If you ask most people what they think “data” is, you’ll usually get a response that indicates something like what most people find in their “My Documents” folder. Files, representing in some cases documents composed of letters and numbers, in other cases photos and videos. These days most people also have an understanding that, at the computer level, these “files” are really represented as binary data. From this perspective, these are “our files” and therefore our data.
So when you suggest to the average person that they could be hacked, their mind wanders to complete a quick inventory of the “files” they have stored on their computer. Maybe they have files with their financial information stored inside, but they only store those locally and never in the cloud. Some personal photos, maybe some stuff they don’t necessarily want other people seeing, but nothing serious. And at the end of some reflection many people will report that they don’t mind being hacked – there is nothing compelling they have to steal.
For most of the history of computing, this would have been a fair assessment. Our “digital footprint” was really just a collection of the files – explicit files – we chose to create and store on computers and networks. It was a misconception, but the misconception was well masked and perpetrated not maliciously, but to make computers easier for average people to grasp. And when you’re trying to get someone new to the concept of a computer to grasp the concept of files, it doesn’t seem that important to mention also that the log retained by a remote server they used should really have been considered to be their data as well.
What does this mean? Certainly we don’t “own” the log file on the remote server. And the administrator has every right to keep a record of activity on their computer. But the entry about our activity describes us. Despite the fact that it was likely stored with only a numeric address, and not our name, it still describes an activity that we performed in the real world – requesting or sending information to a computer. Each entry in the log is also is a snapshot of a moment of human life.
Fast forward to today. Now our friends and family, the companies we do business with and the governments we obtain services from all use computers to conduct business. Most people carry computers in their pockets that absorb and emit data as we walk along through life. These computers are also capable of capturing video and audio information from the world around us and converting it into data.
The Internet of Things (IOT) is positioned to explode, and has already packed the world with devices that contain onboard computers that can convert information from the real world into data, storing and transmitting it across networks. Security cameras, baby monitors, smart appliances, smart sensors, fitness trackers, medical devices – all collecting and converting information about our lives. Many, as the links above show, ship with vulnerabilities.
At this point in our history a person could swear off computers, scorn smartphones and pay for things only in cash, but if they continue to live in society and enjoy the services and commercial offerings available then inevitably they are still generating tons of data. When they go to the doctor, pay their taxes, or even just walk down the street. Frankly, even the hermit in the woods is subject in our modern world to telemetry from above, from the many satellites orbiting the Earth.
Our legal system recognizes that the person doing the collecting generally owns the resulting data. There are some exceptions, in the form of data security laws, but even these usually allow the person collecting the data to retain actual ownership so long as the data was obtained in an authorized fashion. Whether or not this is a good idea, or addresses the entire issue, is subject for fair debate. What is not debatable is that, from a perspective of self-interest, we all must view that data as our data, along with the documents and files we explicitly store and use.
Yahoo is in the news for having between 500 million and 1 billion user accounts compromised. Their servers, our data. They didn’t get hacked – we got hacked. When a medical insurance company gets hacked the value obtained is not information about the insurance company – it is the information about each of us that is valuable. Our data. If we do not adopt this stance and act upon it, it is unlikely that these companies will feel the necessary pressure to make cybersecurity the priority it must be.
If a determined person went to the deep and dark webs, they could in little time and with not very much money assemble a profile of your person and activities that would chill your spine. In the not too distant future things will be far worse. With sensors of every description capturing information everywhere we go, it will be possible to largely reconstruct your life and activities by collating all of the data. George Orwell does a good job exploring some of the problems with this potential future.