Dear all
Please post comments by Friday 2nd December for the 1%.
The role of databases is incredibly topical in light of the current events happening across the world. Governments currently see cyber crime as one of the major threats for the future.
For example:
http://www.bbc.co.uk/news/uk-england-london-24077094
What are your thoughts on large databases that hold various details about our lives? Are there advantages in Facebook holding highly detailed datasets on our daily lives? What are the disadvantages of these online datasets if we proffer the information willingly? If these datasets are demanded (e.g. the Census), can we trust the data holders and if not, what should we do?!
Your thoughts please.
Paul
Although there is great play made of the security of data, be it the use of firewalls and encryption, the 'cyber plot' in the BBC article reminds us that data protection continues to require the 'old fashioned' protections afforded to data repositories in the days before computers. The physical security of Santander's office space and in particualr the PC to which the KVM was attached was breached, potentially allowing electronic intrusion.
ReplyDeleteWith the volume of data now being collected data owners need to realise that they must take all steps to prevent unauthorised release, however as data providers (we, the public) need to assume that all data collected, together with derived data such as your location, connections, buying habits etc could be accessed either explicitly or covertly. Personally I have no problem with the mass collection of my data, subject to data owners taking 'reasonable' steps to thwart the illegal hackers, I knowingly provide data to 'Facebook', in the knowledge that it will be shared, collated and combined. There is also a balanced argument for covert collection and storage of ‘private’ data to be used for the common or public good, as has been employed, in response to terrorist threats.
As researchers, we should know how useful and powerful access to census data can be, however the data sets provided are subject to a strict compliance regime imposed to protect against privacy infringement, whilst permitting necessary access to low level data sets, albeit in physically secure data laboratories under controlled conditions.
It's all about balance but don't post anything on 'Facebook' which you wouldn't want your granny to see!
Hi Joe, nice little read. I pretty much agree with all your comments although I personally really do try to limit my social media posts. I spoke to a friend a few years ago that worked in a credit reference agency type role for a private corporation and he told me back then that they were already creating algorithms to work out credit scores for individuals based their personal connections within social media. A few years on, we are already seeing how Insurance companies are trying to use this same technique to determine what price should be on a potential customers head. It has its benefits of course...
DeleteThere are obvious advantages to big data, in terms of modern societal operations, however, recent high profile breaches have served to highlight the inadequateness of current data security provisions to adequately counter cyber terrorism. This is turn leads to a general feeling of uncertainty and a lack of trust within the wider general public. Recent trends have shown that when companies are hacked they are more willing to admit the breech in their security in a proactive manner and initiate steps to contain further impact and implications.
ReplyDeleteDepending on what the database is that’s holding certain information especially important information such as bank details, it does make us wonder if our money and our privacy details are really safe, as from this article it gives an insight into how easy it is for anyone to use a technological device and wipe a bank of millions of pounds. In regards to other databases such as Facebook, Twitter and Instagram, it is your own choice how private you want your profile to be and what details to give out which is some of the advantages, however once those details are given, there is no way of getting them back. With these online datasets and the information we give it can be a disadvantage to us and our future especially when trying to get a full time job, an employer can get access to your social media and see what statuses you post, or pictures and that will decide if you are appropriate for the job. It is all down to social media. Furthermore with these online datasets it is easy for anyone to hack and gain control of your computer, therefore gaining important details such as your bank details. No social media dataset is safe!! If these datasets were demanded for example a census we definitely could not trust the data holders, we have no idea what information they would be giving. The only thing we can do is bring up the topic on privacy and fight for our privacy rights.
ReplyDeleteWe would be unsettled by an individual keeping detailed tabs on us in the way that large databases are currently doing so. I think it unusual that the depersonalisation of the act should make it suddenly acceptable.
ReplyDeleteAs a privileged, white, educated European who was a citizen from birth, my data is unlikely to be scrutinised by my government, or any other. However if one of my identifiers was an “alarm bell” or a “red flag” due to my ethnicity, my religious identification, my sexual orientation or my political affiliation then my data is more like to be scrutinised as in the current practise in the US, Britain, Russia and China.
People say, and have said on this blog that you shouldn't be worried about bulk dataset collection if you have nothing to hide. But what if what you have to hide is your otherness your marginalised status your inalienable identity.
Allowing bulk personal datasets to be recorded and scrutinised by its very nature delineates identities and behaviour into normal and abnormal, in practise this is not done along lines of legality but of identity.
The risk is that bulk personal datasets makes binary, norms of behaviour and can enforce narrowing proscriptions of lifestyle and citizenhood. That they may convert non privileged identity holders into outsiders, and lead to multiple tiers of citizenhood along the lines of conformity. That they stigmatise and alienate the already marginalised.
If a person kept a record of everything you did, most people would be uncomfortable, and at the very least demand justification, why should our response be different if it is an institution or a corporation that is doing the recording? why should it be so silently accepted?
Really interesting points, Sophie!
DeleteBig data is part of life in 2016 and there has to be a degree of trust in government bodies that hold sensitive information such as census data. Social media providers are different in that they are very commercially motivated, and although most people willingly share some personal info through social media activity personally I don't trust Facebook to protect my data - its just too valuable to advertisers. Its also slightly unsettling to get alerts and suggested posts on Facebook that relate to internet activity on a different device (eg desktop PC) - especially when I haven't utilised Facebook on the desktop! The relatively new 'graph search' tool makes it easier to mine data on a small (personal) scale, as it allows data returns from 'natural language queries' (IDG News, 2013) - and you can't opt out. Determined third parties could potentially create a profile of individuals. However, I am still an active user of FB so, along with many others, have accepted data mining as part of an online presence. Despite this there are benefits - especially when dealing with security/terrorist threats where Open Source Intelligence has become an important part of surveillance activity, as it enables police etc to manage threats proactively, but with collection and retention of data restricted through RIPA (Regulation of Investigatory Powers Act). So maybe this is a deal we have all signed up for..'yes, you can use my data if you keep us safe'!
ReplyDeleteI think people in general are reckless with their personal information; however, the volume of people submitting information is so high that the chance of an individual becoming a victim of cyber crime is reduced significantly. Hence the apparent nonchalant behaviour towards personal data protection.
ReplyDeleteFacebook is a social media website and so in the interest of the members, I see no advantage in them possessing highly detailed datasets about anybody. However from a Facebook's point of view I see numerous advantages, most notably from a marketing point of view. Accumulating data on individuals enables Facebook to tailor advertisements specifically to their members and so increases the value of their advertisement spaces.
Any information we give willingly, although covered by the Data Protection Act, could potentially find its way in to the hands of third parties due to clauses outlined in terms and conditions; the terms and conditions that the majority of people do not read or maybe not understand but agree to any way. Also another disadvantage is the potential consequences of the Mosaic effect. This is a scenario when little pieces of personal data located of unrelated databases is collated together to build an individual's profile providing. Such information can then be used to locate individuals, impersonate them etc.
Datasets demanded, for the most part, do not require information such as bank details, sensitive medical conditions, political persuasion etc. and therefore do not possess huge risk.
I believe the data we submit voluntarily is the data the will, most likely, result in the greatest head ache for us in the long run.
Historically, I never gave much thought to submitting information for the national census, it was expected and at minimum a civic duty to complete to help with planning and monitoring for changing populations. However, the advent of digital technology and the ease of access to most of this data certainly gives pause for thought. Granted, there is a degree of 'masking' to hide individual identities but as suggested by another contributor, the 'mosaic' of data available may lead to easier identification of individuals through referencing across a range of platforms.
ReplyDeleteIndividually, we contribute to and share information, and accept that some of this data is used for legitimate purposes - medical, financial, credit referencing, vehicle checks and so forth. There is also acceptance that some of this data is covered by data protection legislation. However this protection is not always evident or obvious within and across social media platforms. Adverts, suggestions, headlines that appear within news feeds and sidebars reflect our browsing preferences. It is often alarming to see shopping or destination suggestions based on searches on other sites.
Large scale data sources can be of use for companies and their users. By analysing a wide range of information, it is possible for companies to refine their services to increase their quality for users. The amount and type of information that an individual is willing to submit, either actively or passively, is really their responsibility. For companies that are storing user information, they also have a responsiblity to protect that information. The problem is that no system is ever truly secure, and the data stored is constantly at risk. For an individual concerned with sharing information, it can be difficult, as information about them can be collected almost without their knowledge (cookies). You should only put information into the public domain that you are happy to have there, as nothing is ever truly deleted.
ReplyDeleteHi Thomas,
DeleteYes, the fact 'no system is ever truly secure' but still have to provide information at times is one aspect I find rather annoying! :)
As I watched the BBC News last night the topic of cyber crime was brought up again, showing how significant of a threat it still is, three years after the article about Santander. I agree with what Joe stated above, that the underlying issue in the Santander case was the lack of physical surveillance within the bank branch itself, people and organisations must recognise the significance of the data they hold and therefore have substantial measures to protect the hardware that holds the data in the first place. The Santander case is something that could have been avoided by proper surveillance of the people using the hardware that holds access to personal databases.
ReplyDeleteLast nights issue included the hacking of over 26,000 private accounts on the National Lottery website where costumer details were compromised. The hack was blamed on costumers using the same passwords for different sites which I think we are all guilty of and therefore hackers were able to gain access to multiple accounts across numerous sites. The news story talked about the "dark web" which I think is a great description as the internet is an amazing thing until it is put into the wrong hands and that is when things go downhill. The other story of cyber crime featured on the BBC News was much more sinister, which included the blackmailing of individuals by using extremely personal and private imagery and videos which have been accessed illegally. This is becoming a bigger problem everyday across the world and has sadly even been linked to numerous suicides. There is a great need for more internet security and this may be achieved by granting access to governing bodies to take action on current security issues.
Obviously it is difficult to put so much trust in people with your personal data but it has to be done at some scale. I believe the census using social media sources would be a great benefit to the government, data would updated more efficiently and effectively. The census carried out by the Office for National Statistics has traditionally been a trustworthy process and I would continue to trust that my information is kept with them and only shared with the greatest anonymity that has always been expressed. The notorious problems with census data include the gaps in data as many people choose not to fill in the forms, using social media will definitely change this and therefore more data will be collected, also the Census forms waste time and are basically out of date by the time they are processed and so keeping 'real time' data would be very effective.
As mentioned in the comments above, sites like Facebook and Instagram will track your browsing history and collate that data, however the use of cookies on most websites is highlighted as soon as you access that page and you are given a choice whether to accept it or not. This choice is extremely important, and I believe that certain surveillance and protection measures from the government would be acceptable as long as the individual has the choice to share the information or not.
It is a complicated topic area and is increasingly diverse as more and more people feel 'threatened' by how much information they share with others and so I am not exactly sure how to deal with the situation. I feel like it is a personal matter which cannot be forced on anyone and so any acts of data mining, surveillance and the general holding/storage of data should all be outlined and explained to the individual using whatever website and let them decide for themselves as to what should be done with their personal information.
So much of our daily lives are now inextricably connected to online activity that large databases to maintain this data are simply a necessity. Looking at Facebook as an example, it seems to me that they use my data to push content they think I’m interested in which can sometimes be useful (although often annoying), but on the other hand they’re actively building up a profile of my online activity which feels very big brotherish! It really worries me how secure my data is within these databases, especially as there seems to be a general increase in ransomware and cybercrime activity these days. I noticed a Facebook advert the other day for a company offering to wipe online activity – which could be one drastic solution – although how successful they would actually be at completely removing my data from what must be a myriad of databases is anyone’s guess – especially if many companies now backup their databases and store it at a different physical location. The rules and regulations in place to ensure the safe keeping of our data must be continually assessed to ensure they’re fit for purpose, particularly as cyber-crime evolves at such a fast pace. I agree with M Os’ comment that I never previously gave much thought to submitting my information to a Census and indeed see it as a duty. Given that the Census is a ‘demanded’ datasets then the government also has an obligation to demonstrate to the public that our data is secure.
ReplyDeleteThere are many benefits to having lots of data collected be this personal information or some other form of data if it is collected in an honest way and used for purposes known to the individual for whom the data is held and secured as best as it can possibly be.
ReplyDeleteHowever, there are obvious issues and disadvantages of having your personal information kept within these databases. There is a risk of theft of information which varies depending on who holds it and the possibility of information being abused in some way.
Unfortunately (or fortunately depending on how you look at the situation), this article just goes to show you can have all the high-tech security on you systems in place but if procedures are not in place or the staff are not up to speed with the treat of social engineering then the 'hackers' will attack the weak link and sometimes succeed.
I mentioned in a reply above that I spoke to a friend a few years ago that worked in a credit reference agency type role for a private corporation and he told me back then that they were already creating algorithms to work out credit scores for individuals based their personal connections within social media. A few years on, we are already seeing how Insurance companies are trying to use this same technique to determine what price should be on a potential customers head.
Personally, I try to limit the information I put on social media and the information I give to businesses when ordering online but other people I know supply unlimited amounts of personal data online and companies understand the importance of information, it is big business and they are ready and waiting to capture all this ‘big data’ whenever and wherever this information becomes available.
This is one reason why I personally dislike having to supply information when forced to but I do see the importance of it even though there is not much I can do to prevent it.
All this said, I personally love analysing data. The power of data (and databases) reminds me of nuclear power, it can be used to improve the lives of many but in the wrong hands, can help create a major disaster!
I personally think that certain systems should not be connected to the internet and should remain offline in terms of their connection to outside sources. Although this would cause particular problems for systems that are needed to be monitored and used frequently it would give complete control over data on smaller networks within one particular site. If daily updates were required, a specific time should be set as the only time when such sensitive systems should be made to upload their data to a connected internet connection. There are also very strong encryption systems set up to prevent the hacking of data being transferred online which would stop the retrieval of usable data from anyone who is hacking into a system. This is a method that is used now on peoples smartphones and other important data holding devices as not even the FBI could gain access to a dead terrorists phone not that long ago. If strong encryption is used to protect such data I can not see how having access to scrambled data would be of much benefit to anyone unless the encryption key for such a system has been compromised. I am not too sure how a physical hack like the use of a KVM would be able to be stopped as this is a way of getting in past encryption, but again surely there were systems in place to monitor and notice a foreign piece of hardware attached to the banks mainframe system. Or does a device like that not get detected by the computer when it is installed?
ReplyDeleteI agree that encryption systems do prevent data theft. However there are always ways around it.
DeleteAn example of how small pieces of information can be used to great effect can be seen in the sky news article below:
http://news.sky.com/story/visa-payment-card-details-guessed-in-seconds-by-hackers-claims-study-10679721
Cybercrime has certainly become a major issue in the 21st century, with a number of massive companies suffering major security breaches, including Sony in 2011 and Google in Silicon Valley in 2009. I honestly believe that no matter what security walls are put in place to protect data, ultimately somebody will find a way to breach it and gain access. Thankfully Santander narrowly avoided this breach but it will not be the last time that a bank or any major corporation experiences these difficulties.
ReplyDeletePersonally, I agree strongly with Sophie views in regards to the fact that we come from a privileged background in comparison to so many others that are a part of our society. I don’t lose any sleep at night worrying about my information on large databases due to these privileges but governments are closely scrutinising other less privileged members of society more rigorously.
In regards to Facebook and social media for that matter, I try and avoid putting too much personal information online. I think social media platforms should be more for entertainment and news rather than serious personal details about people. However, I’m aware that Facebook and other social media outlets monitor information shared and hundreds of millions of people do share personal information daily.
Like I said earlier, regardless of what security we offer today, eventually it will be breached. So I find it hard to declare total trust in every data holder as I doubt they will be able to protect every shred of information provided by the public forever. Providing information to these online datasets results in us running the risk that our information could be mishandled, lost or stolen. We truly don’t know who views our personal information on these datasets. Will we ever?
Threats to our own personal details are something that will not go away in the future, as technology keeps advancing so will the ways cyber criminals work. Unfortunately, it seems that the criminals are one step ahead.
ReplyDeleteReading the BBC article does make you realise how vulnerable your personal information is and whether more could be done to ensure that these databases are secured.
It can’t be helped that large databases occur and on many occasions they are extremely useful to us. If they didn’t exist, the NHS would not be able to run as efficiently and effectively as it does. As all the information about your health is stored on the database to help them identify any abnormalities with your health. It saves a lot of money due to there only one database rather than numerous databases. It can also save time as you don’t have to switch between numerous sets as all the information you need is stored on one area.
Facebook has also been used by the police across the world to solve crimes as the culprits have willingly posted information online about it. Personally, my Facebook account is private so only my friends can see my posts as I have heard of instances where employers have looked up interviewees profiles before interviews to see if they are someone they would want to represent their company.
The main disadvantage to having one major dataset is if the criminal gains access they have countless pieces of data to look through. While if there were numerous datasets it would increase the security and make it harder for them to access all the information.
As I mentioned above, there are always going to be concerns about privacy and confidentiality as you don’t know who has access to the information.
Andrew, the point you make about employers searching social media to support decisions about employment offers is an important one. In my workplace, we constantly emphasise the importance of securing social media accounts and ensuring that open platforms are respectful and circumspect in content and presentation. However, despite this we regularly meet with individuals who have chosen to ignore this advice and are then subject to professional 'review' of some description.
DeleteAndrew, the point you make about employers searching social media to support decisions about employment offers is an important one. In my workplace, we constantly emphasise the importance of securing social media accounts and ensuring that open platforms are respectful and circumspect in content and presentation. However, despite this we regularly meet with individuals who have chosen to ignore this advice and are then subject to professional 'review' of some description.
DeleteWhile i believe using large databases to hold personal data is an extremely practical method, the possibility of obtaining this information through security breaches is concerning to me.
ReplyDeleteFor social networking corporations such as Facebook, it is effortless for personal information to be obtained. While individuals are mostly to blame for their carelessness in the distribution of their personal information, i think there needs to be tighter control of this information on social networking sites. Making profiles completely private should be the default, not the other way around.
Although the distribution of personal data is concerning to me, it is unrealistic for us to believe that our information should be protected at all times by our government. Regardless of the measures we take to protect personal information, there will always be attempts to exploit it. We have to learn to trust the government with our data as we have no choice in the matter.
I agree that large databases can be very practical in terms of providing services efficiently to individuals such as emergency response, healthcare, location based services etc. But I think any personal information that is collected by big databases should only be used for purposes known to the individuals. While individual’s data is ultimately their own responsibility, I think there still needs to be more transparency from companies collecting and using individual’s data such as social media companies. In regards to the BBC news item, the threat of cyber crime appears to be something that is not going to go away. As individuals I guess all we can do is try to manage the release of any personal data as best we can; and try to ensure that any companies storing our data have their own security measures in place to prevent the threat of cyber crime as much as possible.
ReplyDeleteLarge data bases have there role in our lives and can prove invaluable in terms of planning services in communities for example rural transport. Information of this nature would mainly be collected by the government through census. Everywhere you go online data is being collected, to me its only real use appears to be in marketing and sales. One can remain anonymous if one has the time and the will, the software is readily available to hide your on line identity. Security of data sets remains an issue. Cyber crime is an issue and will continue to grow as more aspects of our lives become digitised, criminals will look to take advantage of this.
ReplyDeleteI agree with the comments on data vulnerability, but also think internet users need to take responsibility for their data security. Social media users, in particular, are aware by now that anything they put online is in the public domain, and that the capabilities of the cyber criminal will continue to develop as fast as those of the security professional.
ReplyDeleteSorry I have to do this in stages as my Internet connection keeps disappearing!
ReplyDeletePublicity surrounding the growing number of scams involving websites has served to inform the public in how vulnerable their data is, however we have less control over the collection and dissemination of our data by businesses, and that is probably a more attractive target for the cyber criminal given the volume of data held in databases.
Large databases are just a way of life nowadays. For Facebook, I don't think they have too much data really, besides your Birthday and email address. You don't even have to have any photos on your page and the simple alternative is, don't use it. As a side note, if you Google Image Facebook database ER Diagram, it will make you feel much more comfortable about your own project!
ReplyDeleteI think the data that the Census attempts to carry out is absolutely crucial to the running of a country. For example, I am in the Republic of Ireland and it is compulsory to fill out the Census forms. The data is relatively straightforward in terms of address and religion etc., and it does have a purpose in determining how much the government should spend in a certain area.
I do however agree with Sophie’s sentiments, that with regards to my own data, I have nothing to hide, but I would be vehemently opposed to anyone having access to certain things that might be private to me, but not to others
Databases offer vulnerability in that there is a lack of sense of security from individual users on social networking sites. The users still retain some control over what is posted on these sites. Criminals can employ various methods as we have seen. During the recent US election we heard accusations that email accounts were hacked by the Russians etc. These kind of cyber security breaches, should be a hot topic with the public as it has the potential to affect them. Small scale criminals are now employing a wide range of methods to commit crimes. The article mentioned installation of equipment and the potential outcome it could have. Let’s not forget, as databases become more prominent in our lives and advance, so too will the threats and criminals. As for social media, people should be cautious on the content of their facebook posts, whether it is opinions or other information, For example you wouldn’t post on facebook a photo of your new car followed by a post saying “I’m away on holiday of a life time for next two weeks”, you present yourself as a target.
ReplyDelete