This article was originally published on Moneyweb Life on 3 February 2009.
Online privacy is largely a myth. Despite all the emphasis on privacy online, once personal information is disclosed online it is public and it is almost possible to claw that personal information back or even assert control over its further dissemination. Often you are not the only person responsible for publishing your personal information online. Friends may publish information about you on their blogs, strangers may publish photographs of you in their Facebook photo albums and a large number of websites you visit on a daily basis collect an array of information about your location, your web browser, your IP address and more.
The Catch-22 is that in order to engage with other people in the social Web you need to disclose more and more information about yourself. You will only be able to meet other cricket fanatics if you disclose the fact that you, too, are a cricket fanatic. You have to disclose your occupation, location and a description of your skills if you want to engage in any form of meaningful business networking and your demographic information is essential if marketers are going to present you with ads that are relevant to you. Even the comments you post on blogs and the questions you may ask on Twitter share yet more information about you and your opinions. It is all part and parcel of being a part of an increasingly connected world and if this scares you, you don’t even want to start thinking about the implications of connected GPS-enabled devices and location sensitive services like Vodacom’s The Grid and, more recently, Google’s Latitude.
Given that there are collections of information about you online with varying degrees of completeness and accuracy, one question that you should ask yourself is how your apparent lack of privacy online affects your privacy offline? Consider for a moment the questions your bank asks for when you phone its call centre for assistance. You are typically asked a series of questions in order to verify your identity:
- your date of birth;
- your identity number;
- your office phone number;
- your postal address;
- your home address; or
- your mobile number.
How much of that information is available online, how easy will it be for a stranger to locate that information and impersonate you and what are the possible consequences? Your relative publicity online can have a profound effect on your off-line privacy. It isn’t just your bank’s verification mechanisms you should be concerned about, there are likely a number of other service providers you interact with over the phone or electronically using just that information you may have disclosed in your Facebook profile or, worse, on a range of websites and services that a devious identity thief has collated and used to build a profile of you.
Fortunately some institutions like banks require further verification in person in order to perform more sensitive tasks like collecting credit cards and establishing payment links to third party bank accounts but all it takes is a little patience and ingenuity to build more detailed profiles and develop even more invasive techniques. Just taking an interest in the paperwork you throw out could help an identity thief obtain your bank account details and more.
A related concern is being able to authenticate callers purporting to represent banks and other sensitive institutions. How many times have you received a call from a person who said he/she was calling from your bank to arrange for delivery of your renewal credit card? Did that person ask you to verify your identity by disclosing your identity number, addresses or other personal information? How do you know they are who they say they are and you weren’t becoming a victim of social engineering and volunteering yet more sensitive personal information? How do customers independently authenticate these callers?
Despite their efforts to secure services like Internet banking, more attention needs to be paid to more analogue services like phone banking and interactions with call centres in light of the growing volume of personal information being disclosed online. These services represent valuable opportunities for criminals and we need more secure alternatives to verifications conducted over the phone using information which may already be compromised.