We have all heard of, or maybe know, someone who “got off the grid.” Pay and receive cash for everything, don’t own a car or house or have a credit card or a bank account. One way, of course, is to join the ranks of the more than 600,000 people in the US who are homeless and living in the streets. However, many of these people are receiving some sort of government assistance, and that means that the government at least knows they exist and has some way to get the benefits, financial or otherwise, to them.
Most of us have some concerns about our privacy, but are not willing to go totally off the grid. In fact, we are all embracing the grid at an ever-increasing rate. If you have a smart phone, tablet, or E-Z pass, “they” can find out where you are. Conspiracy advocates usually equate “they” with “the government.” But “they” could also be an identity thief, someone who really doesn’t like you, a crook, an activist who you don’t agree with, a competitor, or someone who just wants to sell you something.
There are a number of different types of privacy issues that we deal with every day:
- Location privacy. Can “they” find out where I am or where I was when?
- Personal privacy. Can “they” find out how I live, what I like to do, what kinds of places I go to, what kinds of people I associate with?
- Financial privacy. Can they steal my financial identity and thus my money?
- Business privacy. Can they figure out what my business is going to do next, how much we are bidding on that contract, what we are paying our suppliers, or details in our next annual report?
Your level of tolerance for each of these types of privacy concerns will probably be different than mine, and you probably have different tolerances for specific classes of information in each type. There are three questions I think you should ask yourself, and answer, about your own situation for each of these privacy types:
- Why are you putting data in the Cloud?
- What is the impact if someone sees that data?
- How can you mitigate that risk?
It is almost impossible to go somewhere without “them” knowing where you were when. There are an ever-increasing number of cameras, many connected to the Internet, most with no security controls. Sophisticated facial- and even body-recognizing software means that a computer can look through the output of hundreds of cameras covering several days of activity and find you in a matter of minutes. Any cellular device that is powered on relays to at least the cell service provider where you are within a hundred feet, even without turning GPS on. E-Z Pass and other similar services know exactly when you drove through a toll both. Expect to see the detectors placed in other places “just to monitor how things are going” – enhancing the traffic cams and speed sensors built in to almost all new highways.
My advice: get over it. In reality there is not much difference than being seen by the police officer walking his or her beat, except now we have two orders of magnitude more virtual officers, and they never forget what they saw. Also, don’t steal someone’s tablet or smart phone. Check this Scientific American article out to see why.
This one you can defeat. As long as you never use a credit card to buy anything, never buy anything over the Internet, and never search for anything over the Internet while signed on to any service like Google+, and you do all of those searches from different computers in libraries and coffee shops. But don’t check out any books or use a credit card to pay, and watch out for those surveillance cameras. If “they” want to badly enough, they can figure it out, but it will not be easy. Keep in mind that the Patriot Act means that the US government can compel any organization to provide information about what you have done without you knowing about it. To defeat the Patriot Act you have to not leave any trace in anyone’s database.
My advice: if this one really bothers you, don’t hurt the situation by broadcasting your location, friends and desires through the myriad of Cloud-based services like Twitter, Facebook, Flickr, blog posts, …. It is a lot harder today to keep that minor indiscretion at the office party from showing up in a Google search. You can use companies like Reputation Defender or Internet Reputation to monitor your on-line presence and maybe fix it. Good behavior could help, too.
The loss of your personal financial data can have serious implications to you personally. The most important question is why are you putting the data into the Cloud in the first place? It probably comes in two flavors: you are using the Internet to perform a substantial number of financial transactions, or you are using the Cloud to protect your data from loss.
The best defense for the first case is to deal only with reputable companies over the Internet. If you don’t like to use a credit card, sign up for PayPal, or keep a separate credit card just for Internet activities. That way if you need to cancel it, your other uses of the card are not impacted. But your best defense is just to pay attention. When you go to a site, check the URL where you enter your username and password. Spoofers will create a website that looks just like your bank’s, but will not have the mybank.com URL. When you get a warning about an unknown or expired security certificate, do not click “Ignore.” There is something wrong with the site – maybe just a minor glitch, or a total takeover.
In addition to being careful, I use LifeLock to help protect my identity. They monitor your financial accounts and personal information for unusual activity. They offer several levels of monitoring to fit your comfort level and pocketbook. There are other similar companies.
Business privacy is similar to financial privacy except that it impacts your business. Again, the most important question is why you are putting the data in the Cloud. Usually it is some combination of the usual reasons for using the Cloud: save money, make data available from anywhere, or protect data from loss. But some data may not really belong there. Some security experts indicate that you should not put your customer’s financial data or your own intellectual property into the Cloud. Ever. I think that is an extreme position, but certainly you need to understand the risks before you put the data in the Cloud. At a minimum, encrypt any sensitive data you put into the Cloud, and make sure you, not the Cloud Service Provider, control the encryption keys. The US Patriot Act enables the government to demand your provider turn over your data, and to decrypt it if the provider has the keys. If you have the keys, all the government gets is encrypted data. In spite of what shows like NCIS depict, no one can decrypt a certified encryption scheme with a 192-bit or longer key in any reasonable time, measured often in years. Unless you give them the key.
It is OK to be paranoid. While most of the world really does not care what you do, there are enough folk whose day job is to try to steal from you that require you to be very careful.
The last word:
If the government can find out something, than anybody can. It often requires violating laws, or more likely using money or other influence to get someone else to violate the law. On the other hand, governments at all levels have incompetent individuals and often-useless oversight. Consider some of the confetti used in the 2012 Macy’s Thanksgiving Day Parade: semi-shredded confidential police reports, including complete social security numbers, license plate numbers, police detail assignments, and incident reports from the Nassau County Police Department. How did this happen? An employee of the Nassau County Police Department brought the badly shredded documents to the parade for his family and friends to use.
Of course, we could blame the Cloud for this particular leak. After all, the Internet has made ticker tape machines obsolete, and therefore the traditional New York City confetti is very hard to get. OK, ticker tape machines actually died out in the 1960s due to computer networks that we would now classify as primitive. No stock ticker tape machines have been manufactured for decades. But never let a mere fact get in the way of a good story.
Keep your sense of humor.