Your business is big business for data thieves

Your personal data is available all over the internet to the scrupulous and not-so scrupulous, writes Conor Ryan

IF you want to protect yourself, your good name, and your property then it is time to accept that your business is big business. More is known about you than ever before.

Your phone records, your contacts, your conversations, and your movements. This trail does not vanish when you switch the device off or delete a message.

Smartphones go further and link up your daily affairs to online services such as Gmail and iCloud. Your internet profile warehouses a library of your interests and activities. Social media sites hold evidence of places you have been, subjects you are interested in, and the people you consider friends.

Facebook has more than 80 categories of information stored on each of its 750m users. There is so much data held and generated about people it is easy to believe yours will fade in with the white noise of information-age traffic.

You may not care about the breadcrumbs of trivia you have scattered on to databases around the world but there are people who do. Marketing companies, scam artists, and people close to you want to know more about you.

Motivated by commerce, greed, suspicion, or jealousy, it is in their interests to know your interests.

There is ample software available for people close to you to track your movements and monitor your actions.

It is easy to buy software that, once downloaded, will deliver frequent reports to electronic eavesdroppers on the traffic coming through a mobile or computer. A mobile device can be turned into a room bug for somebody wishing to spy on you for €200 a year.

Either because of increased activity or heightened awareness, reports of data snooping have grown. In 2002 there were 189 data protection complaints. Last year there were 1,161. In 2010, the latest year where figures are available, there were 27 recorded crimes of illegally accessing data. In 2008 and 2009 there were seven and four.

The level of investment, and risk, in the ongoing single-person surveillance makes it a hobby horse for those with a very particular interest in their subject, be they a partner, employee, or child.

But the big money is in sweeping information on many different people. The report of the Data Protection Commissioner, Billy Hawkes, last month gave an insight into the value of information for marketers.

Companies had been chastised for gathering lists of emails to contact potential customers directly and others used phone number registries to target people in advertising drives.

According to a Europe-wide survey, two thirds of Irish people used social networks. Of those, 60% felt they had been sufficiently informed about what information was kept on them and 54% had gone about changing their privacy settings.

Of all Europeans, Irish users were more likely to consider themselves responsible for their online privacy than all but one nation: Cyprus.

The European justice commissioner Viviane Reding has described this personal information as “the currency of the digital age”.

Her comments were echoed by FBI chief Robert Mueller: “We are losing data, we are losing money, we are losing ideas and we are losing innovation. Together we must find a way to stop the bleeding.”

Antivirus software provider McAfee examined information breaches worldwide and found a ubiquitous pattern of attack: “After painstaking analysis of the logs, even we were surprised by the enormous diversity of the victim organisations and were taken aback by the audacity of the perpetrators... virtually everyone is falling prey to these intrusions, regardless of whether they are the UN, a multinational Fortune 100 company, a small, non-profit thinktank, a national Olympic team, or even an unfortunate computer security firm.”

The European Commission has promised to reform its regulations, unify structures, and allow people to disappear from the internet, but has run into difficulties getting its message across to the social media giants.

Mr Hawkes recently offered a conference a synopsis of Google’s place in his business. “You do not get charged in financial terms by Google. What you pay in turn, in fact, is your personal information. The more precise that information is in terms of identifying your interests, the more Google can charge for the advertising.”

Ireland and the Office of the Data Protection Commissioner are at the centre of an international battle with the social network companies. Because of the country’s corporation tax regime, it is the European home for some of the biggest in the business.

The ODPC is engaged with Facebook over its privacy arrangements and has had to take Google to task for its internal sharing of private usage details. The workload involved for the ODPC has been immense. It has held up investigations into concerns about the use of social welfare information and worries that Garda records could be checked for non-police work.

However, as of yet, Facebook has yet to comply with European law. Ireland is likely to be in the spotlight even more next year when its presidency of the EU is likely to coincide with the completion of a new data privacy charter.

The campaigners, Europe Versus Facebook, have pressed the company to tighten its rules and allow people greater control over the information stored about them.

EVB said that since it began a campaign for people to access their own history on the social media platform there has been a backlog of over 40,000 requests for downloaded personal information.

Similarly, Google has been in the firing line after unifying its privacy policy earlier this year and, in doing so, sharing the information across a spectrum of its services.

If people did not delete this trail before the services were united then a person’s entire history of internet activity since they became a Google user was shared. Most of the information is innocuous and the advertising profiles built up, on the basis of a person’s usage, are often far off the mark. But is it data that people would want to share?

Organs of the Government can legitimately request this information from Google under certain circumstances. Google does not provide a breakdown on the number of requests for users’ data that it gets in Ireland. It does for larger countries. In the UK, for example, there were 1,279 requests to see details on users’ accounts in 2011. The company supplied the information in 63% of cases.

The advice from Info Security Ireland is “don’t tweet or put on Facebook everything you are doing — it will be held against you or used against you at some stage — be prudent and vigilant”.

Software such as Facebook Pwn has been developed to target users of the social network and copy their identities with a view to conning them or gaining access to accounts.

At a most sinister level these con artists of the internet age are able to find out enough about you to lure you into a false sense of security.

Previously, they would have posted offers of cheap tickets or lucrative winnings online in a bid to draw victims out. However, with Facebook, Twitter, LinkedIn, and Google they can educate themselves about you before they strike.

The European survey found 36% of Irish people believed the most important reason for protecting their social network data was to stop them being the victim of fraud. This was lower than in most other countries.

It is not difficult, given the volume of information people willingly post about themselves on the internet, to build an entire backstory about a target. In response, Facebook, Google, and others have teamed up with anti-virus providers to beef up the protection available. However, the level of detail potentially gleaned from any attack is staggering.

Facebook stores chats, messages, wall posts, pictures posted, and pictures viewed either on your own accounts or those of your friends.

It is obliged to supply all this information to a requester within 40 days but, given the volume of requests, it has been unable to do so.

The potential for crime may seem farfetched but imagine a person coming to the door needing assistance, claiming to be a friend of the family and possessing deep knowledge of your circumstances. They would be hard to turn away.

Similarly, if a friend emails from abroad needing access to cash quickly you would be more likely to help them if, through their profile, their address, or their inside knowledge, they appeared to be somebody who they were not.

Playing safe

Safety tips from Info Security Ireland:

* 1. Learn about the dangers and how con artists can build profiles about you to use later

* 2. Understand that your PCs, laptops, iPads, and smartphones are being targeted continually

* 3. Invest in antivirus software and keep it up to date

* 4. Do not put everything you do on Facebook or Twitter

* 5. Educate children about the dangers of the internet and social engineering attacks

Read more in this special investigation here.


Bless me readers, I have sinned. This week, we had more than a few visitors around, some water was wasted in the back garden and I was judgmental about my friends’ parenting style.Learner Dad: The highlight was when my daughter roared, ‘this is just like being on holidays’

Wearing gloves when out in public has become more prevalent and so has pulling them on in the garden during lockdown, writes Ray RyanIreland's growing love for gardening

Dublin songstress, Imelda May.Imelda May returns with spoken word album Slip Of The Tongue

Back in the day, there was a device called a GameShark.GameTech: Maneater is a game with bite

More From The Irish Examiner