Who's Got Your Data?

  • Comments posted to this topic are about the item Who's Got Your Data?

  • At I wrote a while back in another editorial thread, we gather way too much data. And most of it is without pre-defined purpose, low structured and is never actually used. And when it does get used, the low quality gets in the way. But since the person making the call to capture "everything" never directly feels the downside of it, that falls on the IT guys, what other decision is there to make? People are indecisive without knowledge, which equals store everything in this context. It looks safer from a leader perspective to store data that you never use, then it is to not store it and that being used against you when you find out you do need the data later on. Such is human psychology. The reality ofcourse is that just storing data without thinking about its use and the required structure is just as bad as not storing it at all and needing it later on.

  • Frankly, there is no way to escape the decryption power of the NSA. What all sorts of private companies are doing with my purchase data etc. is secondary. It can be annoying, but that's all.

    Far more dangerous are the totalitarian traits of what all kinds of intelligence services in the worlds are doing with us. The CIA and the NSA are under the worst offenders here, by their budget and by their evil willingness.

    Sorry, this is not a technological problem, but an eminently political one. This has nothing to do with the "protection of the people against terrorism" or other fairy tales. This is George Orwell 2.0. Soon arriving at your neighborhood!

  • crussell-931424 (7/3/2013)


    What I worry about is the data getting degraded, "accidentally" changed or whatever, as it moves from one location to another. For example, in your editorial I noticed a couple of typos that I'm sure were never there in your original draft. You said "It's lots constantly" when I am sure you meant lost. Also "...and now many mistakes..." was probably originally how instead of now.

    Thanks for the correction.

    I agree with you that quality issues from degradation are a real problem. In this case, they could result in major problems for someone.

  • info-550580 (7/3/2013)


    ..

    Far more dangerous are the totalitarian traits of what all kinds of intelligence services in the worlds are doing with us. The CIA and the NSA are under the worst offenders here, by their budget and by their evil willingness.

    ...!

    This is true, but as we see from this instance, whatever is collected for commercial purposes can be strong armed by the state. All the big names in the internet world as well as the telcos may be collecting for their own purposes, but are hardly in a position to hold off when the government secretly comes knocking. This should be a serious concern when contemplating moving business to the cloud, as well. If all your information is in house, someone has to present you with a warrant (which you can review with your lawyer)... you may never know about information grabbed from your cloud provider.

    There is a huge risk of false positives from this massive data gathering as well. Some years ago I read about a man charged with arson when his 'loyalty card' showed him buying fire starter sticks similar to the ones used in the fire just before the fire was set. In that case it was only luck, the actual arsonist was arrested for something else and spilled, that saved the innocent guy. In the meantime his life was hell and probably financially devastated (even if you're innocent, criminal defense will wipe out your savings)

    When a visible crime or 'terrorist' event occurs, what's to prevent vacuuming up all people who happened to be in the area (cell phone location, license plate readers etc). License plate readers can be used for legitimate purpose (looking for stolen cars, outstanding warrants) if read, checked, and deleted. There is NO such legitimate purpose for permanently storing the data (where a car was driving or parked and when) which, unfortunately, is how more precincts are starting to use them.

    ...

    -- FORTRAN manual for Xerox Computers --

  • Very good article, Steve, thank you.

    It may be of interest to know that Kamala Harris, the California State Attorney General, posts data breaches on the AG website. You can find more about it here:

    http://oag.ca.gov/ecrime/databreach/reporting

  • At one time our data used to be secured in a file cabinet that was locked when the person in charge of that data was not around. We are a far cry from that. While we have somewhat mastered the ability to store seemingly endless amounts of data as you described, Steve, we have not even begun to master the access controls, restrictions, guidelines, etc that should be placed on that data. Many will express their frustration with things like Sarbanes Oxley or HIPAA yet in the days of the file cabinet you would have had to go through one or two people to get access to that data, and they would be looking over their glasses at you wondering why you need to see it. Even if they did let you have access they would probably only have given you the detail which you needed, not all the other information that you could easily see by looking through the whole file. I have been in the medical records room putting computers in place, being watched by one of the staff to make sure that my eyes were staying on the task at hand. When they all had to leave the room, so did I. Now, with everything going in the database, there are many more people with access to that same data which was once vigilantly protected.

    Somehow we need to get to the place where we are able to master data access in such a way that people, by job definition, only get to see the data that they truly need, and yet all jobs functions are able to work flawlessly without being constrained by those same restrictions. Utopia? Maybe. Regardless, that is going to mean that companies are going to need to put a higher value on security of data, and through that they will force other companies to come up with better ways of controlling that access. You can do that to a certain degree today with the security mechanisms in SQL Server, but something more robust is needed, another layer maybe, that is abstracted to the level of job title / description. Government mandates are not the solution though. You, me, we, putting a value on our data, and holding companies accountable to the security of that data is what is going to drive this. We as the consumer, need to find those companies that are protecting our data, and then use them, regardless of our technical bias, etc. When we start using those companies that are serious about data protection, then you will see more companies doing that. Look at the organic industry. People got serious about the quality of their food, and what was once a small niche market now has every food manufacturer fighting to get a foothold in that market. They have changed for the desires of the consumer. Hmmm, sounds like capitalism at the data level. 🙂

    Just my thoughts.....

    David

    @SQLTentmaker

    “He is no fool who gives what he cannot keep to gain that which he cannot lose” - Jim Elliot

  • Craig-315134 (7/3/2013)


    Very good article, Steve, thank you.

    It may be of interest to know that Kamala Harris, the California State Attorney General, posts data breaches on the AG website. You can find more about it here:

    http://oag.ca.gov/ecrime/databreach/reporting

    thanks

  • David Benoit (7/3/2013)


    ...

    Somehow we need to get to the place where we are able to master data access in such a way that people, by job definition, only get to see the data that they truly need, and yet all jobs functions are able to work flawlessly without being constrained by those same restrictions. Utopia? Maybe.

    I think it is Utopia, mostly because of the overhead of trying to classify data. too often I think we don't know, or don't have the time to spend doing this. How many people actually set up 3-4 roles in a database, and limit the access? Few do, often because we can't easily classify data or entities for a job, and often because as applications evolve, we need to give access to new tables, or portions of tables.

  • Steve,

    Yep, that about sums it up. I've known since Oli North was busted by emails he thought he deleted that anything that is ever online for a single moment can potentially be saved and viewed by others without my knowledge. I am ambivalent about this state of reality. On the one hand, I'm trying hard to blend in with the heard, and hope that the lions stalking us choose someone else to eat for lunch. On the other hand, I try to reduce my electronic footprint whenever possible by: 1) Never signing up for "Club Cards" whenever I have a choice in the matter; 2) I never cache my passwords when signing in to internet sites; 3) I never allow my financial information to be cached; 4) I use a low limit ATM card that I keep < $200 in, for all online purchases; 5) I use Paypal, which uses the same low-limit card, whenever possible to pay for things on the internet; 6) I have a credit-watch service to monitor unusual activity, or who is requesting a credit check on me; 7) I always consider what I'm posting on the internet, with the mantra "would I be OK saying this in a court of law?"; 8) I will identify myself explicitly when I deem it beneficial to me, otherwise I try to anonymize my presence in forums and online whenever possible; 9) I expect that Big Brother (NSA) is monitoring everything I say and write, but I trust my government to do the right thing... most of the time.

    Cheers!

    Banyardi Schmardi

  • Do you also post Federal, State, Regional, and Local government's, political parties', union organizations' and other NGO's data breaches as well as businesses or individuals?

  • Thanks for raising the issue, Steve.

    It's something that needs to be kept in the public eye.

    Data generation /creation is inevitable and so is capture. This reply is being captured somewhere.

    The crux of the matter is what is being done or going to be done with the data.

    The worst mistake of governments and corporations is to deny or force others to deny they are collecting it. They have to be open about what they do with it and also afford individuals the opportunity to access personal data held and check its integrity.

    Movies like Enemy of the State show how data collected about a person can be misused by governments in the name of protecting all of us.

    Disfunctional legislatures compound the problem, because there is nobody there to protect the citizenry.

    They have to stop saying "Trust us. We know what's best for you". That doesn't cut it any more.

  • As a father with daughters, I worry about the indiscriminate abuse by single FBI agents. Let me cross reference birth control pills with condom purchases and bar patronage. Where is that cell phone at this Friday night?

    How about you take short cut to work through a bad part of town.

    You then have to answer questions about your boss, but are asked how your

    wife would feel about you checking out hookers every night?

    Or my favorite from the UK. Kids who get mad at teachers, take a photo of the

    teacher's license plate; print it; rent a car like the teacher's and put the photo

    over the rental's plate. Then run through the red light cameras near the school and the teacher's home.

    Too much data. No way to control it.

    Happy 4th!

  • swwg69 (7/4/2013)


    As a father with daughters, I worry about the indiscriminate abuse by single FBI agents. Let me cross reference birth control pills with condom purchases and bar patronage. Where is that cell phone at this Friday night?

    How about you take short cut to work through a bad part of town.

    You then have to answer questions about your boss, but are asked how your

    wife would feel about you checking out hookers every night?

    Or my favorite from the UK. Kids who get mad at teachers, take a photo of the

    teacher's license plate; print it; rent a car like the teacher's and put the photo

    over the rental's plate. Then run through the red light cameras near the school and the teacher's home.

    Too much data. No way to control it.

    Happy 4th!

    I worry less about taking responsibility for things I (or you) did, but few know about. That is a problem, but abuse by someone that takes advantage of knowledge, for the purpose of attacking/blackmailing/etc. is an issue.

    There have been reports of interns seeing this data, contractors, etc. Those may or may not be people to worry about, but we certainly shouldn't be taking chances. We should be tracking who has access, when, and ensure there are consequences or mining of the miners' actions as well.

  • For years many have said that "if all your actions are legal and ethically clear you have nothing to hide." Well those days are past. You may not be convicted of anything and the law may see you as clean, but there are other eyes looking into that data that are not legally or morally correct. Thieves and rascals are out for all they can pilfer and they will hit any target that is not protected.

    It no longer is an issue of me not doing anything wrong and having nothing to hide. The issue is I want others to know only those things I want them to know to protect my privacy and life. I want some expectation of privacy to exist with no unauthorized collection of data about me and mine.

    Years back we found out that by tagging members of a herd we could track migratory behaviors of elephants, tigers, snow leopards and others. That information was vital in the correction of human practices to protect some very delicate populations of endangered species. But once we had that technology in place we wanted to use it for other things. Scientists because that can are tracking the patterns of the human species and their behaviors without their permission using their cell phones and other devices as the in. Then through sloppy data protections they are "sharing" that data through cracks and lax protections. Or some are simply selling it.

    You are right, this is frightening.

    M...

    Not all gray hairs are Dinosaurs!

Viewing 15 posts - 1 through 15 (of 22 total)

You must be logged in to reply to this topic. Login to reply