Digital Fingers
I am always surprised at how trusting people are with confidential and “private” data. They send attachments by email, they chat and post updates/pictures through their facebook/blogs/twitter accounts. And yet people are shocked when they hear about identity theft. You are shocked when someone knows your name, birthday, what you look like, what your kids look like, and how much your last raise was at work along with the particulars of the big deal you just closed.

It is very simple actually. We are all leaving a “digital footprint” in everything we do online and on our computers. Just because you delete something doesn’t mean it is gone. I was on the news a few years ago doing an “experiment”. We took 4 computers from the eco depot and I was able to recover data from every one of them including a copy of someone’s will, list of their stocks/jewellery and combination to their safe. This computer had already been “recycled” twice since the original owner gave it away.

While discussing network security with a good colleague of mine, he pointed me to yet another interesting site, pipl.com – go ahead and search your name, you may be in for a surprise on what this digs up about you. Sure enough there are even some newsgroup postings I had made back in the 90s that are showing up along with different projects I have been involved with. Quite enlightening. And there is no way for me to “delete” them, they are out there, probably many copies of the information being archived on different servers.

But I digress…

The reason for this this update was to remind and/or increase awareness of something called the US Patriot Act. Why should you care? This is a topic I think about often and bring up when conducting audits of individual and corporate networks. Any data that is routed through the US opens the possibility that it can be intercepted by US authorities. No longer do they require a warrant but now can do it quite simply with something similar to an administrative subpoena called a national security letter. Along with this goes a gag order such that the custodian of the information/data that is being examined/requested is not allowed to tell anyone that this demand has been made.

Many people use Facebook/Twitter which have data that reside on US based servers. How about where your website is located? Does your website have a private database, do you maintain information about your clients? How about something as simple as gmail/yahoo/hotmail/msn/googledocs/etc Did you know that everything could have already been examined without your knowledge?

Perhaps this is not a big deal for individuals but it is certainly very serious for organizations.

Many clients don’t even know where their data is being stored! We also find that many companies that provide website and email hosting, or even IT support services, make use of reselling other services offered online typically from these very large hosting providers (typically located in the US). Offsite backups, email accounts, databases, etc all could be stored on a US based server without your knowledge and you thought you were dealing with a local company.

The US Patriot Act was passed by US Congress following the 911 terrorist attacks. Canada also enacted a legislative response called the Anti-terroism Act.

I would caution you to educate yourselves regarding where is your data stored and transmitted, are there privacy concerns that should be investigated and addressed, and ensure you aren’t violating any laws (such as the privacy act).

8 Comments
  1. That was quite shocking to hear! I couldn’t believe that you found computers at the eco station and found all those peoples’ personal information that they believed was secure and safe. People do need to realize how easy it is for their private information to be stolen and how it can deeply affect their lives. Do you really want some guy online to be finding out where you live, where your kids go to school, where you’re going next Saturday night, or your credit card number? As Gandalf once said, “Keep it secret; keep it safe!”

  2. People think way to rarely about this kinds of topics. I hope the news about the internet security scandal right now will wake up some people ti give it all some thoughts.

    Obviously some don’t see that clearly how much data we give away. What would someone who knows everything we do online know about us? What could he make with that knowledge?

  3. There is so much valuable information in this article. Thank you so much. It gives us much to think about. Putting details of our personal lives on the Web has so many implications, one of which is — as you point out — that we can’t get rid of it. It is permanent.

    I did not know about pipl.com. What a great resource and research tool, yes, and quite revealing. I did search my name — and found nothing incriminating, fortunately — but I did see some entries from public records I had not seen on Google. It’s like searching all of those free people finder Web sites like zabasearch.com all at once. Amazing, but a bit scary, too!

    Yes, much to think about, indeed!

  4. You said in the blog post that “Perhaps this is not a big deal for individuals but it is certainly very serious for organizations.” .

    I would have to disagree here. I think the only reason people don’t find it a big deal is because they are ignorant of the extent of the snooping, or choose to be blissfully ignorant of it and not think about the consequences.

    I know the subject of online privacy rights is a big deal in the US right now (from what I can tell from the little US news media I see) , but as far as I can tell in the UK it’s still not a big deal. I’ve tried talking to people about it and noone seems to realise that emails etc can be opened even if the person isn’t from America. It’s an odd naivity that doesn’t make much sense to me.

    Pipl is just plain scary considering it is freely available. I would hate to see what a payed service like this offers.

    I myself only realised how bad the situation was when I started giving out different names for certain official and “confidential” services, and found out exactly how many people had access to the data of those organisations. I would get spam to different names, and would know exactly who must have given away or leaked my information based on the name/contact details I gave. I got the idea from James Randi, and it really opened my eyes.

  5. I always want to know where my information is going and where it is stored. Sometimes when I start reading about it the information becomes overwhelming. It often seems impossible to be aware of all of the tracking and info being exchanged online.

    • It’s hard to keep track of your info. Especially when it’s on so many places online like Facebook, Twitter, Google+, LinkedIn, etc., many marketers can find your home address, phone number, mobile number, and a lot more. Just one piece of info about you, even your name, can yield many pieces of information like what I said above. It’s hard to know where your data is going, because it can go from one end of the globe to the other within 15 minutes.

  6. Quite a thought provoking post. There are a lot to think about and to consider when it comes to data security. I agree about educating one’s self in order to learn more about related issues. People should be able to get help when they need them and get information from reliable parties when they need the information.

  7. I try not to mix the two together, but there are types of identity thefts and one is online identity theft. For people living in countries where the internet is yet to be regulated, identity theft practices could not have been identified earlier. I think for many people posting their private information online is a way to get help. Online social media is fast, fun and beautiful way of sharing things with people you care about, but they’re not cheap to maintain. And what better way to look for help online than the fast and quick social media?

Leave a Reply