Category Archives: Discussion

spies-passwords

Could the Internet of Things be used to spy on you?

The Internet of Things functioning primarily as a mass surveillance tool rather than a  world where more things connect to the internet and each other is certainly the view of James Clapper, the US director of national intelligence.

Submitting evidence to the US Senate as part of a regular assessment of current threats faced, he acknowledged the distinct possibility that spies could one day tap into the army of connected devices most of us are expected to acquire as part of the Internet of Things growth, and use it to increase their population surveillance activities.

According to The Guardian, he said: “In the future, intelligence services might use the [internet of things] for identification, surveillance, monitoring, location tracking, and targeting for recruitment, or to gain access to networks or user credentials.”

Scary stuff, right? And not necessarily what you’re thinking of or expecting when you buy that cool thermostat that you can control from your phone, or that upcoming fridge that tells you when you’re running out of something.

His appearance comes in the same week that an influential committee of UK MPs objected to the Government’s proposed Investigatory Powers Bill, saying that it lacks clarity in its privacy protections, and had been pushed forward too quickly for sufficient time and preparation to be spent on it.

These two different stories have one common theme – overreach. And it’s clearly still a huge problem.

We are still often, as a society, locked into thinking that something has to be inherently good or bad, it can’t sit on a fence, when actually few things are that clear-cut.

And nowhere is this truer than in the privacy and data debate. Is it good that authorities have the power to track would-be terrorists and hopefully prevent attacks? Of course, and very few would deny that – but equally that doesn’t mean in any way that we should all give up privacy protections as a result.

One does not absolutely require the other, but rights over the personal data that each and every one of us produce are too easily subsumed in this way if we say nothing.

And so too with the Internet of Things. Clearly some great and useful inventions have, and will, continue to hit the market. Innovation is great and a more connected life makes so many things easier. But again, as has already been shown through hacked baby monitors, for example, the rush to produce and buy cool new stuff should not see a trampling of privacy and security values – by either producers or consumers.

Because there will always be someone or something looking to take advantage of these back doors, and once data is exposed, it’s difficult to have any control over where it goes or what it is used for.

Our personal data is the essence and sum of us online, and we need to value it ourselves before we can expect others to do that for us. So that means taking control of it, being responsible for it, and fighting for its right to be important.

digi.me gives back control over this data to each user, and of course you should all be using it (download it for free here!), but there’s a wider need to be aware of, and take steps to protect, our data in any way we can. Because if we don’t value it, we’re sending out a very bad message to other people looking to use and abuse it too – go right ahead, no-one will stop you.

And nobody wants that.

giant-zero

digi.me as an agent in Doc Searls’ Giant Zero

As the internet subsumes the concepts of distance and time, using our personal agency to create control over our own world becomes ever more important.

Doc Searls, internet visionary and digi.me advisor, identifies the lack of distance online that we are used to in the physical world as a Giant Zero and is clear that we need to understand the ramifications of this new environment fully before we can begin to make the most of it.

In a post on his Harvard blog, he identifies nine key elements needed to create this new world successfully, of which two – privacy and personal agency – are particularly pertinent to digi.me.

He contends – and we agree – that distance has always been used to give “some measure of privacy” in the physical world – but that on the Giant Zero, the world with no distance, it is “ridiculously easy for anyone or anything to spy our browsings and emailings”.

As we have already examined in our blog on the concept of digital privacy, digi.me offers a more private world by allowing users to take back control of their information, in an enhanced form as it is all in one place, and then do what they wish with all that data.

But it is the section concerning agency, where digi.me comes most into its own.

As Doc said: “The original meaning of agency (derived from the Latin word agere, meaning “to do”), is the power to act with full effect in the world. We lost a lot of that when Industry won the Industrial Revolution. We still lose a little bit every time we click “accept” to one-sided terms the other party can change and we can’t.

“We also lose power every time we acquiesce to marketers who call us “assets” they “target,” “capture,” “acquire,” “manage,” “control” and “lock in” as if we were slaves or cattle. In The Giant Zero, however, we can come to the market as equals, in full control of our data and able to bring far more intelligence to the market’s table than companies can ever get through data gathered by surveillance and fed into guesswork mills that: a) stupidly assume that we are always buying something and b) still guess wrong at rates that round to 100% of the time.

“All we need to do is prove that free customers are more valuable than captive ones — to the whole economy. Which we can if we build our own tools for both independence and engagement.”

digi.me is one of those tool he mentions, bringing agency to each and every user, by putting them back in control of their data, giving them the tools to unlock it and then letting them decide what they want to do with it and where they are happy for it to go.

Crucially, digi.me will become an even greater force for agency later this year when our Permissioned Access model arrives, which will allow users to share or exchange their data directly with businesses in return for personalised benefits.

And as businesses benefit as well from the 100 per cent accurate data they are able to see and use in this way, it is a truly a win-win situation for all.

So all hail the Giant Zero – a model for a future which digi.me is actively working towards.

Facebook-people

Facebook celebrates our friendships on its 12th birthday

Facebook turns 12 today – which means for most of us there really was a life before it, however it feels sometimes – and it is celebrating users’ friendships to mark the event.

For what the site has dubbed Friends Day, each will see a custom video that celebrates their own lives and friendships popping up at the top of their News Feed, which only they can see unless they choose to share it on their timeline. You can also view your own by clicking ‘watch yours’ at the bottom of a friend’s video.

I’ve seen mine and it’s nicely done – good choice of friends (social interaction data) as well as some pictures that got a good number of likes and comments (most popular data), overlaid with comments from them and a scrolling screen of friends wishing me happy birthday and other nice things in the past.

So, it’s cute, and I don’t doubt that my timeline will be awash with them as more and more of my friends log on through the course of the day.

But what else is the video really telling us? How much time we spend on the network, for one – and just how many important and significant moments are posted or celebrated there.

It’s also a reminder of how pervasive it has become in just over a decade – I have only a handful of friends not on there, and for many, particularly those living abroad, it’s my sole point of contact with them, and how I keep up with their lives.

There are certainly people on there who I wouldn’t be in touch with at all if it weren’t for the ease of keeping up through FB – not because I don’t like them or they’re not important, but because Facebook just makes keeping in touch so effortless once you’re connected.

And that ease of connection and sharing is obviously a huge factor in the news, announced recently, that Facebook now has 1.1 billion users a day. That’s a huge, huge number – something like one in every 9 people on the planet.

Speaking about why it was celebrating users on Friends Day, Facebook founder and CEO Mark Zuckerberg said: “That’s what the best movements do. You find ways to keep it focused on the needs of the community, and it’s not about you.

“And that’s the whole point of Friends Day. We felt like the world was making it too much about us and it’s not about us.”

In actual fact, Facebook couldn’t be more about you, or me, or all of our friends – because our data and our use makes it what it is, end of.

So if you like how Facebook has explored your data, or have suddenly realised just how much of your life is on there, then our digi.me app and its data backup powers combined with powerful insights about which of your posts or pictures are most liked, or who you most influential followers are, is something you’re going to love. Try a free download now!

 

 

ownership-control

Defining ownership and control in a digital world

Used online, terms such as ownership and control have slightly more fluid connotations than their physical counterparts – but we can still define their context and meaning.

At digi.me, we unlock the power of personal data for users by enabling them to gather and collate information from multiple services, platforms and places in one single library that they own and control.

This library is the only place all this information exists together, allowing instant greater personal insight even before users begin to exchange or share slices of data, on their terms, for convenience, service or reward.

So our users own this data, this library, this collection – but does the data still exist in the original places it was found? Yes it does, but each individual now has a vastly more useful, insightful and comprehensive body of data than ever before, gathered together in a unique form, that they can access at will and exchange or share as wanted, thus controlling as well as owning it.

We’ve occasionally been asked how digi.me can really be returning data ownership to the individual if another copy, which they have no control over, exists, but this shows a limited understanding of the realities of the online world.

More importantly, it would imply ownership could only ever mean that just one copy of something existed, over which you had 100% control that could not be subverted – and this simply does not apply digitally in the same way it does physically.

Let’s give some examples. In the physical world, if I own a car it is mine completely (ignoring any financing), I control it completely, and it is clear and undeniable to others that this is the case.

So far so simple, yes? But even offline, things can be cloudier than they first appear, as simply having something tangible I can hold in my hand does not necessarily confer complete ownership or control.

If I am sent a bank statement, for example, then I own that copy of my financial data and what happens to it- but of course the bank still has all that same data too.

When we move online, it soon becomes clear that concepts of ownership and control have, by necessity and by evolution, become even more fluid.

So if I take a picture of something or someone, I own that image. It’s physically mine, stored on my camera and phone, and I can, crime or loss aside, control who sees it or accesses it.

But if I post it online, to Facebook or Twitter, for example, then things become more complicated. I still own the original photo, but lose control of what happens to the copy that I have shared, in terms of what people can say about it and what they do with it.

Yet my original ownership of the master document, if you will, remains unchanged even despite the presence of potentially multiple other versions.

Applying this principle to our app and the data it enables users to connect to it, it is clear that when you have your data in digi.me, then you own that data.

Other copies of the slices of data that make up the whole still exist, but you own your unique, extended and enhanced version – and where possible and where you are allowed by T&Cs, can seek to delete or, in the future, ask companies to forget these other versions, when the EU-wide General Data Protection Regulation (GDPR) laws come in in 2018.

So what of the original copies of these many slices of data? What happens to them? Well, nothing is the answer. They remain where they were, being of limited or little use to both the individual who created them, or businesses hoping to gain insight into their users.

The bottom line is that our app, uniquely and appealingly, allows users to create and compile an increasingly all-compassing picture of the data from across their lives. One that will continue to evolve, develop and deepen the more they add to it, and one which they will always own and control.

data-privacy-day

Happy #DataPrivacyDay – have 75% off digi.me to celebrate!

As personal data privacy pioneers, we’re delighted to be supporting the international initiative to promote better privacy security and awareness – and are offering 75% off our premium product to help you protect your data for less.

Here at digi.me, your personal data privacy is hugely important to us and, while we free your data to do amazing things for your benefit, we never see, touch or hold any of your personal information. So that’s about as private as you can get.

We know online privacy, as we explored in our recent blog, can be a tricky concept to pin down, but think it’s great that awareness campaigns like this are helping ever greater numbers of people get on top of what information they share with whom.

When even the likes of Google are getting in on the act, it’s clear that data privacy is an issue that arouses a great deal of interest. And we’re delighted that a subject so close to our hearts is finally starting to get the attention it deserves.

So we hope your data has a great day. And that it’s as private as you want it to be.

 

 

privacycampblogb1160x768

#TakeCTRL: American grassroots campaign calls for more data privacy

Thousands of Americans have joined a new campaign calling for greater protection for personal data.

The US has traditionally lagged behind Europe in the importance it places on securing personal data – hence the recent Safe Harbor ruling – but now a campaign to boost privacy protection in 16 states and the nation’s capital is gaining mass support.

The American Civil Liberties Union (ACLU) is co-ordinating the campaign, which aims to pressure federal lawmakers into action, and which has so far seen thousands sign a petition calling for action, as well as take to Twitter under the #TakeCTRL hashtag.

ACLU said in a statement: “Every day, your personal data gets swept up – by location trackers, email and social media apps, and the devices and third party software that you use at school, work, or home.

“And right now there are too few legal limits protecting you from how your data gets used. Your highly sensitive personal data is up for grabs. The government has too much access to it and corporations make billions mining it.

That’s why people around the country are standing up to #TakeCTRL of their data. A bipartisan coalition of legislators in sixteen states and the District of Columbia simultaneously announced legislation to boost privacy protections for students and employees, stop warrantless invasions of your emails and text messages, and safeguard you against location tracking.

“If we can mobilize support for new and effective legislation state-by-state, we can spur a domino effect to create standards across the country.”

The campaign has already received messages of support from prominent privacy activists, including NSA whistleblower Edward Snowden, Anonymous and Alvaro Bedoya, former chief counsel to the Senate subcommittee on privacy.

Many supporters have also posted pictures of themselves on social media holding a poster of the campaign’s main slogan – you have the right to remain private – a reference to the Miranda warning covering the right to remain silent during police questioning.

The bills planned vary from state to state, but fall into ten broad categories all aimed at securing personal communications. More detail and a state-by-state map here.

private

Defining privacy in the digital age – myths, pitfalls and positives

Privacy online has multiple meanings for different platforms and businesses – but what about us here at digi.me?

So much personal information about each of us is scattered about the web, traded, sold on and held in multiple places that we can neither access nor delete, that we can have no realistic expectation of full online privacy.

There can be no absolutes where one form of every kind of data that relates to an individual is owned and controlled by them without exception, and so online privacy is fluid when set against the norms of the offline world.

The last decade has also seen personal perceptions of privacy change and evolve dramatically with the explosion in online services and social networks on which many of us regularly post information which would previously have been considered for personal consumption only.

So how does all of this inform what we are and how we operate?

Well, digi.me deliberately enables a more private world, with more personal data under the control of each individual user, enabling them to use it as they wish, for direct benefits or insights.

But is it a privacy solution? We are often perceived as this but it’s not our primary aim as our strengths and business vision lie around the benefits of data gathering and controlled exchange.

The data still exists where it originated, but its combination with other streams and sources in one private digi.me library controlled by the user creates a body of information that is immensely more powerful than the sum of the parts scattered before this aggregation, as well as being completely private within the app itself.

This, then, is the true value of what we do, unlocking the potential of personal data, by bringing it together and creating greater value with associated complete security, with data only being exchanged or shared on the user’s terms, for their benefit.

But the constituent parts are not private in their original locations, and nor is there any way of making them be so – multiple copies of data are an expectation in the online world not shared by its offline cousin, which deals in physical entities of which often only one exists – a key reason why there can be confusion comparing the two.

Essentially, online privacy remains a fluid force, dependent in great part on the expectations of both parties when information is created and shared. What it means in any given context differs on nuances, with a broad variety of different forms available including private browsing, private sharing and private chat.

So privacy online becomes less about how each of us wants to define it, and more about how the services and platforms we use tell us they are defining it in that particular instance. We can then choose whether or not that is reasonable, and whether or not we, the guardians of our own privacy, want to partake.

Often, as seen with some of the bigger platforms, these terms and definitions will change over time – so part of taking back control of our online privacy is always being aware and as knowledgeable as we can be about what we are sharing, and with whom, and for how long.

There is no quick privacy fix, but one of the aims of digi.me going forward is to return ever more privacy to its users and enable an increasingly private world.

We are already 100% private in our operation, as we never see, touch or hold the data that users collect for their personal libraries. And we will soon enable individuals to exchange selected data with apps/businesses on a direct one to one permissioned basis.

Better for businesses as they get 100% accurate, fully permissioned data, as time goes on more and more businesses will go direct in this way, rather than scraping thinner, less accurate data from around the sides of our searches and transactions as is the predominant model now. A model that is increasingly working for neither the consumers nor businesses, which are increasingly at war over the methods used.

As more and more businesses go direct to individuals, there will be less and less money and demand for the ‘data scalpers’ and slowly their business model will become less economic and will shrink away – leaving the direct, privacy-enabling system as the major route for exchange of data for value.

Thus digi.me will enable a more private world where each user can choose how much data, if any, they are happy to share.

control2

In privacy sharing, context is king (and hurrah say all of us)

Major new research from America has confirmed what many in the personal data privacy world have long suspected – whether or not people want to share their information hinges largely on the context of the request.

The Pew Research Center found that there were a variety of circumstances under which many Americans would share personal information or permit surveillance in return for getting something of perceived value.

The study of 461 adults and nine online focus groups of 80 people found that the vast majority (54% to 24%) think it would be acceptable for employers to install monitoring cameras after a series of thefts, with almost half (47%) also believing that the basic deal with store loyalty cards, which sees purchases tracked in return for occasional discounts, is acceptable – although another 32% think this is unacceptable.

But interestingly, where the benefit was not as clear cut, involved greater intrusion in their lives, or the ongoing collection of data, the proportion of people prepared to trust and take part fell dramatically.

So when offered a scenario in which their energy bill could be reduced by installing a “smart thermostat” that would monitor their movements around the home, most adults (55% to 27%) considered this an unacceptable trade-off. As one survey respondent explained: “There will be no ‘SMART’ anythings in this household. I have enough personal data being stolen by the government and sold [by companies] to spammers now.”

As the report’s authors concluded: “These findings suggest that the phrase that best captures Americans’ views on the choice between privacy vs. disclosure of personal information is, “It depends.”

“People’s views on the key trade-off of the modern, digital economy – namely, that consumers offer information about themselves in exchange for something of value – are shaped by both the conditions of the deal and the circumstances of their lives.

“In extended comments online and through focus groups, people indicated that their interest and overall comfort level depends on the company or organization with which they are bargaining and how trustworthy or safe they perceive the firm to be.

“It depends on what happens to their data after they are collected, especially if the data are made available to third parties. And it also depends on how long the data are retained.”

Here at digi.me, this completely chimes with both our business vision, whereby users are put back in control of their personal data to exchange or share for convenience, service or reward as they see fit, and our belief that the current system is broken beyond repair, with consumers and businesses at war, with neither getting what they want or need.

We are addressing this huge shift through our permissioned access model, releasing later this year, which will allow users to make the best use of their data, for their needs and wants, by adding health and financial data to their current social media life curation to provide a fuller version of their life.

Crucially, as users’ collect the data themselves with digi.me as the enabler, we never see any personal data, ever, and cannot access it under circumstances, so it will only be shared with the businesses they share with directly.

Additionally, new rules coming in across the EU in the next couple of years explicitly forbid details taken for one purpose to be sold on and used for another, so will effectively end third-party data selling.

All of which makes for very pleasing personal data developments, for all of us both personally and commercially.

eu-flag

New EU GDPR regulations: the four key things you need to know

Sweeping new data protection rules will be approved for the EU soon – but what does it actually mean for you and me?

The General Data Protection Regulation (GDPR), which is expected to be ratified by the EU within weeks, replaces a patchwork of data protection laws across the various member states, and is expected to become law within two years.

It is wide-ranging and thorough, returning a lot more power back to individuals over what personal data is collected, what it can be used for and what happens when an individual wants to remove consent, and will apply to all businesses not just based in the EU, but also those dealing with EU citizens.

Very much in tune with digi.me’s vision to unlock the power of personal data by returning control and ownership to those who create that data in the first place, the four main strands that affect individuals are privacy by design, explicit permission, data portability and the right to forget – here’s a quick guide to each:

  1. Privacy by design means that when you download an app or sign up for a service, you should not be asked for data that is not directly needed for the purposes of interacting with that app or service. We should no longer have services asking for capabilities they don’t need, which will immediately restrict data leakage.
  2. Explicit permission means just that – when you give permission to an app or website to have or use your details in one specific way, they can’t use it for any other purpose or, crucially, sell it on to third parties.
  3. Data portability means you will have the right to ask for any data that a company has about you, which should be returned in a machine-readable form so that you can reuse it. This could be through the site’s API, although some may make try to make this tricky for users. One of digi.me’s key differentiators is accessing all these APIs and other interfaces and normalising data from a variety of sources, and we will continue to make life easier for all in this way
  4. Giving someone your data doesn’t mean they will always have access to it – under the GDPR you will be able to revoke permissions and ask companies or platforms to forget it. The two caveats to this are a) that this won’t apply to some information that there is a legal requirement to keep, for example medical records on which a medical decision has been made and b) that it is also a personal right to forget, and not to be confused with the controversy around Google and third parties being told not to link to stories and information about individuals that still exist online.

digi.me founder and chairman Julian Ranger said that the first two measures alone will put each and every individual in a much stronger position, with companies only able to ask for relevant data and then use that information for a specific purpose.

He added that businesses that rely heavily on the sale or trade of third party data are going to see their current business model destroyed and will have to abide by the new rules to get the data they need or want – but crucially directly, not around the side of individuals as now.

He said: “Apps and platforms such as digi.me, which put individuals back in control of their collected data but allow businesses to approach them for permission to use it, will become the new gold standard, as the rights of EU citizens over their data trump the desire of businesses to gather as much as they can.

“Each and every individual will be in a stronger position, while the data businesses do get will be richer and deeper in every way, and thus more useful, although there is no doubt this will be a sea change for many.

“With digi.me, if you own and control your own data, then businesses that request it in an exchange for an offer or service will be fully compliant with all these best practices.

“Fundamentally, with this new legislation, everyone is treating everyone else like proper grown-up adults and it stimulates innovation – good for individuals and businesses alike.”

Oversight of the new legislation, when passed, will be by the existing channels at country and EU level, including the Information Commissioner in the UK, with significant fines for companies found not to be complying.

trust (2)

Are you a reluctant personal data sharer?

A new global study looking at attitudes to privacy and security amongst mobile users has identified lack of trust as the single biggest barrier to growth.

The third annual Global Consumer Trust Report spoke to 5,000 users in both developed and developing markets.

Of these, 36% said the main reason they don’t download or use more mobile apps or services is because they either don’t want to give up their personal information (14%), don’t trust the security (13%) or have had a bad experience or heard negative news stories (both 4 per cent).

However, some better news was that the number of people who had been completely put off using apps by privacy and security concerns has more than halved from 33% to 14%.

The study concludes that this is in part down to the rise of the ‘reluctant sharer’ – with the number of people who do not want to share personal data but accept that they must if they want to use an app rising eight percentage points to 41%.

These reluctant sharers accounted for at least a third of all respondents across the eight countries surveyed, increasing to half of all US and German mobile users (53% and 47%) – a rise of a quarter in the US and a third in Germany.

In terms of the importance of privacy, almost half of those surveyed would pay extra for all app that didn’t share their personal data. Of these, 30 per cent would pay a premium of between 5 and 10%, with 5 % of all consumers even willing to pay more than 50% extra.

Other key findings were that just 6% of people said they were always happy to share personal data from an app – a fall of 15% from 2013.

Social networks are the least trusted app category, with health and medical apps overwhelmingly trusted (86%) despite the sensitivity of the data involved.

Financial information is seen as the most sensitive data (26%), above photos (18%) and contacts (15%).