Everyone from Home Depot to Hollywood starlets seems to be having trouble with data breaches. Whether it’s customer credit cards or nude selfies, the hackers seem to be helping themselves to our electronic information, almost at will.

Sometimes, the problem really is beyond our control. If you made a purchase at Home Depot while they were vulnerable, you put your trust in their security measures. The only effective defense against having your credit card info stolen was to pay cash. However, in many cases, there are things we can do to make ourselves, as individuals and businesses, less of a target.

As I explain in the “Anti-Creep” chapter of my new book, Technocreep, digital self-defense starts with being very stingy with your information. As a shopper, I usually give H0 H0 H0 as my postal code, and if questioned, I joke about needing to grow a white beard before Christmas.

Unless I actually expect, and want, a phone call from a merchant, I make up a fake phone number (guidance on choosing it wisely is found in Technocreep). I know one fellow who took it a step further and filled out forms with a 1-900 number, hoping that telemarketers would wind up paying his “Psychic Hotline” $2.99 per minute.

Info-stinginess translates nicely to the business environment. Think twice before collecting any information on your customers, because you’ll look bad if you mis-handle it. Data privacy commissioners around the world use the motto “if you can’t protect it, don’t collect it.” New Zealand’s commissioner has even published a handy guide to help businesses decide if information falls into the “Need to Know” or “Nice to Know” category.

Working against this principle is the burgeoning field of data analytics which can, indeed, translate into huge profits for a business. It says you should collect everything you can, and look for patterns that may translate into future sales.

In Technocreep, I report on the famous “Target Knows Teenage Girl is Pregnant Before Her Father” incident. In a nutshell, the retail giant was able to track a 16-year old girl’s purchases, and infer, from her sudden interest in lotions and vitamins, that she was going to have a baby. As explained in in The New York Times, women in their second trimester are a goldmine because they buy lots of new products and often establish future shopping habits.

Target started mailing her baby goods ads, which angered the father, who was unaware of her condition and stormed in to the store. The assistant manager apologized, but a few weeks later, Dad called and said “it’s my turn to apologize, there were some things going on at my house that I didn’t know about.”

The creepiest part of this story is that, after this was brought to Target’s attention, they came up with a brilliant if somewhat twisted response. They continued sending targeted baby product ads, but mixed in irrelevant items like lawn mowers and wine glasses, on the theory that “as long as we don’t spook her, it works.”

A key premise of my book is that consumers are very smart. They want the deals and discounts and coupons, but they also seek, and deserve, a certain amount of transparency. Mondelez International, maker of Chips Ahoy! and Oreo cookies, is developing smart store shelves with built-in sensors that will monitor passing customers. If you look like a good prospect for cookies, a “just for you” discount coupon might appear. There’s nothing wrong with this, as long as people understand how it works.

And that’s the problem. So much technology has “wheels within wheels” that are hard for the average user to grasp. The New Zealand guide suggests that businesses may turn privacy into a competitive advantage by explaining what they are doing and seeking meaningful consent from users.

I have to be a bit skeptical there, as evidenced by the recent breach of supposedly fleeting Snapchat photos. That app, which claims to handle at least 700 million photos and videos per day, promises that images will appear briefly on the recipient’s phone, and then disappear forever.

A posting on the somewhat shady Internet bulletin board, 4chan, promised to release a large quantity
of these photos. Yet Snapchat insisted it wasn’t hacked. How could that be? Some users wanted to save their own photos, so they used third party apps like Snapsaved.com, which admitted to being victimized.

The biggest lesson for everyone, individual and business alike, is to be skeptical of claims by technology providers. Saying that you will be anonymous, or that content will be deleted, usually means “we’ll do our best but no guarantees.”

Whether you are trusting intimate photos or confidential corporate data to a third party, you need to carry out due diligence and use common sense. I’ve been telling people since Snapchat launched that the recipient could simply take a photo of the fleeting image; so assurances that it vanishes absolutely are mis-guided.

Another trend that I reported in Technocreep is that more and more consumers are fighting back by giving false information to businesses. I contacted several prominent security experts who appear on Wikipedia, and asked why they listed personal info there. “That’s not my real birthdate” was the most common answer. Another fellow posted his Safeway Card barcode online, so that at any given time, there were dozens of incarnations of him shopping at stores all over North America.

As we move into a world where even our genetic information can be captured and analyzed, businesses will certainly want to make use that resource, and consumers will want to buy things from them. Let’s just make sure that everybody knows what’s going on, as those “wheels within wheels” turn in the background.

Dr. Tom Keenan is a professor in the Faculty of Environmental Design at the University of Calgary and a well-known speaker and technology futurist. He is the author of the new book Technocreep (Greystone Books, Vancouver) and can be reached at keenan@ucalgary.ca

Web watch:


How Companies Learn Your Secrets - The New York Times