On a scale of 1 to 10, how confident are you that your personal data is completely secure?

In the rapidly evolving landscape of technology, where the internet has become ubiquitous, social media continues to proliferate, and mobile devices are becoming more and more accessible, privacy issues, including data breaches, hacking, online fraud, and scamming, show no signs of abating.

In the movie “The Net” (1995), Sandra Bullock, who played the character of a computer programmer “Angela Benett”, emphasises the paramount concern for privacy and security in the age of Information and Communication Technology:

 “Just think about it. Our whole world is sitting there on a computer. It’s in the computer, everything: your, your DMV records, your, your social security, your credit cards, your medical records. It’s all right there. Everyone is stored in there. It’s like this little electronic shadow on each and everyone of us, just, just begging for someone to screw with, and you know what? They’ve done it to me, and you know what? They’re gonna do it to you.”

In this day and age, people are generally aware that disclosing personal information may put them at risk, but why do they still willingly give away their details online?

PRIVACY IN A NUTSHELL

The concept of privacy is multifaceted; thus, despite the numerous attempts to define it, no universal definition could be created. In its simplest form, privacy can then be interpreted using the phrase “the right to let alone” from the famous study (The Right to Privacy) written by Louis Brandeis and Samuel Warren in 1890. Generally speaking, it includes the right to be free from interference, surveillance, and intrusion, to freely associate with whomever one desires, and to have the ability to decide who may access or utilise one’s data (Office of the Australian Information Commissioner, n.d.).

As cited in Flew (2023), Rengel (2013) expounded on the concept of privacy, which she found out can be variously referred to as “…the ability to protect oneself from unwanted access by others, the right to secrecy, control over personal information, protection of one’s personality, individuality, and dignity, and control over one’s intimate relationships or over aspects of one’s life”. 

At the core of privacy are the principles of autonomy, dignity, and personal freedom. In the words of Scheiner (2009):

Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. It is about choice, and having the power to control how you present yourself to the world.” 

Hence, throughout history, societies have put a premium on privacy to maintain a sense of self and foster trust within relationships (Gray Group International, 2024).

SETTING BOUNDARIES

People usually establish personal boundaries and decide what information is disclosed to others. This can vary from person to person, as people may have their own preferences and comfort levels when it comes to sharing personal details. Some people tend to be comfortable disclosing their personal information, while others may be more reserved and prefer not to divulge certain aspects of their lives (Gray Group International, 2024).

However, with the increased reliance on digital technology, private information that was previously segregated now becomes easily available. For instance, the proliferation of social media and the rise of its usage have been partly responsible for reforming privacy norms. It enables people to freely share their views, thoughts, experiences, and even personal information with the world, often without fully understanding the potential risks (Vidya, 2023). People who have bad intentions can now easily access the personal information of their target and successfully launch their attack.

USER ONLINE BEHAVIOUR

According to Westin (2013) in (Castro, 2023), user online behaviour can be segmented into three categories. There are those who are unconcerned about privacy, called “privacy unconcerned,” who generally do not mind companies and organisations collecting their personal data and are contented with the existing set of consumer protections. Westin estimated that about three out of four Americans belong to this group (Castro, 2023).

The other type of group is called “privacy pragmatists, to which most people belong. They appreciate the value and convenience of technology and make online transactions based on the costs and benefits of each opportunity. They are willing to make trade-offs such as signing up for a grocery or shopping store loyalty card in exchange for a discount or sharing contact information with establishments for free Wi-Fi (Castro, 2023). 

On the opposite end of the spectrum are people labelled “privacy fundamentalists” who doubt any organization asking for their personal information and worry about how it will be used and stored. They would prefer more privacy restrictions over more consumer benefits, even if it will cost them more or even if it will cause them inconvenience (Castro, 2023). 

PRIVACY PARADOX EXPLAINED

The term privacy paradox, which was first coined in 2001, explains the inconsistency or discrepancy between people’s intentions to protect their online privacy versus how they actually behave online, resulting in a compromise of their privacy (Stouffer, 2021). Although people claim that they are concerned about their privacy, their actions tell otherwise. This is usually because they find breaking convenient habits or behaviours difficult and do not realise how these will affect their lives. It can also be attributed to the contextual cues that influence people to reveal their information, with the most dominant ones referred to as bandwagon and authority heuristics (Technology Network Informatics, n.d.). If people see that most people share their information, they will think it’s okay for them to disclose their details as well. For the authority cue, if people see a graphic that signals the site is being overseen by a trusted authority, such as a logo or lock symbol, it may make them comfortable with turning private information over to the company.

According to a Pew research conducted in 2019, a majority of Americans think their personal data is less secure now and their offline and online activities are being tracked. Major findings of the study shows that:

  • 81 percent of Americans think the potential risks of collecting data about them outweigh the benefits and/or conveniences of using those companies’ online services;
  • 81 percent of Americans have very little or no control over the data that companies collect about them;
  • 79 percent of Americans are concerned about how companies are using the data they collect about them, yet 59 percent understand very little or nothing about what data companies collect; and
  • 72 percent of Americans feel that all, almost all, or most of what they do online is being tracked by advertisers, technology firms, or other companies.

However, even as Americans say they are worried about different aspects of their digital privacy, many of them admit that they pay little attention to the privacy statements and terms of service they frequently encounter when using online services. Ninety-seven percent of Americans say they are always asked to approve privacy policies and read terms of service, but only 9% or one in five adults say they always read a company’s privacy policy before agreeing to it, while 13% say they often do it. Some (38%) of them sometimes read such policies, but 36% say they never read a company’s privacy policy before agreeing to it. Furthermore, reading privacy policies doesn’t always equate to thoroughness. Among those who claim they read privacy policies before accepting their terms and conditions, only a mere 22% of adults say they read them all the way through. Findings further revealed that there is a general lack of understanding about data privacy laws among Americans where 63% of them say they understand very little or nothing at all about the laws and regulations that are currently in place to protect their data privacy.

Hence, as the privacy paradox so goes, people claim they care about their privacy but aren’t actually prioritising their privacy online, making them more vulnerable to cyberattacks and, in turn, compromising their online privacy.

RISKS OF OVERSHARING

According to a report titled “How to Hack a Human”, released by a human layer security company, Tessian, 84% of people publish personal information on social media every week, and 42% post every day, giving the hackers easy access to the data they need for their attack. Findings further revealed that half of the respondents share names and pictures of their children, while almost 72% mention birthday celebrations, and 81% of workers posted job status updates on social media. Moreover, 55% of respondents stated they have public profiles on Facebook, and just one-third (32%) say their Instagram accounts are private, making it incredibly easy for bad actors to access the sensitive information posted on these accounts (Feeley, n.d.).

In a survey conducted by Milieu Insight, almost half of Malaysians have been scammed (Bernama, 2023). The surge of online fraud and scams was fuelled by the pandemic and increased use of social media. People often think they will never be victims of scams; hence, they do not practice good and safe online habits. One of the respondents shared her experience and narrated how she became a victim. At the height of the pandemic, she received calls and text messages purportedly from the Singaporean police saying she had technically committed a crime. They knew her private details and sent her documents with the Singapore police logo as proof, which made her believe she was communicating with law enforcement officials. They asked for SGD$8,000 (RM27,772) to resolve the issue, and the victim fell for it as the hackers understood her entire background, including her family, where they live, and that they even have a puppy. She thinks that the scammers might have taken her details through her social media accounts (Bernama, 2023).

The proliferation of publicly accessible data has greatly simplified a hacker’s task (Feeley, n.d.). Even though each of these bits of information—a birthday post, a job update, alike—may appear innocuous on its own, hackers will piece them all together to paint a complete image of their targets and make schemes seem as believable as possible. As experts warned, oversharing makes people vulnerable as it paves the way to various online scams and fraud (Bernama, 2023). People who share their daily lives with the world, posting what they are doing, where they are going, and the places they go, who they are with, among others, are the most susceptible to online danger and risks. While some people know not to give their personal details like bank information or address, online safety is not just about protecting these details; it includes being careful about posting photos and locations. 

Experts recommend users to “be paranoid”, as it is the best way to be as secure as possible online (Bernama, 2023).  People may think they have everything under control, but they really don’t. Hence, we need to be vigilant in using social media and online services, including food delivery applications, online banking, online gaming, online shopping, telehealth, and streaming services, among others.

DIGITAL PRIVACY, WHO’S RESPONSIBILITY IT IS?

When credentials get stuffed, what share of responsibility lies with the user, versus the service provider? This thought-provoking question about digital privacy responsibility was spurred by the recent data leak incident that affected over seven million customers of a DNA testing company.

6.9 million records of 23andMe clients, a DNA testing company based in California, were compromised in a data breach that happened between May and September of 2023. The company initially disclosed the details surrounding the incident in October 2023, where user profile information had been accessed and downloaded at the hands of a threat actor (Nelson, 2024). The incident only became known to the company after the data threat actor made a post on the Dark Web claiming they’d acquired the profile information of 23andMe users, then later published alleged data of users with Jewish Ashkenazi descent and Chinese users, being sold for $1 to $10 for the data per individual account.  Two weeks later, the same hacker disclosed 4 million more records allegedly stolen from the company. This prompted the company to enlist the help of outside specialists and begin an enquiry.

According to the investigation, the hackers didn’t breach the company’s internal systems, but instead, they obtained access to about 14,000 accounts using credential stuffing, and then used the site’s optional DNA relatives sharing tool to acquire data from almost seven million more. Hackers were able to access the affected 23andMe accounts using the same credentials (usernames and passwords) used for other websites from which they were stolen (Oldfield, 2024). Hence, the company denies liability over the incident and claims that the users were to blame for whatever data might have been exposed.

The company is facing more than 30 lawsuits, and just recently, the company is being accused of failing to notify users with Ashkenazi Jewish and Chinese heritage that they were specifically the target of the hacker and that their information was collated into lists and were sold on the dark web.

After the incident, 23andMe had taken steps to further protect customer data, including requiring all existing customers to reset their passwords and requiring two-step verification for all new and existing customers. They require all existing customers to utilise email 2-step verification (2SV) as an added layer of protection for their accounts, while new customers will automatically be enrolled in email 2SV when they create their accounts. 

Every user is expected not to use an unhygienic credential, but in this case, the organisation should provide the means to limit the risk of it. Both the users and the company share equal responsibilities in securing personal information.

CONCLUSION

Technological advancement has revolutionised how we communicate, connect with others, share information, and, basically, how we conduct our daily lives. It enables us to bridge distances and foster global connectivity, making communication easier and faster than ever through the internet, social media, and mobile devices (Murugesan, 2023). However, these remarkable benefits, unprecedented opportunities, and conveniences brought about by the interconnected world also come with substantial challenges, the foremost of which is the preservation of digital privacy and security (Olaoye & Adedokun, 2023). 

Indeed, technology makes our lives easier, but that ease comes at a price we often don’t see: our online privacy. Thus, the privacy paradox doesn’t entirely exist because we don’t understand how websites and platforms use our private information. Instead, it happens because we prioritise the conveniences of these platforms over correcting our behaviours to use them safely. We also tend to act in ways inconsistent with our aims because we base our decisions on the trust we place in a website or online platform rather than considering the risks surrounding them, creating a mismatch between our intentions and actions.

REFERENCES:

Auxier B. et.al (2019) Americans and Privacy: Concerned, Confused and Feeling Lack of Control Over Their Personal Information. Pew Research Center. https://www.pewresearch.org/internet/2019/11/15/americans-and-privacy-concerned-confused-and-feeling-lack-of-control-over-their-personal-information/

Bernama. (2023). Scam Alert: How oversharing leaves you vulnerable. News Strait Times. https://www.nst.com.my/news/nation/2023/07/931744/scam-alert-how-oversharing-leaves-you-vulnerable#google_vignette

Castro, D. (2023). Privacy Fundamentalists Don’t Care About the Privacy Preferences of the Silent Majority. Information Technology and Innovation Foundation. https://itif.org/publications/2020/01/28/privacy-fundamentalists-dont-care-about-privacy-preferences-silent-majority

Feeley, M. Too much information: 4 in 5 people are still oversharing personal data on social media. New Digital Age.  https://newdigitalage.co/social-media/too-much-information-4-in-5-people-are-still-oversharing-personal-data-on-social-media/

Flew, Terry (2021) Regulating Platforms. Cambridge: Polity, pp. 72-79. 

Fryer, W. (2024). Digital Privacy Predicaments [Photo]. Flickr https://www.flickr.com/photos/wfryer/53537206679/

Gray Group International (2024). Right to Privacy: Safeguarding Personal Boundaries. https://www.graygroupintl.com/blog/right-to-privacy

Murugesan, H. (2023). The Crucial Role of Technology in Our Modern World:. LinkedIn. https://www.linkedin.com/pulse/crucial-role-technology-our-modern-world-hema-murugasen

Nelson, N. (2024). 23andMe: ‘Negligent’ Users at Fault for Breach of 6.9M Records. Dark Reading. https://www.darkreading.com/cyberattacks-data-breaches/23andme-negligent-users-at-fault-breach-7m-records

Official website of the Office of the Australian Information Commissioner. What is Privacy?https://www.oaic.gov.au/privacy/your-privacy-rights/your-personal-information/what-is-privacy

Olaoye, G. & Adedokun, D. (2023). Digital Privacy and Security in the Age of Information and Communication Technology. https://doi.org/10.13140/RG.2.2.15449.70240

Oldfield, A. (2024). 23andMe faces lawsuit as hackers sell information on users with Jewish heritage.The Times of Israel. https://www.timesofisrael.com/23andme-faces-lawsuit-as-hackers-sell-information-on-users-with-jewish-heritage/

Solanki, R. (2018). Personal Data Privacy issues and the need for technology solution in data flow ecosystem [Photo]. LinkedIn. https://www.linkedin.com/pulse/personal-data-privacy-issues-need-technology-solution-solanki

Stouffer, C. (2021). The privacy paradox: How much privacy are we willing to give up online? Norton. https://us.norton.com/blog/privacy/how-much-privacy-we-give-up

Technology Networks Informatics. (2020). A Privacy Paradox: Why Do People So Readily Give Up Information Online? https://www.technologynetworks.com/informatics/news/a-privacy-paradox-why-do-people-so-readily-give-up-information-online-333948

Vidya, G. (2023). Privacy is Dead in the Digital Advancement? LinkedIn. https://www.linkedin.com/pulse/privacy-dead-digital-advancement-vidya-g

Be the first to comment

Leave a Reply