When it comes to personal data, storage raises a different kind of challenge. Increasingly, and because of the way the Internet works, our personal information is being collected, processed and held by companies based in many countries. But the laws governing how our data are handled in different countries arenít the same, and knowing who can and canít access that information becomes very confusing. Timandra Harkness is a journalist specialising in big data, she starts by explaining the extent of the problem with personal data to Chris Smith.
Timandra - Well I think Iím going to refer back to what Sue Daley said ďitís not just about the volume of data, itís actually about the fact you can link different things togetherĒ, and I think this a large part of the problem that companies, or any kind of organisation. It could be charities, it could be government agency who want to know stuff about us as individuals, have access to a lot of different sources of data about us. So, they can put together something that weíve voluntarily given them. We might have registered on their site or ordered something online. They can put that together with maybe our social media posts or information theyíve got from our credit card records, perhaps. Itís very hard to say how much any individual company or organisation will know about you.
Chris - What about the issues that worries some people though, which is, they give this data to a company. If you give a company in the U.K. something, then you know that they are bound by U.K. legislation but people are finding that they give data to a company, an online presence, but because they are based in another country they find they are actually subject to the laws of that country, not our own country.
Timandra - Well that is true and obviously, a lot of companies that we routinely use, maybe as our web providers, or to do web searches, are actually based in America or elsewhere and so we donít even know what laws they are bound by, but I would say the problem starts a bit further back. I mean, how many of us actually read the conditions before we hand over our data. We tend to be rather blindly trusting.
Chris - Stay there weíll come back to you in just a second. But letís put what you were saying to the test and find out how easy it is for information held by companies and other organisations to fall into the wrong hands. Rosalind Davies went to an interactive art exhibition showcasing this called ďData ShadowĒ.
Rosalind - Iím outside a blue shipping container in the middle of Cambridge as part of the Festival of Ideas. Itís an art installation by Mark Farid who joins me now to explain what itís all about.
Mark - So itís essentially about data privacy, but for me, the lack of ownership you have over your own data.
Rosalind - Can you explain the process. What are you actually doing her?
Mark - You join our Wifi, and then a captive portal pops up which asks you to enter your iCloud details to verify that you are the owner of the phone and at that point we take all your information from your mobile phone.
Rosalind - Whatís different to this than using a normal wifi hotspot?
Mark - Essentially nothing. This is a normal wifi hotspot. Weíve just rigged it so that we can do this but the piece of equipment weíve rigged it with cost £100 off the internet that anyone can buy.
Rosalind - What youíre doing here today, accessing the data, could be done by anybody if they wanted to?
Mark - Completely so. So if youíve ever joined free public wifi before, the equipment that weíre using tricks your phone into believing we are one of those wifis, automatically connects to it, at that point we can be tracking what youíre doing in real time on your phone.
Rosalind - That sounds quite scary. Can we go inside? Can I give it a go?
Mark - Of course you can.
Rosalind - Iím entering a completely black room. Mineís not working so weíll go through the same process but with Markís data.
Mark - So I will log in using my information.
Rosalind - Weíve connected Markís phone up to the data shadow and Iím walking through another door into a white room this time. Okay, so Iím in the middle of the room and on one wall in front of me is a picture of somebody in boxer shorts. Behind me is text. Mark, where have these letters come from?
Mark - Those letters are a thousand characters of my most recent text message or messages, and then on the right hand side youíll see that weíve taken 64 images off my mobile phone that were first sent by text message, then whatís app and then generic pictures on the phone.
Rosalind - When you first did this, were you surprised by what you saw?
Mark - Yes. There were lots of photos of ex-girlfriends that I thought Iíd deleted. People saw a lot of explicit photos of myself.
Rosalind - What happens next? Do I get to leave?
Mark - So you exit through this door.
Rosalind - And that was the door shutting behind us and deleting all the data that theyíve collected.
Chris - Was it the girlfriends he deleted or was it the data?
Connie - Maybe it was both. Or he thought he had at least. So it seems anyone with the right technology could access a lot of personal information. Timondra, is there anything we can do to keep our data private?
Timandra - Well, thereís quite a lot we can do technologically. Iím not a tech expert but I do keep an eye on this. Edward Snowden oddly has just given an interview to the Intercept making some specific suggestions and they are things like, you can use Tor as a browser which makes it much harder to track where you are going and what you are looking at. You can encrypt everything on your phone and your laptop, you can encrypt your messages end to end. There are apps you can use for that but he also has some more general advice, which I would echo, which is be a bit selective about what you share with whom. ďYou can segment your lifeĒ is his phrase. You donít have to tell everybody everything. Why would you enter your iCloud details to some pop up box for a wifi. Why would anybody do that.
Connie - I guess youíre right, but you know when you just really want some free internet, you know itís not sensible but itís hard not to do it, isnít it. Are there any options being developed, maybe commercially or politically that could help us manage our personal data differently in the future, other than the things we can do personally?
Timandra - Well I think thatís the key. There are some people saying ďlook we need a whole different model for this.Ē We need to think that our data is ours to control and if we want to trust somebody with it that should be an act of trust. You know, I will trust you with this but not necessarily with that, and there are things like Block Chain, the technology that underlies Bit Coin. That is quite good for this because you can encrypt things and then select who you are going to share your keys with. Thereís a company called Midex who are developing a whole new model of data storage, which would be very secure and you can give, again, very specific consent to people to use certain parts of your data for certain purposes. But the other side is that we do need to think differently about it. Politically we need to actually value privacy and say ďnever mind nothing to hide, nothing to fearĒ. I would say ďif you havenít got anything to have, you havenít really livedĒ. You donít have to be doing anything illegal or harmful to anybody else to think privacy is really important. You canít have a free society without privacy.
Connie - So after doing all this research, have you done anything differently yourself?
Timandra - I am actually doing certain things differently. A lot of stuff Iím leaving for now because itís quite interesting to just be conscious of whatís happening as I write the book. So, for example, I went and looked at a website of a company that all our political parties use to keep track of their contacts and, you know, keep an eye on what they should be using to try and campaign to you. So, I looked at this companies website and, for the next three weeks, their tweet appeared at the top of my twitter feed, and I havenít registered with them, I havenít given them any information consciously, but there they are. Iím definitely doing things like, Iím not downloading apps that want to know my location details on my phone. Why do they need to know where Iíve been. Iím definitely more selective about registering and letting people share my data.
Chris - Iíve got a tweet here from Ed Wilson, Timandra, and he says @ Naked Scientists ďsurely the triumph of big data is how many times you get adverts, the very thing you have just bought on line.Ē But it reminds me of something which is that I have now begun to foil so many birthday surprises because I share an internet connection with my wife and my other members of my family. So, I know what Iíve got for Christmas or for my birthday because up come all these adverts for these things and I think, well I havenít been looking at that. Why is this suddenly appearing on my computer.
Timandra - Well you definitely need to be using some anonymous browsing technique then, like Tor and probably turning off adverts. In fact, thatís another thing Edward Snowdon recommends is using add blockers. But this is exactly it, I think big data tries to aggravate everything, put everything together. Actually in real life, we donít want to put everything together. Thatís exactly it, you donít want to know everything you familyís thinking.
Chris - I certainly donít, but for more reasons than just a birthday.
If anyone is using public WiFi , (which is unencrypted), they should employ a "Virtual Private Network" for privacy/security ... https://en.wikipedia.org/wiki/Virtual_private_network