Random Digital Madness: Privacy and security in the digital age

By Bill Harp
Reader Tech Columnist

When you use the internet, your entire life’s history and digital habits go on sale, and there is little you can do about it. Begin to understand the significance of this problem by assuming that everything you do on the web is collectible and perhaps stored away for the rest of your lifetime. It can be collated, aggregated and analyzed if required and, in many cases, is already being used to target you with things like focused ads. We should all wake up to the fact that all internet activity can usually be traced to a specific user on a specific machine, and that is you.

I am old school in that I believe in the original literal intent of the Constitution of the United States, especially when it comes to the Bill of Rights. I believe the Constitution was clearly written so regular folks like us could understand it and therefore prevent the government from destroying our inalienable rights. Unfortunately, agencies, lawyers, bureaucrats of all sorts and, yes, even judges continue to muddy that intent with opaque and complex policies, regulations and case laws that regular people can’t understand. Reflect on the tax code for example. Let’s consider the fourth amendment:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

Although not trained in legal issues, I interpret this to mean that the right to privacy and security should apply to all your papers, and that would include your digital resources and activities. In practice today, however, many rights to security do not extend to your personal information and digital resources. I have no doubt that the founding fathers, if teleported to the modern age, would heartily agree that, when they said papers, that includes digital “papers” too. This would be your digital documents, browser history, on-line activities, financial and medical information, phone calls, messages, photos, e-mail, data on all your devices, etc. These items should be private and personal and therefore constitutionally protected. Of course, if an agency needs to investigate a criminal activity, it can go to a judge and swear probable cause and get a warrant. As far as my read of the Constitution is concerned, that is the only provision for the government to search your person or things as provided to the legal system. Oh, but we have unfortunately strayed so far from this clearly worded mandate.

Of course, many folks are oblivious to these facts and help the tracking process by posting whatever strikes their fancy on their favorite social media pages. For example, posted vacation pictures advertise that your house may be vacant and unguarded. If you have any doubt about how easy it is to get your detailed personal information, just go to one of the web sites that barter personal data for coin, such as https://www.intelius.com, and purchase the complete report for yourself.  You will faint, guaranteed, after spending the special price of $39.95 for your background report! And this information does not even include your computer usage, browsing, purchasing and download history. That is a different vendor.

So, want to do something about it?  Well, it is basically too late, and the law works against you in oh-so many ways.  You would think that our elected representatives would go out of their way to protect our collective privacy, no? For the most part the exact opposite is true. Powerful corporate entities and big money have ensured that protection will not happen. Recent Washington and FCC regulation on net neutrality and rights to digital privacy continue to erode the few rights that you currently have. Why is there not a massive, public uproar? Too much money is on the table. Your constitutional right to privacy vs. lobbyists’ big money? You lose … especially when it comes to digital privacy. These issues are complex and often the technical implications difficult to understand. Lobbyist who understand the nuances and significance of privacy issues ensure that their position gets prime consideration over the important public interests.

One of the few tools at your disposal is to encrypt your digital properties. Good encryption will keep your data safe from prying eyes on your local or cloud storage.  Strong, well-managed encryption keeps us safe, secure and private. Without it there would be serious digital chaos, so those uninformed comments that you may hear from politicians and agencies about eliminating encryption for the public are just plain ignorant. However, proper global encryption for your digital resources and activities is rather complex and technically challenging.

The good news is, there are some things you can do. You can purchase a VPN service like the paid service F-Secure Freedome to hide your IP address so third parties such as your ISP can’t re-create or sell your entire browsing history to the highest bidder. Again, you must have a little tech savvy to make this work for you. If you sign on to your computer and have a Gmail, Yahoo or Microsoft e-mail or many other “free” mail services accounts active you are basically toast. A wise man, Andrew Lewis, once said, “If you are not paying for it, you’re not the customer; you’re the product being sold.”  Email was never designed with privacy in mind. To send truly private email, you must use applications such as WhatsApp Messenger or public-private key encryption such as PGP (Pretty Good Privacy). But PGP requires that senders and receivers each share their public key with each other and know how to encrypt and decrypt messages. Here is a good Wikipedia background article on the subject:

https://en.wikipedia.org/wiki/Pretty_Good_Privacy

WhatsApp make encryption somewhat easier to use, but you must use the WhatsApp application.

You should know that SSL (secure socket layer) is the protocol that web sites use to encrypt your session with the site.  So, if you see an https:// with an “s”, you have an encrypted session with the site and third parties can’t see what you are doing in the session. You should also see a secure notice with a little lock icon on your address search bar where you type in the URL. This is typically how you manage financial, medical and other sensitive transactions on the web.  Using SSL, third parties may know what sites you visit but not what you are doing on the sites. Don’t conduct any sensitive sessions (medical, financial or otherwise) on a web site that does not have SSL engaged. With respect to email security, don’t click on any link or download any attachment in an e-mail if you are not absolutely sure of its source.   This is a big invitation for trouble.

You may say that you have nothing to hide; your life is an open book. Your naivety is showing. You will get a whiff of why your privacy is important the moment an embarrassing targeted ad with video comes on screen while you are looking at the internet with your grandchild at your side. These ads can follow you around from device to device too. If you take a moment to reflect on how they do that, you will recognize how pervasive the monitoring and the subtlety of the technical means such as cookies and global logins for tracking your behavior. As you can imagine, this is a complex subject with many angles, but I have use my space up.  If you want to explore these issues, a great place to start is at National Public Radio’s All Tech Considered, Privacy and Security podcasts at:

https://www.npr.org/sections/alltechconsidered/125106005/privacy-security/

If you want to be technically proactive to secure your privacy, then you might read:

https://www.theguardian.com/technology/2016/jul/03/online-security-measures-digital-privacy-guide

Good luck; we all need it!