O2, a wireless telecommunications company in the United Kingdom, caused privacy problems for its customers this week when it “mistakenly” started sending out the phone number from mobile handsets to every website the user visited over 3G. According to O2, some routine maintenance had the unintended effect of exposing the phone numbers.
It is standard industry practice for telecommunications companies to share a user’s cell phone number with “selected trusted partners.” Mobile network operators say this is so that these “selected trusted partners” can bill users for premium content such as downloads or ring tones and to identify customers using the network’s special services. What happened is O2’s case is that the routine maintenance changed the white list of trusted third parties to include almost every site on the Internet.
There are two important lessons here. The first, is that every time you use an Internet enabled device, be it a computer, tablet, cell phone or Internet enabled TV, you leave behind a digital finger print. Some devices intentionally send data, about you, to the service provider. As in the case of cell phones, the mobile operators deliberately send out your phone number so that you can be identified and billed. The second lesson is that when a company makes a mistake there is the potential for all of your data to be exposed.
It is the second point that merits further consideration. I will assume that O2 made a genuine mistake. And maybe in this case the harm done was minimal. According to its blog the only information websites had access to was the phone’s number and that could not have been linked to any other identifying information. However recent months have shown that service providers and web sites can fail spectacularly to protect users privacy. Back in December, Facebook performed routine maintenance on its site and upgraded its software. As a result a flaw opened up which allowed people to start downloading private pictures from other people’s accounts. Because of this Facebook’s founder Mark Zuckerberg had pictures from his private collection downloaded and posted publicly. Luckily for Mark all the pictures were nice and friendly. Although Facebook quickly fixed the mistake, don’t be fooled for one moment in thinking that this is the last time private information will be exposed online – on Facebook, or anywhere else.
At the end of last year hackers broke into the website of Strategic Forecasting, a publisher of global intelligence analysis. As a result of the security breach personally identifiable information and related credit card data was taken and posted onto the Internet. Then to add injury to insult, the hackers started to use the credit card information to make donations to charities! As a result of this Stratfor offered all of its affected customers one year of free identity protection coverage with identity protection company CSID.
The real question is this: who will pay if your identity gets stolen or your credit cards get used by online criminals? The management of Stratfor acted professionally and indemnified their customers. But there are millions of websites in the world, and a large portion of those hold private information about their users. If one of them gets hacked or performs routine maintenance that exposes your data, who will protect you?
The answer, of course, is no one! You need to take action to ensure that your private information does become public. First, think before sharing any private information – from personal details like your address, phone number and SSN details to photos, video clips, financial information and documents. Second, be discriminating about how and with who (meaning websites as well as people) you share personal information. Third, use a privacy tool like Firewall Fortify (which secures your Internet connection by monitoring your sensitive information) to protect your online privacy.