smartphone

Tracked and hacked: Why every internet user should care about cybersecurity and digital privacy

By Tyler Sonnemaker
Medill Reports

Consider all the digital devices you use. Smartphones and tablets. Smart TVs and speakers. Wi-Fi routers and cable boxes. Wearable technology and health trackers. Video game systems. Wireless connections to printers, refrigerators, thermostats, home security systems and other smart appliances. Even cars with onboard computers.

If it’s connected to a network  – and sometimes even if it’s not – your device can be hacked or monitored by anyone from advertisers to criminals to governments. The more devices you use, the more you’re at risk. And once data is collected or intercepted by a third party — whether or not you volunteered it — it can be used against you and you likely won’t be able to do much about it.

Concerned yet? If not, try entering your email into HaveIBeenPwned, a free service created by Microsoft Regional Director and security researcher Troy Hunt to assess whether your online accounts have been compromised. Just last week, Hunt added a collection of nearly 773 million unique email accounts exposed through breaches. By this point, most people have heard about — or been affected by — high-profile data breaches, cyber-attacks, or unwanted data collection. In the past few years, Facebook, Google, Uber, Equifax, Yahoo, Adult Friend Finder, Target, Under Armor and eBay had breaches involving tens and even hundreds of millions of accounts. People also voluntarily offer information without fully knowing what’s being collected or how it’s being used (think Google searches, location data, or car and home loans).

These products and services often offer us extreme convenience in exchange for our information.  In comparison, changing our cybersecurity practices may seem too inconvenient or confusing. And people might think they don’t have any data worth protecting.

Brandon Smith, the freelance journalist who successfully sued the City of Chicago over the release of key video evidence in the Laquan McDonald case, advises you to take your data seriously. “It seems innocuous, but there’s profound value to data brokers, who are getting so much money because the data is so personal. I’ve seen it go for at least $100 per person.”

Aside from snooping advertisers,  the threat of cybercrime still looms. “You only need your bank account cleaned out once to start caring an awful lot about cybersecurity,” said Lisa Hayes, vice president of strategy and general counsel for the Center for Democracy & Technology, a not-for-profit in Washington, D.C. that advocates for stronger free speech protections and privacy controls for internet users.

The potential financial costs and hassle associated with identity theft should be enough for anyone to rethink their digital habits. For those still unconvinced about the need, here are several reasons why everyone — regardless of their net worth or digital footprint — is at risk in cyberspace. 

Dynamic pricing for online shoppers

If you’ve ever shopped online for airline tickets and returned later to make the purchase, you may have noticed that the price went up. That’s just one example of dynamic pricing, where retailers use algorithms to charge customers different prices based on their data.

Internet browsers share information such as whether you’re using an iOS or Android phone, where you are, and whether you’ve visited a website before, which companies can use to infer how much you’d be willing to pay for something. If you live in an affluent zip code or shop on an iPhone, you might be paying more for online purchases.

Health insurance premiums

Services such as 23andMe, wearable technologies including FitBit, and other personal health tech products are creating massive amounts of what Hayes referred to as “quasi-medical” data. She warned that “at some point, data brokers and insurance companies are going to be purchasing and seeing this information, and they will use it to adjust your rates as they see fit.”

However, that data may not be reliable or relevant enough to accurately determining someone’s health risks, and collecting health data this way circumvents important government patient privacy protections such as HIPAA.

Government surveillance and policing

Financially motivated corporations aren’t the only abusers of cyberspace. Law enforcement is increasingly using technology in ways that infringe upon citizens’ civil rights. According to reporting from the Orlando Weekly,  Orlando city officials are testing facial recognition software from Amazon that would enable them to constantly spy on the public, regardless of whether they are suspected of committing a crime, raising numerous privacy and accountability concerns.

Stop LAPD Spying Coalition, a grassroots community organization, revealed that the Los Angeles Police Department employs commercial software that attempts to predict future crime using past crime data, which is already heavily biased itself. This approach ends up concentrating policing efforts on so-called “high-crime” areas, leading to more arrests in those areas. More arrests tell the algorithm to concentrate more policing efforts there, arrest rates rise again, and the cycle repeats itself, further entrenching police bias against particular communities.

More recently, a federal judge in California ruled that police cannot force someone to unlock a phone using biometric information such as a retina or fingerprint. While the law is far from settled here, courts’ interpretations of how civil rights and liberties protected under the Constitution extend to new technologies will no doubt be important.

The digital divide

Each of the issues mentioned here is exacerbated by a growing gap between those who have the money, time and know-how to protect themselves in cyberspace and those who don’t.

For example, Apple products are generally considered to have better encryption and privacy tools, but they also cost more. Sitting down for an hour to research cybersecurity best practices might be more feasible for someone who is digitally-savvy and has access to high-speed internet.

Should current public policies and private practices continue, they will likely widen this digital divide and equal participation in our increasingly digital world.

Feeling frightened or overwhelmed?

These are just a few reasons why it’s important to assess your cyber risks, take steps to become more safe and secure online, and continue to learn about the issues that impact your ability to freely navigate the digital world.

If you have no idea how to get started, stay tuned for my Cybersecurity Basics Guide, as well as Part Two of this piece, which will explore how cybersecurity and data privacy issues are being dealt with by the government, and what that means for individuals.

If you have questions, story ideas, or tips about anything relating to cybersecurity, data privacy and security, or digital best practices, please contact me at tsonn@u.northwestern.edu.

Photo at top: Smartphones store extensive personal information, making them a frequent target for both hackers and advertisers. (Tyler Sonnemaker/MEDILL)