Misuse of personal data

By August 23, 2007 6 Comments

A couple of days ago I wrote a post Why are we concerned about privacy? in which I argued that sharing personal some personal data in return for better services was a good trade off. Alan Patrick and I had a privacy versus sharing debate in the comments which left me thinking that to move this topic forward we needed to talk more clearly about the data that would or wouldn’t be shared as well as the risks and benefits that sharing would bring.

One of the difficulties with this subject is that everyone has a passionately held opinion, and it is starting to look to me like that has gotten in the way of good communication. My hope is that in taking the debate to the next level of detail we might find some common ground. (Where is the fun in that I hear you cry!!!)

Yesterday’s FT had an article Fraudsters target social networkers sets out the privacy position pretty well and offers a good basis for moving the discussion forward. They opened with the following two paragraphs:

Millions of people signing up to Facebook, MySpace and other social networking sites could be leaving themselves, and their companies, open to online crime, IT security experts are warning.

The practice of posting up personal information such as birth dates, addresses and phone numbers is proving to be a goldmine for identity fraudsters.

This is worrying, and I have made a mental note to check my Facebook profile for offending items. Everyone should be careful about things like this. Possession of the sorts of data that you use to identify yourself – date of birth, name of first school, home telephone number, favourite football team, mother’s maiden name etc. will be a big help to anyone who is trying to pose as you – i.e. steal your identity.

But, and this is the critical point, that is not the sort of data that I am talking about sharing. That data is much less useful to someone who wants to target ads than information about your hobbies, which sites you visit, what sort of holidays you take, when you take them, etc. That is the sort of information I am thinking about sharing, and unless I am missing something there isn’t much there that someone could use to steal my identity.

It is important to protect against spam though and that might come through some kind of profile/filter system which masks my IP address from the advertiser. That way I can choose to block any offending advertisers from having access to my information just like I block emails from the domains that spam me. As a further level of security the company that hosts and manages my profile for me could keep a blacklist of offending companies as well and refuse them access carte blanche – much as hotmail blocks email from known spammers.

Hopefully being careful about the data that is shared combined with a blacklist functionality should be enough to assuage most people’s fears. We won’t know, though, until someone puts it to the test. It would be very interesting to see a service which offered extra functionality to those who shared their data and permitted targeting. Then we would see how much people really care. Whilst the debate remains in the abstract there is little incentive for people to examine whether their fears are valid in the context of the gains on offer.