data mining

July 3, 2018

California Thinks It’s Fixing Data Privacy. It’s Not.

“Your move,” says the new California Consumer Privacy Act of 2018.

Except, this isn’t a game of chess—picture it more like a million-piece jigsaw puzzle called “Cats Around the World,” and it’s been spread out on your dining room table for the past twenty years and you’re only 40 pieces in.

(Sounds like a party, am I right?)

Here’s the thing: the data privacy law that was signed on Thursday by California’s Gov. Jerry Brown is a new piece of the data privacy jigsaw puzzle that has served as the U.S.’s means to protect its citizens’ privacy. It’s certainly a huge step in terms of improved privacy laws, but it’s not quite clear how it fits into the nation’s “big picture.”

So far, the U.S.’s privacy law game is patchwork and somewhat messy. We have federal laws like The Federal Trade Commission Act (FTC Act), the Health Insurance Portability and Accountability Act (HIPAA), and the Children’s Online Privacy Protection Act (COPPA), which are aimed at specific sectors, and we also have state statutes that are aimed at the rights of individual consumers. However, there is no single principal data protection legislation, which means the currently enacted laws don’t always work together cohesively.

And this adds to one big, confusing jigsaw puzzle with pieces that sometimes overlap and contradict one another.

Up until now the timeline of such regulations have been slow and piecework. Most of our states are weak in terms of their data protection, with a few states—Florida and Massachusetts, for example—serving as “leaders” in data privacy regulations.

Already this year we’ve seen the EU’s General Data Protection Regulation (GDPR) going into effect, and we’ve also seen (way too many) data breaches in the states. The issue of data privacy is gaining notice throughout our nation and throughout the rest of the world, and now some of us are wondering: what does the future hold in terms of data privacy in the U.S.?

California’s sweeping law seems to be a good step in the right direction, but how does it fit into the rest of the puzzle?

An “Interesting” Piece, To Say The Least

California’s new privacy law will give consumers more control over their data and force data-holding companies to become more accountable and transparent. The Act establishes the right of California residents to know what personal information about them is being collected and to whom it is being sold, plus the ability to access that information and delete it. Additionally, the Act will establish an opt-in consent for individuals under the age of 16.

It’s coming into effect in the wake of the new EU law that was enforced in May, and although it isn’t as extensive as the GDPR, it’s certainly proving to be a forerunner of U.S. privacy rights.

However, the Act also had an interesting path—surprisingly, it didn’t face much opposition from major companies despite its fleshed out regulations.

Why not?

Because there was also a ballot measure—the California Consumer Personal Information Disclosure and Sale Initiative—that had been cleared for a vote in California in the fall, which would have proved to be an even greater challenge for companies due to its tighter restrictions and higher fines.

Major companies—like Facebook, Verizon, Uber, and Google, among others—were already lining up against the ballot, and some donated to the Committee to Protect California Jobs in a further effort to oppose it.

Leaders of the Committee to Protect California Jobs said in a statement, “This ballot measure disconnects California. It is unworkable, requiring the Internet and businesses in California to operate differently than the rest of the world…”

In the end, even though enough signatures were collected for the initiative to appear on the ballot, a compromise was reached instead. This resulted in the proponents withdrawing the initiative and the newly approved Consumer Privacy Act entering the world.

So, to sum up the story, the end result basically came about from many of the voters having to choose between “I don’t like this” or “I really don’t like this.”

…Which kind of sounds like the debate you’d have while shopping for the top two hardest bingo games at the store because it’s your great aunt’s birthday and she wants to party.

The “Puzzle” Thus Far: A Quick Data Privacy Timeline

The California Consumer Privacy Act arrives as a new and shiny addition to a slow and dusty timeline of U.S. privacy regulations.

Let’s take a quick peek at a timeline of some of our nation’s data protection laws:

1974 – Family Educational Rights and Privacy Act: restricts disclosure of educational records

1978 – The Right to Financial Privacy Act: restricts disclosure to the government of financial records of banks and financial institutions

1986 – Computer Fraud and Abuse Act: prohibits unauthorized access to obtaining financial information, causing damage, obtaining something of value, or affecting medical records

1986 – Electronic Communications Privacy Act: protects electronic communications during production, transit, and storage, and applies to email, telephone conversations, and data stored electronically

1988 – Video Privacy Protection Act: prohibits videotape sale and rental companies from disclosing data

1994 – Driver’s Privacy Protection Act: restricts states from disclosing state drivers’ license and motor vehicle records

2000 – The Children’s Online Privacy Protection Act: restricts collection of data from children under the age of 13

2003 – Health Insurance Portability and Accountability Act: protects and establishes standards for the electronic exchange and security of health information

Because the U.S. takes a sectoral approach to regulating privacy, many of the current regulations overlap in some areas while providing gaps in other areas.

For example, the Family Educational Rights and Privacy Act (FERPA) generally covers data like student immunization and medical records, but it sometimes conflicts with COPPA, which only protects data for children under the age of 13.

With ever-growing sources of sensitive and valuable data, and the increasing risk of that data being mishandled and exposed, a need for solid privacy regulations is bigger than ever.

But with a sectoral approach to regulations, the result is that maintaining standards of data privacy becomes a confusing and complicated task.

The Big Picture (Hopefully Not Of Cats)

There was a time when the sectoral approach was deemed by many U.S. organizations to be preferable to a more overarching approach like the GDPR: industries could establish a more “individualized” way of regulation that suited their needs, and the hodgepodge of regulations sometimes created gaps that organizations could fall into.

However, now the gaps are smaller and the replacing overlaps make it significantly more difficult and complicated for organizations to appropriately handle their data. The U.S. is still an outlier in its privacy approach, but now it’s starting to get a really bad rap across the globe.

The new California Consumer Privacy Act of 2018 is one more piece to add to the immense jigsaw puzzle that makes up the U.S.’s approach to privacy laws, but it begs important questions: how well will it fit in with already existing regulations, and how much of an influence will it have in future regulations being established?

Ideally, the nation’s future of data privacy laws will be cohesive, clean, and fit together well in a way that thoroughly protects citizens’ data and is adaptable to numerous industries.

California has made a big step towards the future of data privacy—here’s to hoping that only good things will follow.

March 7, 2018

Looking Ahead: You Own Your Vehicle, But Who Owns Your Vehicle-Generated Data?

If we pause for a moment and think to the future of smart cars, half of us probably start daydreaming of zipping around in sleek flying machines while the other half starts eyeing their plastic model of the Batmobile hanging from the rearview mirror.

But have you ever stopped to think about what’s actually happening with the technological developments of cars? Already we have vehicles with cameras to help you back out of the driveway, touch screens installed into the dash, and the capability of calling your husband to start cooking that pizza before you get home.

We also have connected cars, which have embedded mobile broadband chips and the ability to communicate with other cars in a way that drastically reduces the number of roadside accidents.

And beyond that, we have cars that drive themselves.

As our vehicles are getting smarter, they’re also producing more data. This means your data privacy concerns are not only limited to your personal computer and the apps that your teenage daughter is using—your data privacy concerns now have to do with the car sitting in your driveway that has the capability of generating, recording, and sharing data.

It is projected that there will be over 380 million connected vehicles by 2021.

Your Valuable Data

Cars have evolved beyond basic machinery and are now becoming vehicles of data, capable of sharing where you’re going, how fast you got there, how many people went with you, and what kind of music you listened to.

With sensors and cameras being incorporated into the makeup of vehicles, they can now collect more data than ever before, and this data can be used and analyzed to make more money.

So your vehicle-generated data is the type of information that companies will want to know in order to learn how to better market their products to you, and it’s information that you want to be aware and in charge of.

As the number of data-gathering cars increases, consumers will want to become more aware of what kind of data their car is generating, as well as who keeps that type of private information.

Who Has That Information Now And Who Wants It?

Currently, data-generating vehicles are still in their early years, and it will be a number of years until most vehicles are as up-to-date, so the tug between data ownership is most heavily on the side of the car manufacturers.

But for how long? Who knows.

Without regulation, companies have access to everything within a very large sphere of people’s lives. Think of the amount of data!

And who might be eyeing your vehicle-generated data like a burger fresh off the grill?

Well, really any industry that would gain from learning about a consumer’s driving habits such as speed and regular routes, phone calls, radio or phone usage…even your personal conversations.

For example, this could include radio stations that want to better know what everyone’s listening to. It could include companies who develop car stereo systems and want to know how to cater to their technological-advancing drivers, or insurance companies tracking how many times you use your phone while driving so they can adjust your rates accordingly. It could even include car seat manufacturers who want to do a study on how fast or how carefully most parents drive, and then use that information to design their car seats and market them in a specific way.

Companies like these will want to know things like how you drive, your age, your income, what you buy, or if you have kids. This is the type of information that is pure gold for businesses because it enables them to “know” you and improve the way they market their products to you.

These days, private information is currency, and industries want it for their own gain.

Industries want to make money, and so they want your information.

Suddenly there is yet another massive data mine that consumers need to be aware of as they go about their lives. Just as you would protect your information as you use your phone or computer, now it’s incredibly important to begin thinking about where your vehicle-generated data is going and how you need to protect it.

Today, self-driving cars can generate one gigabyte of data per second, which means just five minutes of driving will produce more data than your iPhone could handle. With this amount of data being gathered, all kinds of business opportunities are arising, and before long the moneymaking data vultures will begin circling above your car.

So the next time you’re driving to work, think about the data that is being generated with every mile, every Bluetooth connection, and every radio station change—those little things we all do without thinking twice. The data your car is generating is valuable and coveted and needs to be secured and protected.

Hack Attack

Worried about your computer getting a virus? Well, what if your car was at risk too?

Yet another source of concern is the safety of your vehicle-generated data from attackers. As vehicle technology continues to evolve, the security of your car desperately needs to adapt with the times. Attackers will move on from mobile phones and laptops to the car sitting in your garage or parked on the street.

Vehicles have become gold mines, and this makes them valuable targets for hackers and malware.

No one with a smart phone or computer wants their device to be targeted for private information and details to be stolen. The same goes for today’s vehicles.

The Cost Of Convenience

Imagine this: your check engine light just turned on and you take it to a mechanic for repairs. Your repairman has access to the data stored on your car and it tells him exactly what’s wrong with it. This would revolutionize the auto-mechanic industry. It expedites the mechanic’s job and therefore saves the consumer money.

But at what cost?

We need to be aware of what we are giving away in the name of convenience. Are the small perks worth the encroachment of privacy? Are they worth the monetization of your data?

Are they worth the very real possibility of someone analyzing every word of every personal conversation and phone call you’ve ever had in your vehicle, including that one with your spouse after celebrating your anniversary, or that one you had with your daughter after picking her up from school?

A Step In The Right Direction

In a recent proposal by a California senator, the contest between vehicle data ownership was confronted and a new bill was unveiled that would allow vehicle owners to see their car’s data and decide whether or not they wanted to share it.

This is an encouraging step in the right direction. But so much more is needed.

As consumers we need to be aware of what is happening in the ever-changing world around us. We need to be realistic in terms of how the marketplace views our data and us: money.

Protecting Your Data

It is our responsibility to hold both the automobile industry and lawmakers accountable for the protection of our rights. We need to mandate transparency from our automakers and require advancements in security and privacy. Additionally, we need to stay current with the knowledge of our rights and our legal protection as new bills are put into place.

The vehicle industry has previously had practically nothing to do with technology and little-to-no need for the security of such. Having no prior experience in this field, automakers need to begin bringing in software analysts, networking engineers, and data scientists to begin shaping the security and privacy we as consumers need.

But we also need consumers to be aware of what is going on.

We need to be aware that our vehicles are becoming data-generating machines on wheels, we need to be aware of what we are sacrificing in the name of comfortable convenience, and we need to be aware of the steps we need to take in order to protect ourselves.

July 17, 2017

Why Free Will Cost You a Fortune

Everyone loves a good deal. Whether it’s an amazing discount or a sale, we experience an endorphin rush when we get a good deal. Things only get better when we hear those magic words we love…“free.”

Nothing gets people more excited than when something is offered for free. If you’ve ever seen a store offering something for free then you know what to expect… a lineup around the corner.

This philosophy gets amplified when we talk about anything offered on the Internet. It is commonly accepted that any services offered through the Internet should be free.

And many websites are happy to oblige. Facebook is free, YouTube is free, Twitter is free…you get the idea.

The thing that no one seems to be asking anymore is “what’s the catch?”

In the real world we usually have an idea about why something is being offered for “free”; maybe they want to get you into the store to buy something else or they want to get you hooked onto the product, but there is always a reason.

Unfortunately we aren’t so inclined to look for a catch when it comes to “free” services online. It’s understandable that people expect online services to be free but it’s important to know why it’s being offered for free.

There is always an ulterior motive for something to be offered for “free” and there is always something that is being compromised in exchange for the “free” service. The level of compromise involved will depend on the service being offered.

Some compromises will be harmless, such as when a service is offered with limited features. However, often, the compromises made are more than the user bargained for when they signed up in the first place.

Ultimately the more we understand about why a service is being offered for “free” online, and the compromises that come with it, the better we can make a decision on whether to proceed with becoming a user.

Awareness is the best defense to ensure that we don’t end up in a situation where something we thought was going to cost nothing (“free”) ends up costing us an arm and a leg (and some other important body parts).

Let’s cover some of the reasons a product or service is being offered online for “free”, along with their level of harm:

Trial Versions/Upgrade Incentives: No different than when a product is offered for “free” in a real life setting, the company wants you to continue using the service (at a cost, naturally) once the trial period is over or upgrade to a paid tier. This is relatively harmless unless the company asks for your credit card to start the “free” trial and will charge you automatically. Then you need to have a good memory or set your calendars to not get charged.
Advertising: Similar to watching TV, a website may offer you a “free” service in order to ratchet up the hits and collect ad revenue. Unlike TV, ads on the internet are ridiculously annoying (TV ads are just mildly annoying). Between popups and flashing banners, some websites are just not worth visiting. This category falls into the “harmless but frustrating” section.
Micropayments: Typically with a service that relies on micropayments, the base tier is “free” but has very limited features and in order to expand the features you have to make some sort of minimal payment (think .99¢) that seems insignificant…at first. However there are many features that need to be unlocked and each one of them will require its own micropayment. In a way micropayments are like a faucet that has a drip. At first you might not think it’s so bad since you only see a drop of water falling at a time, but then you get your monthly water bill and see that it’s triple the usual amount. This is definitely one of those categories that can get out of hand very quickly and cost more than you expect if you aren’t too careful.
Data Mining: Now we’re getting into some bad territory. Data mining is when the service you’re using is harvesting information about you to use for other purposes. Have you ever booked a flight to a city and then seen a bunch of ads for hotels in that same city?…it’s not a coincidence. Sometimes data mining is used only for advertising (relatively harmless) but other times the company wants to collect a profile on you based on the websites you’ve visited, who you interact with, and even your spending habits. Needless to say, depending on the level of privacy you crave, this can be pretty harmful.
Malice: I did say the motives may not be sinister in nature, but sometimes they are. As a wise man once said “some people just want to watch the world burn”. I would be doing you a disservice if I didn’t mention that some “free” online products/services come with lovely add-ons such as viruses, worms, spyware, and malware or they might be used to extract personal information from you, such as your online banking login information. Needless to say, this is the most harmful form of “free” you get online and a good reason of why you need to be very careful about who you trust.

As you can see, not everything that is being offered for “free” is actually without any cost to you. It’s important to take a step back and ask yourself why the provider is offering it for “free”. What’s in it for them?

Do appropriate research and make sure that you aren’t putting yourself in a situation that can be harmful to you or cause you to expose more about yourself than you want.

So, yes, we all love to get something for free…just make sure it doesn’t end up costing you a ton in the end!