Your’s and Mine for Ours.
Headline: Data Minefield
Date: 12/10/2021
Body: OK, this one is a little far afield, but, there were several people who expressed interest in this so, here it goes. Data mining is something that interests a bunch of people. The FTC wrote a great paper on it. Basically, it is a way that companies try to get as much personal data on you as possible. The intent is to eventually figure out how to sell you more goods and services in the future, and they do this by taking large amounts of personal data, and write advertisements that are sniper-bullet targeted to your interests and fears. (They often claim that it is simply so that they serve up only ads that are relevant to you. Yeah, sort of.) Then, they can sell this aggregated data to other vendors who also might want to target you, and people like you. As people so often say, “If you are unsure of what the product is, it’s probably you.”
So, what makes “data mining” possible?
I have seen repeated references to the advancements in data storage and developing algorithms for this rise in data mining. All of this is true: These changes are vital to the developing infrastructure of data mining. But I would argue that a much more interesting development is group psychology. In a quick phrase, we are giving our permission for this to happen. Just think of buying stuff for your household. When I need something, I go to Amazon and buy it. What happens then? Before I checkout, Amazon “helpfully” suggests some other things to buy that often are purchased together. (I bought 500 envelopes and Amazon suggested buying stamps, thru them, of course.) After the sale, I get repeated e-mails reminding me that people who have purchased envelopes in the past often have to purchase new toner cartridges. You get the flavor. But, societally, we really appreciate the speed and convenience of a retailer like Amazon, so we happily give them just a little control over our habits. This trend becomes even more pernicious when it comes to social media. TikTok’s algorithm knows well, that I like videos that show dogs. So, is it a surprise that it also have a penchant for serving up videos that sell dog-related products and services and dog-related not-for-profit organizations seeking donations? No, this is not a surprise, for once again, I have demonstrated my consent by utilizing their “free” application.
But, is this legal and kosher? Well, not sure about the second part, but it appears to be legal. People all over the planet have heard about the Cambridge Analytica scandal on Facebook. The thing that caught my eye, though, is what WAS ok. It was legal to take data from the individuals who signed up for the psychological testing offered, the only thing that was NOT legal, it seems, is the harvesting of data from the “friends” of those who had given their consent. (Lesson from here is to read CAREFULLY the fine print within a “free” offer.) Mr. Zuckerberg was taken to task by one Representative, who said, “Your business is built on trust, and you’re losing trust.” It seems that Facebook and other social media might be ripe for legislative fixes to some of these problems.
In the more financial area, there have been a series of crimes in the U.K. that fall under the Big Data and data-mining rubric. A very sophisticated group of thieves targeted some not-for-profit organizations by sampling the voice of a major figure in their finance arm. Then, they were able to splice together these samples together in such a way that it appeared that a valid order was being given for an “emergency disbursement” of funds into an account they had set up.
So, data-mining is BAD!!
Well, no, not always. Take for instance, healthcare. This is such an intricate area. Different people with the exact same malady will respond differently to the same course of treatment, and this has become a bugbear for clinical medicine to parse. But now, since data mining is possible, even though 2 patients might have the same disease (and even look VERY similar in many respects) patterns seen in thousands of treatments can suggest markedly different therapeutic procedures for each of these patients. And, this is good, as it speeds up healing and can lead to far better clinical outcomes. In a similar manner, if there are many bad outcomes following administration of a single drug or use of a medical device, news of this commonality is quickly seized upon, and new victims are spared.
So… what ARE you saying?
Sometimes power… just is power. Sometimes it is neither good nor bad, but the people wielding it make it so. For example, if a robber has a gun, they can do great harm with it. But, give that gun to a police officer, and they might use it to deter crime or possibly re-unite a child with a frantic parent. So, I guess what we are left with is the requirement to be eternally vigilant.
What can organizations do?
- Understand the types of data that your organization has and the risks that stem from this. Keep up with the expanding research on how to safeguard this type of data.
- Separation of duties is now super-critical. In accounting, a different person should be involved in 3 atttributes of each asset, Authorization, recordkeeping and custody. If disbursing funds, the management official should be authorizing it, the accountant should be keeping records and the Treasurer should be doing the actual disbursing. This separation has always been important and is even more important now.
- Do setup a policy of random audits of your data. Under what circumstances have they been used? Are these uses in agreement with stated policy? If not, there should be consequences for the people involved.
- Encourage your employees through frequent training, to not click on any e-mail traffic when they are unsure of the source. This very simple technique of social engineering can be a powerful source of introducing malware into an otherwise virtuous organization.
What can ordinary people do?
- Sign up with the National “Do Not Call Registry.”
- Do not open any e-mail that you are not sure of the source.
- Carefully check your Privacy settings on Facebook, and understand exactly what you are allowing them to do with your data.
- Cut-off 3rd party apps. (These permissions are buried in the Settings area.)
- Use outside blocking tools. Safari will automatically block some code from spying on you. If you use Firefox, there is an extension called “container” which seems to server a similar purpose.
- Keep your physical location secret. To do this, consider using a Virtual Private Network (VPN) which assigns a new IP address to your system each time you go online.
The Verdict
Some people have tried to learn from the Facebook debacle with Cambridge Analytica and other entities. As a result, many people are deciding to leave Facebook. In my estimation, this is of dubious value. If we have proven anything over the past decades, somebody somewhere is going to design and distribute a newer, shinier, cooler app, used to keep in touch with people. Just as surely as night follows day, somebody else WILL come up with a scheme to make use of this new app to make money or create value for themselves based upon your data. So, once again, it appears that our parents might’ve been right when they warned us, “Don’t talk to strangers.”
REFERENCES
https://www.consumerreports.org/privacy/easy-opt-outs-to-protect-your-privacy-a7017744648/
https://www.cnet.com/news/facebook-cambridge-analytica-data-mining-and-trump-what-you-need-to-know/
https://www.cnet.com/tech/services-and-software/5-tips-on-how-to-keep-your-data-safe-from-facebook/
Editor’s Note: Please note that the information contained herein is meant only for general education: This should not be construed as Tax Advice. Personal attributes could make a material difference in the advice given, so, before taking action, please consult your tax advisor or CPA.