Bruce Schneier is an internationally renowned security technologist. He is the author of 13 books on security, including Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, as well as hundreds of articles, essays, and academic papers. In other words, he knows something about security.
So when he says in his recent column published on the CNN website that it’s not just Facebook, it’s thousands of companies that are spying on you, we should take note, because he knows what he’s talking about.
What Facebook knows about you
Mr. Schneier says that the recent firestorm into Facebook’s data collection practices should be concerning, as they collect data from the things we like, our posts (even posts we delete), our photos, and things we do even when we’re not on Facebook.
But it doesn’t stop there. Facebook buys data from other data brokers. With this information, it can infer our sexual orientation, our political views, even whether we are in a relationship or not.
It turns out that there is a whole subsystem of data brokers (more than 2500) whose sole business model is buying and selling our data. We all know about Equifax, who not only monetized our personal information (including our Social Security numbers, addresses, and birth dates) solely for their benefit, but can’t even be trusted to adequately protect it.
We certainly didn’t give Equifax or any other data broker permission to profit off of our data, but the truth is that the entire industry has existed in the shadows for far too long.
There are hundreds of free services on the Internet, such as Google, Facebook, LinkedIn, PayPal and more. While most of us are at least dimly aware that we are exchanging something for this free service, most of us probably did not read the terms and conditions when we signed up (or were able to make sense of them), and thus are probably not aware of just how much these companies know about us.
The whole point of this surveillance is to sell us stuff by serving us ads. But it’s important to understand that this form of personalized advertising is psychological manipulation. At the end of the day, every company wants as much personal information about you as it can get so it can manipulate you better, either by getting you to buy something or perhaps even vote for a candidate.
Your phone is the best tracking device ever invented. It knows (and tracks) everywhere you go. It knows where you work and where you sleep, and even who you sleep with. Many apps collect this tracking information (always read the fine print!). For example, Uber collected that information to detect one-night stands. Is that really the kind of information we want to turn over to companies?
How we can change this
The truth is that surveillance capitalism has operated in the shadows for a long time, and now it’s up to us to force our lawmakers to get these companies into the public spotlight so we can collectively decide what to do about protecting our data.
Instead of companies taking as much data as they can get, we should instead decide what data we want to give to companies. We should be in control of our data from the start, not companies.
There are hints of change on the horizon. In 2016, the EU passed something called the General Data Protection Regulation (GDPR). The GDPR mandates that personal data of Europeans can only be collected for “specific, explicit, and legitimate purposes.” More importantly, it can only be done with explicit consent from the user, and it can’t be buried in terms and conditions. This law takes effect next month. Since almost every company collects data on EU citizens, many are watching what will happen with these companies explicitly explain how they are using your data.
While it’s unclear how or when laws like this will pass here in the U.S., we first need transparency on which companies have our data and what they are doing with it. Are they selling it to others? It is accurate? Are they adequately securing it? Can we delete it if we don’t want them to have it?
At the end of the day, our personal data should be in our control. If we value the importance of privacy, then that privacy should extend to our digital life as well. It’s up to each of us to demand that companies that have our data give us back control over it.