This article got me thinking about my standing policy of always opt out of every option available on privacy agreements.
https://www.zdnet.com/article/us-cell-carriers-selling-access-to-real-time-location-data/
Fortunately, living in a California, I have that option and the
additional option that I must be notified annually about my rights to
opt out of company's selling my private data. Of course, there are so many of these agreements, I can never remember if I had accidentally forgotten to send one in, so I make sure that whenever I get one of the privacy notices that I check all the opt out boxes and mail it back.
I know that some people would say "Who cares if some company knows where I go? It's not like I work on a secret military base or for the CIA or something." Well, that's just not the point.
One of the 'obscure' things that I like to point out when people ask me about information security is that in the information age data is money. Pure and simple, it's just that easy. I refuse to simply give away my information for free so that someone else can go and sell it for their own profit, and give me nothing in exchange. I know that in the marketing departments of these organizations, someone, somewhere says "Look, people are stupid. They'll just give us this info for free and we can make lots of money off of that!"
Two really big things piss me off about that sentiment. One, their assuming that I'm stupid and am incapable of understanding the question if I were openly asked it. Two, when they assume that I wish to automatically opt into giving away my money (private information) for free and hide that fact in some ridiculously long privacy agreement that includes every legal term in the language and stealthily bury my implicit agreement somewhere deep in a document the length of a bible of legal-ese.
The reason this "P.T. Barnum - there's a sucker born every minute" business model works in the US is our nationwide defacto information privacy policy of everyone must opt out or you are automatically assumed to have opted in. In the European Union (EU), they have a different model; citizens are assumed to have automatically opted out, unless they specifically indicate that they wish to opt in. This is the general basis of the whole GDPR thing that everyone is fussing over here in the US when doing business with citizens in the EU; and for that matter 'doing business' can mean that an EU citizen simply visits your web site and reads your blog and doesn't transact any business other than looking at your information.
What happens when every citizen is automatically assumed to wish to opt into the broadest possible interpretation of information sharing is a basic erosion of our personal freedoms. Specifically mentioned in the article is that law enforcement agencies are claiming that they are not performing warrant-less searches because they are simply looking into the data that is provided by a third party and it was that third party that performed the search and the subject of that search specifically opted in to it.
First...really? Law enforcement performing a real time search of my location via a third party application somehow isn't an unconstitutional warrant-less search? So by that logic, if a bank robber steals from a bank, and I mug him as he is leaving the bank with all the stolen money, I can keep the money and have committed no crime, right? Somehow I feel the bank wouldn't see it that way.
Second, I don't recall opting into allowing warrant-less searches of my personal data, and had I been explicitly made aware that I might possibly be doing so, I would never have allowed it. [*update - A hacker strikes back and shows law enforcement weak passwords, that enable would enable others unrestricted access to this resource and the ability to track virtually any cell phone in the US and Canada in real time.]
The whole issue with Facebook and Cambridge Analytica follows this general pattern. Someone that knows me in some capacity opts into a survey or Facebook app and shares their information...fine, it's their right to do so. However, when Facebook and Cambridge Analytica assume that because that person has mentioned me in a post somewhere on their page that I too wish to be opted into their information harvesting is absolutely wrong. I don't know the specific legal term for the concept involved here, but I know that my rights can't be waived without my specific permission. I really hope that the 'shadow profiles' that these companies keep and have come out as a part of this particular controversy are given a thorough consideration by our legislature and rapidly brought under some legal framework. One of the biggest problems with these shadow profiles is that if I don't know such a shadow profile exists and have no direct business relationship with the organization and never been presented with a privacy policy to agree or disagree with; I have no knowledge or warning that I should request to opt out.
So the lesson today is this...when it comes to privacy agreements, always opt out. [**even though my standing preferences with my cell carrier were saved as opt out of everything, they have added a new option for 'third party sharing.' I had to go in and set this to off or opt out for each phone number on my account because they assumed that I wished to opt in when they added this new choice.] Ultimately, you have no idea what future use of your data someone might come up that may not exist today for them to warn you about even if you could comprehend the tiny printed legal-ese of most privacy agreements. Since they are not willing to be clear about what they may do with your data, the safest policy is to say no; you can't have it, you can't share it, and you certainly can't sell it without paying me for it.
No comments:
Post a Comment