The risks of convenience

The EU-wide General Data Protection Regulation (GDPR) will oblige companies to have a data protection officer, to inform authorities and affected individuals of security breaches, and to invest in data encryption and intrusion prevention and detection systems. This should improve the security of sensitive personal data – but it is important to remember that there’s no such thing as a perfectly secure system.

Apostolis Zarras is a cybersecurity expert. At Maastricht’s Department of Data Science and Knowledge Engineering, he studies malicious online activities on a large scale in an effort to make the Internet that little bit safer. “Even big companies, which can hire the best experts, are always compromised to some extent, so it’s important to understand what personal data you’re leaving where.”

Share with care

Social media is an obvious example. “You pay for using a service like Facebook with data about yourself, in particular the kinds of things you’re likely to spend money on.” So share with care, he warns: not only might your career prospects hinge on pictures you uploaded when you were 17, but, more insidiously, you are leaving behind a map of your behaviours and preferences. Zarras cautions especially against exposing children on social media: “You’re not only revealing their habits to your family and friends. You might also be making information publicly available on where they are and when, and what sweets, toys or pets they like – you can see how that could be really problematic.”

He emphasises the importance of educating people. “Nowadays you have to understand that having your password saved in a text file on your computer is like writing your PIN on your bank card, or that opening a compromised website with JavaScript running can allow malware onto your computer.”

ijskast datascience
Florian Raith

CPU & you – software everywhere

The threat of malware, a contraction of malicious software, is by no means limited to laptops; anything with a CPU, which includes all smart devices (phones, cars, vacuum cleaners, etc.), can be affected. “Hackers might just want the processing power of your CPUs to mine for bitcoins, or they might be sending spam emails, generating fake traffic to increase advertising revenue, spreading fake news on social media – everything a computer can be used for. If your smart TV has been compromised, it might be hosting a website with adult content.”

Our daily lives will be increasingly dominated by the Internet of Things, a network of smart devices with CPUs communicating with each other, which knows all our habits and thus makes our lives more convenient. But all that data is stored with companies whose primary aim is profit, not security, and certainly not our privacy. Your hoover bot has created a floor plan of your house, your fridge knows your dietary habits, your heating system knows when you are out of the house, your Fitbit knows when and where you run and sleep, and online retailers know almost everything you own or want.

Towards a greater focus on security and transparency

To Zarras, the GDPR represents a step in the right direction. “Among other things, there’s the ‘right to be forgotten’, so you should be able to view, correct or delete any data companies have on you. They also have to state what data they’re storing and why, and they aren’t allowed to keep it for longer than necessary.” There are some caveats, of course, in that potential fines are capped at around €20 million; just a drop in the bucket for big tech companies. “It also remains to be seen how much political capital the EU would be willing to spend on enforcing the GDPR in a potential showdown with Silicon Valley giants.”

Zarras emphasises that there’s no such thing as a perfectly secure system. With the inevitable trade-off between convenience and privacy, it’s up to individuals to educate themselves and to decide how much risk a service is worth to them. So do read the cookies policy of your favourite website – and surf safely!