Curiouser and curiouser

We read in the media much hype about the intrusion of the state authorities into our personal data. Gathering information about when and which numbers have phoned or SMS’d each other (outrageous!) or which e-mail address has had conversations with which others. So is it true? Do they do it? Yes, of course they do - it amazes me that Edward Snowden’s comments were presented as revelations by the broadcast media. It strikes me as very odd that people are apparently more upset about their personal information being analysed by governments than by multi-national corporations - but perhaps that’s because I don’t think I have to worry as much as some about my government abusing my rights.

Government agencies throughout the world analyse any data they can acquire to try to identify people acting against the interests of the state and its people (or the dictator in power at the time). In countries with well developed and empowered legal systems this power to gather and analyse data is sometimes and somewhat curtailed by law, and in democratic or semi-democratic states these laws are often defined by the people’s representatives. The initial gathering of information is rarely done by the state - most data is accumulated first by various service providers and is then aggregated and analysed by the state agencies. Like any other organisations the state agencies typically have limited budgets and need to get value for money in all their efforts but can apply for greater budgets if they can demonstrate a return on the investment. So they’re not going to waste their time on stuff which they think a ‘lesser’ agency should deal with. For example the FBI will not be interested in local drug dealing unless it will lead to resolving a nation-wide (Federal) problem.

So, your state accumulates information and applies unfair techniques to analyse the data to the potential detriment of some of the people? Well yes: to the detriment of anti-state actors - but it’s only unfair if we were not expecting our data to be used that way. So what were you expecting? The majority of these data analysis techniques were developed and adopted by the advertising and marketing industry to identify the targets best suited for particular campaigns. Do we object to our service providers pooling and analysing our data to try to sell us something? Most of us apparently do not - until it gets too intrusive - or we find ourselves considered to be anti-state actors.

Obviously, if we get labelled as an anti-state actor we should be concerned. If it’s true then our cover has been blown and we should run away now. If it’s false and we have not prepared anywhere to run to then things could get really uncomfortable for us - especially in places where the government agencies can override the law whenever they feel like it. However, if it comes down to a difference of opinion (one man’s rebel is another’s freedom fighter) then it gets really tricky. So, ‘on the Internet’ which are you? ‘Glorious freedom fighter intent on changing society to the correct course’ or ‘despicable rebel disrupting the ordered running of the state and the lives of the people’? Probably neither. Most of us are just trying to buy stuff and have it delivered rather than going to find it in the shops or complaining about government services to our friends (‘They really should do something about… «fill in your favourite gripe here»’).

Because information about you is valuable, your state has a limited interest in curtailing the data gathering of large companies - until, of course, they refuse to hand over that data to the state agencies. Some companies’ whole business is based on gathering, cross-referencing and analysing your data with no actual ‘product’ to show for it. A large ‘social media’ company can only afford to run all the servers it uses to gather information from its users through selling access to that data to advertisers and marketeers - obviously not selling or giving away the data itself, they retain control so they can sell the access again and again to different customers. Think about it. Data about you is valuable to advertisers. Why? Is it valuable to anyone else? Again, why?

Other people are curious about us. Finding stuff out about us can give them an advantage in selling stuff to us or negotiating some other deal with us. For example, knowing about your (lack of) residency rights or local language skills might give an unscrupulous employer the edge in negotiating a lower than usual wage for your employment. Our lawmakers can try to wrap all sorts of safeguards (additional rules, regulations and laws) around this sort of thing but unscrupulous people will seek out loopholes and exploit them.

Various organisations are interested in knowing as much as possible about us - this knowledge is valuable to them. If they don’t deal with our data in accordance with the law, then they are acting illegally. In which case there’s no real difference between them and any other organised crime gang.

Oh, but I’m nobody interesting. Who would be interested in my data? Well, I’m nobody too - and here’s a table showing failed attempts by uninvited strangers to log in to my home server over the past month (with a limited number of consecutive failed attempts permitted). If someone already knows stuff about you from social media account(s) then how many log in attempts would they need to guess your password? Yes, YOU. Your password.