Article written by Cynthia Hetherington, president of the Hetherington Group, Robolliance Expert
The synergy that exists between cybersecurity and the need for robotic advancements within security may surprise you. The growing demand for human awareness, investigation and intelligence on issues like the “dark web” mean manpower needs to be availed of routine tasks that robotics, such as UGVs, could take over.
We begin a three-part series on the recognition and removal of personal identity information found through the Internet. Individuals and organizations taking control of their online destiny as opposed to becoming a victim is akin to UGVs for security. We, along with robotics, can become empowered as partners to the guard force and IT departments looking to improve our safety.
Recognizing and removing personal identity information found online
In this combative world of ours, militants will take any advantage to undermine their enemy; they’ll gather home addresses of soldiers serving overseas in order to threaten military families at home. The Islamic State of Iraq and the Levant (ISIL) trying to recruit our youth from an ocean away. The Anonymous joining the ranks of the Crips, the Bloods, and the Hells Angels; characters made romantic by the film industry in such movies as GoodFellas and Scarface, rendered classics by their admirers.
A protester, anti-government, non-conforming anarchist is welcome in America, however once the line of civil disobedience is crossed over into crime, then we Americans must fortify ourselves in order to do our jobs and protect our families.
This article will help you understand the dark side of information.
Data, at its most annoying, is a commodity with social media sites selling your Likes to data providers. Data, at its most dangerous, allows ISIL, from overseas, to farm from open sources the personal addresses of our military and threaten their families. Unfortunately, we ourselves willingly share much of this information. A good deal of the information found in online databases is generated by us and our eagerness to keep our lives simple.
Here are examples - - - Does your keychain look like holiday garland with commercial value cards dangling from it? Gliding through the airport, do you advertise who you are with easily visible bag tags displaying your status and address? Are you, or your family members, regularly checking from either a smartphone or a laptop the Facebook and Instagram updates of friends? Is your wallet bulging with credit and/or debit cards and not dollars? Do your home phones and cell phones receive unsolicited offer/scam calls? Is your postal mail box full of unsolicited offerings? If any of these scenarios apply to you, you are oversharing your information.
Want to get a sense of how much information you generate and spread during an average day? Try the following offline example: Over the course of a week, keep a journal of all the times you share your name, address, phone number, or credit card number, online or not; how often you drive a car through a tollbooth with an automated payment system (such as E-Z Pass or Fast Pass); how often you Like your friend’s social media page; how often you use a grocery store coupon card; how often you pay your bills online; and how often you answer unsolicited email.
After this exercise, you may think completely removing yourself from the online world would be insurmountable. Paying for goods and services with a credit card, and driving through toll stations without having to physically stop to pay the toll, and having a telephone in your home are some of the practical modern conveniences that you rely on almost daily. Give them up? Not likely.
Oddly enough, such personal information has always been readily available—although it required investigative experience and/or a serious commitment to locate these types of details through county courthouses, administrative offices, and other public record venues. Since the advent of the easily accessible and always available World Wide Web, public record companies have become available for anyone to access—over 100 such companies in the U.S. alone. These companies will locate individuals and share personal details about where they live, who lives with them, their ages, and so on, for anyone who searches on them.
From Where Do Companies Get My Name?
Organizations use information from a variety of sources for a variety of reasons. You are familiar with some of them—businesses wanting to send you an offer, companies wanting to better understand their marketplace or to develop new products and improve customer service. In other cases, companies use information to protect you and themselves from risks related to identity fraud.
Most companies rent or buy lists of individuals who they believe are likely to be interested in their products or services. They will use these lists to market to you either offline or online. These lists come from a variety of sources, including public records, telephone directories, and from companies who exchange or rent their customer file for marketing purposes to other organizations who have a legitimate need for the information.
The rental or exchange of customer files has been a common practice for decades and does not pose a security risk to you. The exchange usually involves only the basic contact information and very general information about your purchases. These lists are used to send postal mail or email to you, or phone you, or text you about special promotions or offers. Contacting you in this manner enables a company to more effectively reach out to individuals who are not yet customers, but who might have an interest in or need for their product or service.
It is also common practice for a business or organization to create a marketing file of names, addresses, and other information related to their customers’ purchases. Marketing file information may include household characteristics obtained from surveys you fill out or from general communication with you.
Marketing, however, is only one use for information about you. Early detection and prevention of fraud by verifying your identity is a second use that offers significant benefits to both you and businesses. Being able to correctly recognize a customer—especially when transacting business over the phone, on the Internet, or via a mobile device—can help reduce the chances of that customer becoming a victim of identity fraud.
There are still other uses of personal information you may not have considered, such as courts tracing parents who fail to meet child support obligations, or investigators conducting background checks for the purposes of compliance and anti-fraud initiatives, or law enforcement agencies apprehending criminals, or attorneys searching for missing heirs, or family members looking for lost relatives, to name just a few. All of these suggested uses provide significant benefits to society as a whole and are permitted—even, in some cases, required by various laws, such as background screening for child care center employees and school bus drivers.
What Kind of Information Is Available?
A variety of information is available to businesses and organizations. While most of the information is non-sensitive, some of it can be sensitive. Some examples follow:
Collected primarily from state and federal government sources, this information about you may come from public records, including property deeds, marriage and professional licenses, and birth and death records.
Information is also available from other public records such as court proceedings, voter registration files, driver’s license records, and motor vehicle registrations. Note that various federal and state laws place restrictions on the use of some of these sources.
Publicly Available Information
Some information is considered in the public domain, meaning anyone has access to it. This type of information includes telephone directory listings, professional registries, classified ads, information posted online in chat rooms, on blogs, and in public sections (or areas designated as public) on online social network sites.
Publicly available information is not always regulated by law, but responsible providers self-regulate its use through industry codes of conduct.
Customer information is the sort of information collected when you provide details about yourself to an organization when you inquire about a product, make a donation, make a purchase, register a product warranty, or receive a service. The detailed information you provide can include how to contact you, and a record of your interactions with the company or organization. In some cases, this information is regulated by law, and in other cases by industry practice. It’s worth noting responsible organizations develop their own policies to assure appropriate use of the information.
Information you voluntarily provide on a survey or questionnaire is considered self-reported.
When this type of information is collected, you should be informed of the intended uses and your options for said use. Both law and industry practices limit the use of this information.
Passively Collected Information
The Internet and other technologies, such as mobile devices with location tracking features and interactive televisions, may collect information about you or your device without you having to take any action. In fact, in many cases you may not be aware any collection is taking place. Some of the collection is necessary to provide you a service, such as recording the number of times you go through the express lane of a tollbooth so you can be charged for the toll, or when you have had a car accident and emergency assistance needs to locate your car to send help. The collection of information can also be used to provide you relevant advertising, such as offering a discount on a specialty coffee from a coffee shop you are near, or to provide online advertising tailored to interests that have been identified based on other Web sites you have recently visited or keywords you have recently used in a search. Both law and industry practices limit the use of these types of information.
Personal Identifying Information (Sensitive)
Some information, if used inappropriately, can have more serious consequences. This type of information includes your Social Security number, driver’s license number, medical records, wage and salary information, tax reports, credit reports, and any information that personally identifies your children.
Sensitive information should be kept confidential and is usually not provided to other organizations unless you give specific permission or unless it is permitted, or required, under state or federal law.
In order to develop credit reports, credit reporting agencies gather information from banks and other financial institutions with which you have a relationship. The Federal Trade Commission closely regulates the use of this kind of information as directed by the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA).
In order to assure you will be a responsible employee, or tenant, or insured individual, employers, landlords, and insurance companies may ask your permission to perform a background check on you. This activity involves verifying the information you provided on your application with the source of the data.
Background checks can also involve obtaining a credit report if your financial situation is pertinent to the employer or landlord. The Federal Trade Commission closely regulates these uses of this information as directed by the Fair Credit Reporting Act (FCRA).