This Message Will Not Self Destruct: Privacy and Security in an Increasingly Connected World

min read

By now, most people have seen the dangers of sending a professional e-mail when you're upset, whether you've done it yourself or been on the receiving end.  

Once that send button is pressed, there's no way to go back. If that e-mail is forwarded to a broader recipient list, or publicly posted online, then the only way forward is to address it and move on. But there is no way to undo it.

In this coming decade, I want to increase wider awareness of not just the information we consciously create (such as e-mails, social media posts, etc.), but the data about ourselves being collected and shared with minimal knowledge (much less permission) on our part — especially by gadgets and services that aim to make our lives "better."

For example:

  • Your Fitbit, FuelBand, Apple Watch, or any number of fitness trackers knows when you are awake and when you are sitting on the couch or sleeping. My trackers know what time I run, where I run, and how far I run and can effortlessly connect to social networks and post that information on my behalf. (I've turned that feature off, however.)
  • Services such as Facebook, Dropbox, and Google all have a feature allowing you to automatically upload pictures from your phone to their respective platforms. Often embedded in these photos are the time and the phone's location when that picture was taken, revealing that you are on vacation, for example.
  • Amazon and other e-commerce sites keep a close eye on what pages you visit and how long you stay on them to recommend products that their algorithm believes you might want to purchase. They can also collect this data to develop a profile of you as a consumer.

None of this means we should bury our heads in the sand and avoid using these technologies. I personally am bullish on this next wave of technology. New gadgets like Nest (a thermostat that learns your habits to automatically keep your space comfortable and save energy) use this trove of data to make our lives more convenient and pleasant.

However, I would caution you to be aware of what data each service or gadget uses to create that convenient experience for you. Also, you should know how long that data is kept and with whom it is shared. Where is it stored? Is it encrypted? How often has that site or company been hacked? If you have a networked baby monitor, for example, do you know if the gadget has any digital protections at all? What about your pacemaker or digitally controlled medication dispenser? Privacy isn't the only risk to the Internet of Things when you're the one plugged in to a network without reasonable security protections against outsider intrusions.

Every day, we unconsciously generate thousands (some would say millions) of little data points. Services today might capture perhaps dozens of data points to improve our lives through better climate control and improvements to our health options. Eventually, if IoT technology continues down the same path as now ubiquitous smartphones and the growth of wearable technology, we will hit the point where our devices capture as many of those data points as possible (and legally allowed).

Unlike an incendiary e-mail, these individual data points might not matter much to each of us, but in aggregate, they might be more than anyone is willing to share. What if your insurance company obtains data on the number of people with cancer in your area and raises everyone's health premiums because it exceeds "normal" rates? I suggest you enjoy the services available, use the ones that benefit you — and keep an eye on the terms of use, understand what data the devices send and the providers collect, and make sure you are comfortable with the information shared about you and how it is used. You are the only one who can determine the degree of risk — to your privacy and security — that you consider acceptable. No service provider can make that decision for you.

Remember: Those messages generally do not self-destruct. They leave a growing digital trail of your life. Deleting that trail is a whole other article, but briefly: Deleting your data trail is challenging at best, and if it has been copied many times over, practically impossible.

Sid Savara is a technical manager at the University of Hawaii. He leads the development team for financial systems, including enterprise reporting, business intelligence, and budget. In previous positions, he has built and led teams at Department of Defense contractors, multiple Fortune 500 companies, and state agencies. Follow @sidsavara on Twitter.

© 2015 Siddhartha Savara. This EDUCAUSE Review blog is licensed under the Creative Commons BY-NC-SA 4.0 International license.