This week, the TVO Original documentary The Face of Anonymous premiered. It tells the story of Commander X, an activist who used the internet to protest what he saw as injustices perpetrated by governments, companies, and large organizations.
When we think about our digital privacy, we often think of such hackers as Commander X or those who recently targeted Canada Post, which recently announced that the data of up to 950,000 customers had exposed through a cyberattack.
But our digital privacy is also threatened in more mundane ways — by the tools we use to search the web, track our fitness, or shop online.
Hessie Jones is a digital-privacy expert involved with BEACON Trust Network, a privacy start-up. She also co-founded MyData Canada and is a partner at Matr Ventures. TVO.org speaks with Jones about our digital information, how we can protect it — and why we need to completely rethink privacy policies.
TVO.org: You’ve worked closely with digital data for more than 20 years. Why is it so important to you?
Our journalism depends on you.
You can count on TVO to cover the stories others don’t—to fill the gaps in the ever-changing media landscape. But we can’t do this without you.
Hessie Jones: I started out in data marketing from the perspective of direct mail. So even before digital. The goal of any business is to find the right customers for their products or services. With the limited data that we had way back when — which was, say, location, information, and address — we tried to target the right customers. When digital came along, we had so much more information. It got to the point where we understood location, we understood influence, we knew who your best friends were, etc.
Now we’re getting to the point where we can collect nuanced information about your behaviour through instrumenting your body, your home, etc. Over time, this idea of micro-targeting, to me, crossed a really dangerous line. And I didn’t believe that we needed all that information to sell products or services.
TVO.org: What do you mean by instrumenting the body?
Jones: Google Glass, Apple Watch, those kinds of things. But even the fact that we’re tracking our footsteps for the purposes of tracking our fitness, tracking how often we eat — we’re actually giving a lot of information back to the applications, not realizing how they could potentially be used against us.
TVO.org: What are some of the risks?
Jones: We share data just by clicking on a link. We share data by leaving our phone’s location on. Whatever we search for on the internet, that’s captured. If you watch a video, it will know what kind of video and how long you watched it for. And that’s just Google. We haven’t even talked about third-party applications. When you start to play with a lot of third-party applications, they themselves can sell your information to brokers. And the minute you sell to brokers, brokers can sell to anybody.
TVO.org: When you think of people sharing their data on social media, and elsewhere online, what worries you the most?
Jones: The biggest part of it is digital literacy. People don’t understand. When you’re going out looking for your first job, you don’t realize that everything that you’ve done to date on your social media is up for grabs, because these are open platforms. People are going to these platforms because that’s where their friends are, but they continue to post things not realizing exactly what’s happening with the information that they’re posting, where it’s going, and how that could harm them in the long-term.
TVO.org: Apple recently introduced a feature on its iPhones called “app-tracking transparency.” It tells you which companies are collecting data via your phone apps and gives you the opportunity to stop it. Some say it’s a blow to data-hungry apps such as Facebook. Is that a significant development?
Jones: It is a significant development, because a lot of data collection was happening without people really understanding exactly what was being collected. This feature actually lifts the covers off of each of these applications, so people understand exactly what they’re giving away.
TVO.org: It sounds like iPhone users should enable the feature. What are some other simple things that the average person can do to protect their privacy online?
Jones: It’s privacy, but it’s also security. Use two-factor authentication whenever possible, so it minimizes the chances of your phone or account being hacked. Always use a strong password. If you’re concerned about your information being used on social networks, then use a different email address [to register for those sites]. I always use a separate email account that I don’t really care about for Facebook, Twitter, etc.
People should read the terms of service and privacy policies. The main things they need to know about are what is the company collecting, what are they using your data for, and what are the other third parties that they’re sharing your data with. But we’re still getting there when it comes to privacy policies, and not many people read them regardless — I think they were kind of manufactured that way.
TVO.org: I’m one of those people that doesn’t read the user agreements because, as you said, they’re long, full of legalese, and hard to understand. How realistic is it to expect people to read the terms of service?
Jones: I think the whole procedure needs to be disrupted. Because you need the terms of service as a gateway to actually use an application, which I think is wrong. Somebody told me what’s considered the biggest lie on the internet is where you click a tick box to say, “I understand,” when you really don’t understand. At some point, we have to move away from terms of service and privacy policies as they sit today and embed them within the experience of the website, so that wherever you click and wherever you hover there could potentially be notifications: the minute you click this, this information is going to one of our partners, and they use it for this. I think that has to happen, because you cannot put the onus on the individual to know everything.
This interview has been condensed and edited for length and clarity.
For more on this topic, visit Connected & Compromised: Spotlight on Cybersecurity.