With the recent shift to an almost entirely digitized world, algorithms are drastically changing the way we use the internet, or more accurately, how the internet uses us. Before, planning trips and booking accommodations would take substantial amounts of research. Now, one quick search of the town you wish to go to, and your entire feed will consistently contain pop-ups of hotels, activities, and restaurants within that region. The extreme correlative nature of this no longer leaves room for the speculation of coincidence. So, how are we being fed information that almost perfectly lines up with our target objectives? The answer is simple: through personal data points.
Data points are constantly and continuously being accumulated on every internet user based on their browsing patterns and search histories. The average person has at least 5000 data points categorizing and profiling their internet behaviour per data-mining company. This information is then used to predict behaviour and make recommendations of products, services, advertisements, and media feeds corresponding with a person’s likes and dislikes. The ever-growing “smart” industry producing smart cars, homes, and phones creates a persistent stream of data about our behaviours in all facets of both physical and virtual life.
The data accumulated, however, is not subject to use only in the category in which it was obtained. For instance, when you download a simple game application and give it access to your gaming data, it is also collecting your location, your email, your purchase choices, your surfing patterns, etc. That data is then bought by and sold to numerous companies with vastly different interest ranges and consumer focal points. These innocuous pieces of information, or what seems to the average user to be innocuous, end up in different companies and countries with a wide range of far-reaching uses.
Data is bought and sold by law enforcement, governments, banks, insurers, potential employers, and most importantly, large global tech companies such as Apple, Facebook, and Amazon who accumulate such data to provide information on consumer behaviour. This data can range from health data to education data to what size of clothing one wears. There is no limit to the amount and extent of data that is constantly being collected on internet users. Everything you do, everything you are, is tracked.
All of our data sits in a virtual cloud with no way of knowing who has access to this information. Physical data such as postal codes and addresses no longer matter. What matters are our unique digital identifiers that companies can track and exploit. To these big tech companies who have effectively monetized our data, we are the product. Our likes, our interest, the way we focus our time, spend our money – it’s all a product. We are willingly and consensually giving companies everything they need to know to make money off of us. By predicting our behaviour, they can tell us what we want to buy before we even know ourselves, effectively eliminating our consumer free will. This is the first side of data exploitation: misuse. Companies sell our data, and we, as consumers, are unaware of to whom it is being sold, why it is being sold, and what purpose it will serve. The other side, however, is far more malicious: abuse.
Mark Sangster, Author of “No Safe Harbor: The Inside Truth About Cybercrime and How to Protect Your Business”, and VP and Industry Security Strategist with eSentire, put it simply: “We are living in a virtual reality world, it’s just not what science fiction sold you.” It, unfortunately, is a far more sobering reality than the utopic ideals ushered in with the new age of technology once promised to us. As he explains, “[these companies] think they’re controlling the monster, but they don’t understand the monster is controlling them.” The danger of personal data points, ones to which we have no personal claim, is the weaponization of them. The implication of the sheer amount of information this data holds on almost every single global citizen means countries can weaponize us as the pawns in cyber warfare, something which is already ensuing under the surface. Sangster describes that, while there are the blatant crimes seen within the cyber world such as ransomware attacks and data theft, the softer, underlying side of the cyberwar can be far eviler in its nature. Sewing together fake information or perpetuating propaganda stories about a manner of different topics such as violence or police underfunding are used to sway voters to polarization. These false stories created out of baseless fear establish the playing field for the slow manipulation tactic that is, essentially, the political equivalent of altering stock value through public statements. With this weapon at their disposal, foreign countries can effectively shape the domestic political and ideological structure of an entire country.
The most readily known example of cyber-terrorism and exploitation came to light with Cambridge Analytica’s involvement in the 2016 US election, as well as Brexit. Cambridge Analytica, a data-mining company, had acquired and used Facebook users’ personal data to propagate Trump’s digital campaign and the UK’s LeaveEU Brexit campaign. Using military disinformation campaigning and voter targeting, Cambridge Analytica effectively eliminated the fair and free nature of these respective elections. These treasonous cyber warfare acts were perpetrated using individual data points to reveal and target sway voters with propaganda ads and false information.
Currently, the only way to protect oneself from this exploitation is through not participating in the digital world – an essentially impossible guideline to adhere to. Despite the danger of data point exploitation, virtual data is simply not protected the same way as literal data due to its anonymous nature. Although the data these companies have do not contain your name, they contain almost every single thing about who you are, and have the information needed to predict your behaviour. Still, however, we have no legal claim on harbouring and possessing this crucial information. As Sangster points out, Canadian data laws only protect the privacy of data information which falls under the facets of core, unchangeable, damaging pieces of leaked information regarding personal security – an individuals’ data infrastructure. This would include your name, financial records, social insurance numbers, date of birth, etc., but fails to account for “meta-data” (data points). As well, privacy laws in Canada are built on a complaint-based format which shifts responsibility onto consumers as opposed to companies.
The most stringent law in the world right now concerning data points is the CCPA in California, the legislature triggered in 2018 by the Cambridge Analytica scandal. Under this law, Californian citizens have the right to know where their data gets moved to, who it is sold to, how much it was sold for, and why it was bought and sold in the first place. Individuals can also opt out of data sales and request the deletion of personal information, with some exceptions. Even with this law, however, individuals are merely informed and still have no ability to own or possess this information. Although Facebook may tell you that they sold your data to 3 companies, you have no knowledge or claim on who those 3 companies sold it to, and so on and so forth. Currently, there is no way to properly trace how far your individual data has gone or how many people have bought and sold it.
The right to privacy is one that is readily accepted as a fundamental human right, however, what happens when our globalized world has outgrown the traditional definition? Current sanctions surrounding this right do not account for the shift towards the new virtual reality we live in. Adequate and up-to-date legislation and treaties, specifically within the international sector, are imperative to bringing accurate representations of human rights forward into the digital age. Human beings need their free will adequately protected from global, digital weaponization, as well as consumer purchasing manipulation. This starts with the protection of personal data points. While legislature is typically 3-5 years behind current daily realities, the exponential rate at which AI and technological advancements grow gives an increasing possibility to the rise of a global authoritarian world, one controlled by whoever harbours and weaponizes the latest personal data technology.
Feature Image Illustration by Jim Cooke