“The problem of user privacy in technology”;
The introduction of the new technologies and more especially the internet is a double edge sword. In one hand, it brought the ability to connect people who are geographically far apart at virtually no cost. It also provides the access to all the information needed including dictionaries, tutorials, forums or essays directly from our computer. In addition, it is an endless source of entertainment with games, social media or video streaming. However, all these advantages come at a cost as demonstrated by the recent attack on TalkTalk, an English telecommunication company, which resulted in the theft of details about more than 1.2 million clients[1]. This crime highlights two main problem about the web: users’ privacy and its security. However, these two “new” issues are not really new as other previous innovations such as the printed communication such as the press and post mail or the telephone were confronted to the same problems. Nevertheless, the internet also comes with new technical solutions to balance its weaknesses.
The biggest concern about the web is user’s privacy. “Privacy is the claim of individuals to be left alone, free from surveillance or interference from other individuals or organizations, including the state”[2]. Geolocation is a new trend in social network to notify your “friends” where one user is at the moment. This new functionality obviously adds up to the user experience and his satisfaction when he wants to but it is not always the case. In fact, some people may not agree on the fact that their favourite social network is tracking their movements at any time. However, Facebook, for example, has automatically set up the option to get a user’s location when using “Messenger”. The problem is that it is totally legal insofar as it was mentioned in their terms and conditions which every user had to agree on in order to use the service. Nevertheless, it wasn’t clear for everyone who signed this paper as they are usually extremely long and ambiguous. For example, Paypal’s terms and conditions length is more than 36 000 words and those of LinkedIn and Facebook have been trialled for their “obscurity and length”[2]. Obviously, using this type of service can reveal your position, who you are, where you have been and when. But are we safe when using an app with geolocation service which promise us to be anonymous? According to BBC[3], a study has found that only four information are necessary to retrieve someone identity even though he thinks he was anonymous using his phone. These four information are the time, the date, the user’s location and his phone serial number and when combined they can easily lead to the identification of its owner and his movements.
Moreover, our identity and our position are not the only thing that are recorded. Every computer can monitor and save the network communications that pass through. For example, when a user is browsing the web, many websites store cookies which are pieces of information saved directly in the hard drive of one user. When a website using the cookies system is visited, it can check whether the user already possess cookies and if so, it knows the previous actions of this user. The reason websites use cookies is because this information can be sold to businesses. For instance, if one user has visited a shopping website and has looked at two pairs of shoes, this information will be stored in the cookies and will be sold to businesses so they can advertise similar shoes or products to the interested client. Additionally, as data storage costs are decreasing, it allows companies to create exhaustive and detailed databases at an affordable price. These databases combined with powerful tools to analyse data makes the Profiling, “the analysis of a person’s psychological and behavioural characteristics to assist in identifying categories of people”[4] really effective. Moreover, cookies can also store email addresses so businesses can directly send specific advertisements to potential clients depending on their profiles. Even large companies such as Google is using similar tools to read through the emails sent or received via Gmail, a free web-based e-mail service[2]. After analysing it, Google sells this critical information to interested businesses. However, these can be considered as Spams which are “unwanted or intrusive advertising on the internet” according to Oxford Dictionaries[5]. The problem is that spams come at a very high cost for companies that receive them through their employees. In fact, due to the amount of time needed to deal with them which includes network and computing resources, spams are estimated to cost more than $50 billion per year[2].
But is this problem of privacy and intrusive access in our daily lives really new? Similar issue are encountered when using the phone or reading the journals for example. In fact, the collect of our personal information and our location when using social media may be avoided by not using them but it is not enough to protect our privacy. According to BBC[3], the four pieces of information mentioned earlier can be retrieved only when making a phone call. In fact, throughout the UK, IMSI (International Mobile Subscriber Identity) catchers towers were deployed in London, they allow the police and others to get the location of each mobile phone user. It is done by tricking the phone to believe these towers are real cell phone tower in order to collect “the international mobile subscriber and electronic serial number (ESN)”.[6] Initially launched to keep a close watch on criminals, the system cannot determine whether or not a person is a criminal, resulting in a general watch. These towers can track every phone which are in a 10 square kilometres range. This is not the only way we are watched as the USA Today reported in 2006[7], three major telecommunications companies (AT&T, Verizon Communications and Bell South) have cooperated with the National Security Agency to turn over records of their users’ phone calls to fight terrorism. Even though these records only contain phone numbers, it is easy to cross-reference with databases available on the internet, according to James X. Dempsey of the Center for Democracy and Technology[8]. This is finally the same privacy problem as the internet and the creation of databases concerning every user. Regarding the intrusive access to our daily lives, the printing press has basically the same problem as their methods are similar to those of the internet. In fact, to receive the newspapers at home every morning, the clients needed to give his details such as first name, last name or physical address which were traditionally stored in a paper-based database. These details are now stored on servers exactly as the databases from the internet. Moreover, the problem with spams is the same with advertisements in the newspapers as they can be considered intrusive as they are not easily avoidable.
As we are constantly watched and databases made of our private information are created without our consent nor control, it is legitimate to wonder if these information are secure and who can access it. The main threat from the internet is the theft of identity. In fact, the thief steals your personal information such as name, address, credit card number or social security number through different processes. The two main techniques are the hacking and the fishing. While the first one needs computers skills to get into your email account or other personal account, the second only consists of sending fraudulent emails disguised into serious mails to a tremendous amount of people and then wait for the user to click to infect his computer. [9]. Security on the internet is a major concern as one third of world’s computers may be infected by poisonous malware according to the Anti-Phishing Group[10]. Moreover, this issue is not really new as our data are not as protected as we would think. A case in point is the recent thief of 400 000 TalkTalk customers’ bank details. In fact, his chief revealed that users’ details weren’t “encrypted, nor are [we] legally required to encrypt it”[11]. However, this security problem is not really new as a post mail including our personal data can be stolen or intercepted as well. One technique to intercept a post mail is to use steam to discretely open a letter then repost it. Another one is to use Royal Mail’s redirection service: identity thieves redirect number of your mails so you can’t notice when an important one fails to arrive. The same problem can occur when making phone calls. In fact, in 2010, a hacker showed how easy it was to listening phone calls of more than 80% of the world’s phones using some devices of a total value of $1500. Two large antennas and a laptop are enough to intercept and/or disrupt a phone conversation. And according to the Mr. Paged, the hacker, “the thing about band jamming is there is no way to defend against it”.[12]
Thus, the privacy and its security are central concerns when using the internet but they are not different from the problems we had before with other inventions such as the phone or the printed press. But as a new technology, the internet also comes with modern solutions.
We mentioned previously that websites use the system of cookies to retrieve information about the users. But does it mean we are vulnerable when using the internet? Not to a certain extent, for example, in European countries, the law imposes businesses to inform their clients about the use of cookies prior retrieving these information. Legally, every use of personal information must be done following this process: the collector reveals how they expect to use these information before collecting the data. It includes the measures that will help protecting “confidentiality, integrity, and quality of the data”.[2] Then the consumer must be able to review the information collected and contest if necessary. Finally, the website needs to acknowledge they are responsible for the security of the information collected. This system offers a viable legal protection but is not used by the majority of users. Moreover, internet browser allows their users to clean the cookies that have been collected, however, some are invisible therefore inerasable. It is the case for the “Flash Cookies” made by Adobe Flash plug-in, they act the same way as ordinary cookies but can only be accessed through websites using Flash application “which is used by almost every page that most people access” according to the Guardian.[13] They are still tools that can help their customers to know what type of information are given to certain websites. For example, the Platform for Privacy Preferences (P3P), convert websites privacy policies into a standardised text that can be understood by the user. This way, he can decide in full knowledge of the cause whether the website respects his privacy or not.[14]
There is also another solution to avoid being tracked on the internet: it is the use of VPN (Virtual Private Network). The basic working of the VPN is that two computers are connected to a virtual private networks, this way they can benefit from the advantages and protection of a private network. [15] This can be done by encryption methods or tunnels methods. Using a VPN connection virtually ensures that privacy is respected. However, this system comes at a cost as they are usually either not free, slow or risky. In fact, to ensure the quality of the service, certain VPN have made their services lucrative such as Private Internet Access or TorGuard. Free VPN are usually slow because the bandwidth is not sufficient for every users and advertisements may slow down the connection as well. Others are risky because, unlike paid VPN, they can’t protect the user when they purposely click on an advertisement that redirects to a malware.[16]
Regarding the security, there are various cyber protection tools to protect our data. For instance, Google offers a minimal protection against advertisements through its extension store for Google Chrome. One particularly, Ad Block is an add-on that allows to hide every type of advertisements that it can detect. But obviously, a free software won’t be as efficient and as complete as a real paid cyber protection. For example, SurfControl allows its users to filter potentially dangerous e-mail and website content including advertisements and inappropriate contents. This software doesn’t act as an URL filter but more like a “web gateways” meaning that it can defend in real time as malwares can now act dynamically after they passes through certain obstacle such as a traditional URL filter. According to SurfControl, their software is capable of analysing both inbound and outbound traffic whereas URL filter can only inspect inbound traffic.[17]
These tools are efficient to protect our privacy but are fitting the web as they are meant to be use in coordination with the internet.
In conclusion, the user privacy and his security when using the web is definitely a real problem but is nothing new when compared with the same problem encountered by using other technologies such as the printed communications or the phone. But the scale that the internet has taken makes these issue more important than ever. However, the internet has also provided solutions to address these issues such as the VPN, P3P or web gateways for example. They use the very mechanisms of the internet but add the needed protection for their users’ privacy. For example, the web gateways doesn’t change the protocol of connection used by the web but add an extra process to it to detect hazardous or unusual processes. This way, the new solutions that came with the web fit it as they complement it rather than replacing a part of it.