How private is personal data?

When it comes to personal data, storage raises a different kind of challenge. Increasingly, and because of the way the Internet works, our personal information is being collected, processed and held by companies based in many countries. But the laws governing how our data are handled in different countries aren't the same, and knowing who can and can't access that information becomes very confusing. Timandra Harkness is a journalist specialising in big data, she starts by explaining the extent of the problem with personal data to Chris Smith.

Timandra - Well I think I'm going to refer back to what Sue Daley said "it's not just about the volume of data, it's actually about the fact you can link different things together", and I think this a large part of the problem that companies, or any kind of organisation.  It could be charities, it could be government agency who want to know stuff about us as individuals, have access to a lot of different sources of data about us.  So, they can put together something that we've voluntarily given them.  We might have registered on their site or ordered something online.  They can put that together with maybe our social media posts or information they've got from our credit card records, perhaps.  It's very hard to say how much any individual company or organisation will know about you.

Chris - What about the issues that worries some people though, which is, they give this data to a company.  If you give a company in the U.K. something, then you know that they are bound by U.K. legislation but people are finding that they give data to a company, an online presence, but because they are based in another country they find they are actually subject to the laws of that country, not our own country.

Timandra - Well that is true and obviously, a lot of companies that we routinely use, maybe as our web providers, or to do web searches, are actually based in America or elsewhere and so we don't even know what laws they are bound by, but I would say the problem starts a bit further back. I mean, how many of us actually read the conditions before we hand over our data.  We tend to be rather blindly trusting.

Chris - Stay there we'll come back to you in just a second.  But let's put what you were saying to the test and find out how easy it is for information held by companies and other organisations to fall into the wrong hands. Rosalind Davies went to an interactive art exhibition showcasing this called "Data Shadow".

Rosalind - I'm outside a blue shipping container in the middle of Cambridge as part of the Festival of Ideas.  It's an art installation by Mark Farid who joins me now to explain what it's all about.

Mark -   So it's essentially about data privacy, but for me, the lack of ownership you have over your own data.

Rosalind - Can you explain the process.  What are you actually doing her?

Mark -   You join our Wifi, and then a captive portal pops up which asks you to enter your iCloud details to verify that you are the owner of the phone and at that point we take all your information from your mobile phone.

Rosalind - What's different to this than using a normal wifi hotspot?

Mark - Essentially nothing.  This is a normal wifi hotspot.  We've just rigged it so that we can do this but the piece of equipment we've rigged it with cost £100 off the internet that anyone can buy.

Rosalind - What you're doing here today, accessing the data, could be done by anybody if they wanted to?

Mark - Completely so.  So if you've ever joined free public wifi before, the equipment that we're using tricks your phone into believing we are one of those wifis, automatically connects to it, at that point we can be tracking what you're doing in real time on your phone.

Rosalind - That sounds quite scary.  Can we go inside?  Can I give it a go?

Mark -   Of course you can.

Rosalind - I'm entering a completely black room.  Mine's not working so we'll go through the same process but with Mark's data.

Mark - So I will log in using my information.

Rosalind -   We've connected Mark's phone up to the data shadow and I'm walking through another door into a white room this time.  Okay, so I'm in the middle of the room and on one wall in front of me is a picture of somebody in boxer shorts.  Behind me is text.  Mark, where have these letters come from?

Mark - Those letters are a thousand characters of my most recent text message or messages, and then on the right hand side you'll see that we've taken 64 images off my mobile phone that were first sent by text message, then what's app and then generic pictures on the phone.

Rosalind - When you first did this, were you surprised by what you saw?

Mark - Yes.  There were lots of photos of ex-girlfriends that I thought I'd deleted.  People saw a lot of explicit photos of myself.

Rosalind -   What happens next?  Do I get to leave?

Mark - So you exit through this door.

Rosalind - And that was the door shutting behind us and deleting all the data that they've collected.

Chris - Was it the girlfriends he deleted or was it the data?

Connie - Maybe it was both. Or he thought he had at least.  So it seems anyone with the right technology could access a lot of personal information.  Timondra, is there anything we can do to keep our data private?

Timandra - Well, there's quite a lot we can do technologically.  I'm not a tech expert but I do keep an eye on this.  Edward Snowden oddly has just given an interview to the Intercept making some specific suggestions and they are things like, you can use Tor as a browser which makes it much harder to track where you are going and what you are looking at. You can encrypt everything on your phone and your laptop, you can encrypt your messages end to end.  There are apps you can use for that but he also has some more general advice, which I would echo, which is be a bit selective about what you share with whom.  "You can segment your life" is his phrase.  You don't have to tell everybody everything. Why would you enter your iCloud details to some pop up box for a wifi.  Why would anybody do that.

Connie - I guess you're right, but you know when you just really want some free internet, you know it's not sensible but it's hard not to do it, isn't it.  Are there any options being developed, maybe commercially or politically that could help us manage our personal data differently in the future, other than the things we can do personally?

Timandra -   Well I think that's the key.  There are some people saying "look we need a whole different model for this."  We need to think that our data is ours to control and if we want to trust somebody with it that should be an act of trust.  You know, I will trust you with this but not necessarily with that, and there are things like Block Chain, the technology that underlies Bit Coin.  That is quite good for this because you can encrypt things and then select who you are going to share your keys with.  There's a company called Midex who are developing a whole new model of data storage, which would be very secure and you can give, again, very specific consent to people to use certain parts of your data for certain purposes.  But the other side is that we do need to think differently about it.  Politically we need to actually value privacy and say "never mind nothing to hide, nothing to fear".  I would say  "if you haven't got anything to have, you haven't really lived". You don't have to be doing anything illegal or harmful to anybody else to think privacy is really important.  You can't have a free society without privacy.

Connie - So after doing all this research, have you done anything differently yourself?

Timandra - I am actually doing certain things differently.  A lot of stuff I'm leaving for now because it's quite interesting to just be conscious of what's happening as I write the book.  So, for example, I went and looked at a website of a company that all our political parties use to keep track of their contacts and, you know, keep an eye on what they should be using to try and campaign to you.  So, I looked at this companies website and, for the next three weeks, their tweet appeared at the top of my twitter feed, and I haven't registered with them, I haven't given them any information consciously, but there they are. I'm definitely doing things like, I'm not downloading apps that want to know my location details on my phone.  Why do they need to know where I've been.  I'm definitely more selective about registering and letting people share my data.

Chris - I've got a tweet here from Ed Wilson, Timandra, and he says @ Naked Scientists "surely the triumph of big data is how many times you get adverts, the very thing you have just bought on line."  But it reminds me of something which is that I have now begun to foil so many birthday surprises because I share an internet connection with my wife and my other members of my family.  So, I know what I've got for Christmas or for my birthday because up come all these adverts for these things and I think, well I haven't been looking at that.  Why is this suddenly appearing on my computer.

Timandra - Well you definitely need to be using some anonymous browsing technique then, like Tor and probably turning off adverts.  In fact, that's another thing Edward Snowdon recommends is using add blockers. But this is exactly it, I think big data tries to aggravate everything, put everything together.  Actually in real life, we don't want to put everything together.  That's exactly it, you don't want to know everything you family's thinking.

Chris - I certainly don't, but for more reasons than just a birthday.