great big stick that’s going to hit you where it really counts.”

But the implications of data collection go well beyond targeted ads or embarrassing details getting leaked.

Dehaye points out that societal implications of enforcing stringent data protection go far beyond an individual’s right to privacy. It is becoming increasingly clear that Russia used Facebook, Twitter and Google to meddle in last year’s U.S. presidential election, and governments are relying more heavily on big data for policy decisions.

“More and more systems that govern society will be algorithmic, will be built on data,” he said. “We have to maintain some control over the whole data system in order to have a fair society in the long term.”

 

Copyright © 2017 Transcontinental Media G.P.
Transcontinental Media G.P.