Skip to main content

tv   Marcus Rogers Discusses Data Collection and Privacy  CSPAN  December 22, 2016 2:27am-3:15am EST

2:27 am
opioid epidemic and the center for the study of the presidency and congress senior fellow james kentfield on his book was explains how the u.s. national security apparatus has adapted to fight post-9/11 terrorism. be sure to watch washington journal at 7:00 a.m. on thursday morning. join the discussion. depthday, january 1, in will feature a live session on the presidency of barack obama. we taking your questions during the program. our white house -- our panel includes white house , a princeton university repressor -- professor and a pulitzer prize .inning journalist
2:28 am
watch in depth live on sunday on book tv on c-span2. >> forensics expert and former crime investigator marcus rogers heads. you -- purdue's -- he spoke about how data is collected online and how it is used by law enforcement and employees. -- and employers. this is 45 minutes. good morning. i am happy to introduce our next speaker. rogers is here at the polytechnic institute at purdue university. he is a forensic research psychologist, you should pay extra for that, that is exciting. [laughter]
2:29 am
>> the university faculty know this is serious, and he went to the american academy of forensic sciences. dr. rogers is the coeditor of privacy and security crime department. his areas of research cover the behavioral aspects of the deviant use of technology, cyber criminal behavior analysis, and understanding cyber terrorism. today, he will be presenting a talk entitled, cyber security and social media, how big is your digital footprint and why should you care? as we do at every one of these, i will ask you to silence electronic devices, but do not turn them off. orhope to see you tweeting posting to facebook, snapchat,
2:30 am
instagram, or whatever flavor of social product you use. i also understand halfway through the presentation, you might stop doing that. please join me in welcoming dr. marcus rogers. [applause] marcus rogers: thank you. can anybody hear me in the back? i have a voice that tends to be in. welcome to "dawn or doom". my talk will be about the concept of the digital footprint. and i will warn you off the back, it will come across on the doomy sidekick i am a tech guy, i have my toys and i do online banking. thisis is not about fear, is about understanding the cost benefit analysis of technology.
2:31 am
nothing in life is without risk. it is the same technology, what is the cost of technology? what is the cost of the convenience we have with these devices? nothing is for free. we know that. so let's talk about the concept of a digital footprint. we will look at what is it? and more important, why should you care? ok, this is a concept that is out there, but with different does it make to meet? what can we do once we understand some of the risks of the footprint? and then we will put our hat on and look at what is coming down the pipe. awarel footprint, we are of the concept of the carbon footprint. it is something that has been in the popular media and we are concerned about how big is our carbon footprint. but very few things about how big is our digital footprint.
2:32 am
and think about it, we are a wired society. especially the next generation, the current generation. they are wired, connected 24/7. they love to share information every 15 minutes and in 140 characters or less. it is a wired society and because of that we have a trail that we leave behind. the concept of a digital footprint is exactly that. it is the information, the artifact, the traces you leave behind when you use technology. when you use the internet. when you drive your car. when you use that smart thermostat. when you do a lot of these things that we do not take into consideration, leave traces of who we are what we like, and what we do. there are two types, there is -- this is really creating, then
2:33 am
when you are surfing the internet, when you are talking on the phone, when you are doing things we do daily. and it is really collected without you knowing it. web, you go and surf the there are things called web -- if you search for a particular term, there is information stored about you because of the ip address. so that is passive. active is what we voluntarily share with companies. think about this, data or information you put on facebook, on your twitter account, your instagram -- and this is information that we voluntarily share. we know we are sharing it, but what is interesting with this and the concept of risk and benefit analysis, while we share it we are not sure what will
2:34 am
happen to the information once it is collected. there is the issue of ok, i shared the information with company x, but what do they do with the information? where does it go? can we control it? should we be worried about it? what is interesting is on the investigative side, there is always a balance between security and privacy. when we are talking about digital footprint and the artifacts or traces, another term that is used, especially in law enforcement, is evidence. -- the an investigation digital footprint can be used as evidence. why is data collected? for several reasons, the main reason is usually to do with money. commercial, there is a commercial reason for doing this. your information is worth a lot
2:35 am
of money. now, your individual information might only be worth pennies, but if you take 50 million people's information, the value of the information has increased. say you have people like direct marketers, they want to send you something. they want to look at where you have gone and what you have done and what you are shopping for, what you got at the grocery store and directly market it to you. because this is a better way of potentially swaying your purchasing opinion, then doing the math -- massmarketing to everybody and not knowing if it is of interest to you. it is like profiling. trying to understand what it is you like, what you do not like, then trying to influence your buying decision. you also have these organizations called data aggregators. what companies do is they are the kind of big daddy, the big
2:36 am
data grandfathers, they collect information from various sources all over, all of these traces, the aggregate the data and supposedly they sell it to a lot of these direct marketers and consumer profilers. so we also have government. and thanks to some of the things that have happened over the past couple of years, the disclosures , the individuals that decided to leak information, we know that various government agencies are looking at this data. our concern about what is happening online. using some of the same information that the marketers and consumer profiling people are doing, and using it for investigation. using it to try to determine the next terrorist attack, using it to determine, is somebody going
2:37 am
to commit a crime or has committed a crime. and then you have others, the cell phone companies collecting information, supposedly for engineering purposes, for purposes of troubleshooting networks, publishing, this is information that while it is used for those purposes, says a lot about where you are, what you have done and where you have gone. and you have health insurance companies, information collected so they can get a medical profile and understand maybe what issues you might have better health related. they could look at passing it on to underwriters so they can look at what is the risk factor much of your policy goal of the next time you try to renew it. information such as that. is there are positives, there something in your health history they can tell you about early so you could be proactive, as opposed to reactive, with
2:38 am
your health care. so there are various reasons why information is being collected. some of it good, some of it back, but mostly it is neutral. good orlection is not evil, it is neutral. it is what we do with the data that determines how much risk there could be. so looking at technology, this is all kind of technology. as we speak, new technologies are coming online to track what you are doing. this became obvious when the last bunch of operating systems were updated and browsers were updated, and in the browsers was the concept of ad blocking. it annoyed the companies trying to collect information on the past information, and -- information, and now they cannot track easily. and if you go to some of these websites with the ad blocking
2:39 am
browsers, it would come back and say, wait a minute, you are using ad blocking browsers. please do not use this, because in order to keep the site going, we need to collect information from you. it is an interesting concept. and you have things like malware . we have heard stories about systems being taken over, information being ripped off of the systems without our knowledge. and you have interesting things like invisible disguise links, they look like one thing and you click on it and it takes is a place different. so there are all kinds of tracking technologies that are both inherent in the technologies we are using, and some are rather creative ways of the companies, those entities i talked about, tracking what you are doing and creating this large database of what you do, where you go, what you like, and
2:40 am
you associate with. when you enter into the data, this is where becomes interesting. this is stuff we share. this is the active side of it. email, texting, you are voluntarily giving information away. , in somee talking cases, what you are talking about -- dependent upon the internet company, even the content of your mail they are allowed to look at. credit card purchases. this is an interesting kind of a positive to using these credit cards, you will find that these companies keep profiles of your buying habits, of spending habits. how many of you have purchased something that was a little bit out of the ordinary, only to get a phone call that says, is this you buying it?
2:41 am
how do you think they are doing that? they are not fitting over your shoulder, they have created a profile and you do not fit it. that is a good thing. especially if that purchase is happening in new york the same time you are in lafayette trying to use your credit card. but to think about the information they have collected in order to develop that consumer profile. twitter, social media, facebook, and those to come, the other technologies to come, part of their business is not to give you free access to their services. it is to collect data and make money off of your data, that is how they stay alive. they market. with data aggregation. at least on the side of the house, we should be aware of the fact that it is being collected and we should have made an informed decision that we are ok with these folks collecting our
2:42 am
data. we should probably go a step further and be ok with what they are doing with it, who are they selling it to, who gets the information and how is it being used. this is the side a little bit easier for us to have control over, as far as what we now think is acceptable risk for our data. so it is collective? we understand why, we have an idea of who, ok, but what? you would be amazed at the information available, especially to get involved and the correlation of a very large data depository and you can start doing trend analysis and pattern analysis. basically, the information that is being collected is enough to create something like a personal narrative, your profile.
2:43 am
what you do from when you get up in the morning to going to bed at night and everything in between. the ultimate big the ultimate big brother from "1984" on how we are being surveilled. there is a lot of information they know, what road you took to work, how fast you want to work, what time you get up, what time you go to work, your coffee brew, what time you get home. this is a lot of information. in the good old days when law-enforcement wanted to be in on someone, they had to do the old-fashioned stakeout. they would get the binoculars outk watch people. to-enforcement does not have do this anymore. you are giving them this data. you're giving them a narrative they can follow.
2:44 am
in a lot of cases this data has been used for good reasons. there are stories of people who got lost. older people i have dementia that wander off, and they are able to be found through the ability of technology through geolocation. to find out where you are, which hotspot your wi-fi came from, where you are sitting. for everything that has a bit of a negative flavor, there is a positive. we are aware of the positives, so i want to educate us on the more risky sides. thispersonal narrative -- is a lot of tricky personal information i am not sure i want everyone to know about. i am not sure i want marketing company to know all this
2:45 am
information. while it could be good for directed marketing, there is a real downside. just briefly, this is some of the information that is data can portray about you. what you like to eat, what you like to drink, what you watch on tv. that is streaming, not necessarily the low price you are paying for it. that cost is the information you collecting about what you like to watch. the business of ratings has changed with streaming video. your partnership status. that could be important for a lot of different reasons. for health care, child custody. the size of your family, your religion, sexual orientation, political affiliation, your circle of friends.
2:46 am
why would we be concerned about who knows who our friends are? there are at least a few reports of individuals who have been applying for loans for credit, who were turned down as being a high risk because the group of friends they associated with were high risk. theidn't fit that profile financial institution font was non risky.was using your choice of friends can affect decisions about you. your current health. telemedicine,h everything is online. i am not sure i want everyone to know i hope information. i am not sure i want my employer to know everything about my health information.
2:47 am
myrman my doctor -- surely doctor, but not my employer. hey can cause people to go , that is a little much. combine this altogether, and it can become much bigger. one of the issues with your digital footprint and collecting this data, you have no way to see if this is an accurate picture of you. think of that. a level data is collected about you. they are creating a digital version of you. i'm going to show you the decisions being made based on the profile. and you do not have access to fact check to make sure it is correct. if anybody does not think there a law oferrors made, this is done on a statistical
2:48 am
basis. i have news for you. there is a good possibility it is not all accurate. why should you care? people say, i am not a criminal, i have nothing to hide. there is not one person in this has something they don't want to be made public. nothing criminal, other reports of our lives that are private. -- but there are parts of our lives that are private. privacy is a big issue. what do i care that this information gets out there? who is going to attack me? you would be surprised. if you simply have a connection to the internet, as you do with your phone, you are a potential victim for someone to attack you. in a lot of cases, they are not after you. intoare in an entry point
2:49 am
your bank, and you become that portal into the institution. used toormation gets create an attack vector to go after something bigger. in some cases, the attack is against you. we have heard about identity theft, they really dark side. let us have a look. what are some of the privacy concerns? a big concern, what if it is inaccurate? essentially you could be denied employment. employers check data, right? they purchased this information from data aggregators and make decisions. it is interesting when i made a decision about what was posted. information on digital footprints is geared toward high school students. the only warning they have is
2:50 am
don't post bad stuff to facebook because you won't get a job. obviously it is a lot more than that. employers will go and purchase information. if it is inaccurate, you will have a problem. credit card companies due diligence. they look at this stuff. they create a risk profile. you can be denied health insurance. public humiliation. you could be slammed, defamed on the internet, have your picture on the front page of the local newspaper. is that theresting media is quick to put these pictures up there. if it happens that if you are innocent and it wasn't you, that is a byline at the back of the paper. that is not going to be a reduction on the front saying oops. you will have to go digging for that. you can basically be found
2:51 am
guilty simply by being in the press. and in some cases, even arrested. information could have shown that your phone, your computer was used to attack a financial institution, your persona was used to create an identity and committed a car. minute.n -- wait a all of a sudden it is you. what if it is inaccurate? you could still be denied unemployment, credit. this information is being used to make some very life-changing decisions. in some cases, even getting into a university. this data should be used in such a way that at least we have a chance of defending ourselves against it, or challenging the
2:52 am
accuracy of it. also from a privacy perspective, why should someone else make money off of your data? it would be a great idea if you got 0.001% of every transaction that was made with your data being sold to somebody else. that would be a pretty good income considering the millions and millions of pieces of information being shared. in some cases, it is without consent. ok, i willingly allow this company to take my data because i want that functionality. i want the convenience of online shopping or fast delivery. i did not agree for these telemarketers that are going to call me at 9:00 a.m. on sunday. where do you think those numbers come from? thanarketers are better
2:53 am
asking, hey, can we have your number so we can bother you 24/7? they are a little smarter than that. they are buying this information. if you do not think that information would have been shared, he would have readily agreed, even if you meant getting deliveries a day early. it is understanding the cost-benefit risk trade-off. one of the questions that comes up, great, but can you ever really be anonymous online with technology? that is a good question. there is not one we can get into here. we feel that the concepts of anonymity gets into the concept of privacy. can you really be practiced? -- be private? my generation and current
2:54 am
generation of digital natives has a completely different definition of privacy. in my generation, privacy is a binary decision. it is either private or it isn't. to the generations since, privacy tends to be on a continuum. something can be kind of private. we are in constant pseudo-privacy, which is bizarre. it is part of that wired cult ure. it is part of the wired generation. let's look at security concerns. to see that this eky internetology ge stuff. look at the information i have shown before. somebody knows which way you drive to work, which coffee shop you go to, where you take your lunch, which park your kids play
2:55 am
at in between what hours. informationt of that someone with various plans could use in the real world to do physical stuff. physical kidnapping. if you look at the counter surveillance a plot of big companies do, one thing they told to do is don't share your daily plans with anybody. take a different route toward every time you go. don't be an easy target. if you are willing to share that information, then we are becoming very easy targets. people also have things like cyber stalking, which is kind of the new trend. you have identity theft, or criminal account takeover. the rate of identity theft is amazing. it is staggering. about one year ago, the statistics i saw was that it was the fastest-growing nonviolent
2:56 am
criminal activity in the world. i don't know how many millions, but the chances of being a victim of identity theft is extremely high. where do you think they get the information from? from these same data sources. these data breaches from these data aggregators have all this information about you. not only can they create a digital persona of you, someone can take that and great a physical persona and go apply for that loan. in some cases, file a tax return that claims the irs owes you money. staggering.raud is one of the studies said it was a 200% increase since last year. nothing worse than going to file your income tax only to be told
2:57 am
by the irs, oh, we already cut your check for $5,000. we sent it to your house in new york. i, item with the new york -- don't live in new york? i will take the $5,000 if you want to give it to me. now the fun starts. now you have to prove you did not make that return. when i say fun, i don't mean fun. it's not fun. there is a high risk that is going to happen. this is not just privacy, there are real-world security concerns. but it can be used for good. i for o would not want to go back to the daysne of having to wait three weeks for a catalog. i would love to go online. i would stop by and have it the next day.
2:58 am
i don't want to go back. big university. i don't want to go back to the days where we have to line up at the forums. it is nice to be able to do it online. it's nice to be able to file your tax return online. you don't have to mail it. streamlined health care. there have been numerous cases where the information aggregated has saved someone's life. in some countries, the pharmacies actually have large databases. at least a couple of instances, they were able to save somebody from taking two different types of medication that would have killed them combined. they were able to go to the pharmacist, wait a minute, you are taking such and such?
2:59 am
you can't take this because that will kill you. being used to determine disease outbreaks, zika, hnh1, avian bird flu. to find out where patient zero is. my friends who do ep genealogies -- do epidemiology, trying to isd that hotspot ground zero essential. it is the wintertime, and flu season happens. the pharmacies can start stocking up. they get reports from the cdc. ? indiana isfolks getting hit because people are googling flu symptoms. the information is being collected. it is being used to protect. -- used to predict. we better start stocking up at
3:00 am
the pharmacy because the flu is rising. data has been able to prevent suicides. through the users and their own monitoring, they were able to determine the information and attitudes of the individual who had this social media site was becoming very dark and negative. they were going into a very bad place. they were able to do early intervention, call workgroups and present somebody from committing suicide. to me, that is a pretty big positive. public personal safety. warnings on your phone now. you don't have to buy the darn storm radio that you can't find the batteries for. this summer there was a lot of flooding in my area.
3:01 am
through theo work, work of geo sensing, i have a pop-up that said wait a minute, the bridge is flooded out, take a different route. that is pretty cool information. i would like to know that before i end stock tires deep in water. yes, there should be some good. my argument is not that the collecting of the data is necessarily bad. w neede to be aware that it is being collected. we need to be aware that we get nothing for free. to get the convenience and functionality, we have to give something up. .he cost of this is our privacy as long as we are informed consumers and understand that, then i think we can make the decisions. often we don't consider the cost
3:02 am
of giving your phone number out to anybody. how do we control it? it is definitely easier on the access side. maybe you don't post everything in a 50 minute increments on social media. off. them you throw them off on google with something you are not really interested in. someone throw random search terms all the time to keep the company's equity dating these -- aggregating this information completely confused. it went from zucchini to oggplants to mountain biking t monster truck rallies. that is a pretty broad profile. i put this up not because i
3:03 am
believe you can actually do it, but because it is always on the site -- use your cash, not your card. easier said than done. depending upon some cities and countries, they are not looking for your cash. for it is an extra charge if you want to pay with cash. everything they want electronic. something people forget to do is keep anti-nowhere software updated. not just on your computer systems, but only computer system sitting on your hip, your smartphone. this is a rhetorical question. how many people have anti-malware software on your phone? think about it. that is a powerful little computer. bankingf personal information right on your hip.
3:04 am
how about the technology side? there is an blocking technology. almost every browser has incognito mode, which allows you to go out and "don't track me" is another term they have built-in. you can use cookie cleaners, proxy routing. technology like .tor, which is had a bad reputation. tor was actually created by the u.s. government as a way of securing communications for dissidents and people in the country. it has a bad reputation. but the technology in and of itself is a way of adding layers to make it difficult to find out where you're coming from and what you are doing. so proxy software. what is coming down the pipe? internet of things.
3:05 am
everything highly directed. from door openers to power meters, smart tv's you cannot ? it talk to, but guess what is recording what you are saying. that has happened. it is bad enough that the tv is in your living room. people have had tvs elsewhere. and the company that did this did not tell the consumer's, oh by the way, not only are you talking to it, we are listening all the time. what is interesting with the internet of things is you can basically have a smart house collecting information on you. you can basically be driving notifies your car garage door to open, which notifies your thermostat to turn on, which notifies your
3:06 am
coffeemaker. all this information is going back somewhere. though your course know a lot about you. cars know a lot about you. these are all internet of things. location services are built into everything. everybody wants to know your location. every company, every piece of technology. if you are walking in a shopping mall and connect to the wi-fi, guess what happens when you walk by a store? wait a minute, how does it know i'm standing in front of the store when there is a sale? that is the cost of using their technology. they get to spy on you for lack of a better term. and everything has its.
3:07 am
your hip,e device on your location. the car you are driving, geolocation. it is interesting. a friend of mine rented a vehicle to a city he has not been to. he decided to basically purchase the gps system that the rental car company had. his friend was known to have a bit of a heavy foot. no accidents, everything was fine. pays the fee, finds an additional amount on his bill because he had been speeding, and they were able to tell. hmm, interesting information. reaches.in data as more of our data goes into these data aggregators, where do you think the bad guys are going to go after? they are going to go after the
3:08 am
crown jewel, which is your data. we are seeing an increase of both in health care, financial sector, and education. is privacy really dead? two we just get over it? some people think so. i will leave it up to you to decide. conclusions -- your digital footprint is huge. and it is not getting smaller. we are not getting less connected, we are getting more. everything needs to be connected. it is more than worrying about what you post on facebook and twitter. we have to do a better job with .ur kids we have to make them conform --
3:09 am
informed consumers. yes, it can be used for good and evil. we tend to think more on the risk side. can we take steps to control it? yes. are you going to get rid of data collection? absolutely not. , and whato need to do is being pushed for is controlling what happens to your information and who uses it after it is collected. other countries have privacy acts. that is the main thrust of this privacy acts. you have to be a good steward of the data. it must be informed consent as to what you do with that data. we can't influence our data once it is collected. my parting thought his to me, privacy is not dead, it is just
3:10 am
sleeping. questions? if you would like to ask a question, i would ask you to come down here. we will probably run for another five or 10 minutes. two can plan accordingly. please feel free to come down and ask the question if you've got one. i think they are all in a state of shock now. >> i will be the victim, since i am used to being a victim in your classes. [laughter] basically it is a people problem more than a technology problem as far as the use of the data. is thatks and balances a consumer-based approach doesn't enforce checks and balances, or is it a
3:11 am
governmental regulation approach? marcus: the data in and of itself is not a problem, it is how it gets abused. as far as the solution, it is both. if you look at the countries that have passed privacy legislation, and the u.s. does not have one. most of the other countries in the g7 have it. it is both, conformed consumers, a watchdog that makes people play by the rules. and i hate saying it, it is some regulatory bodies that have consequences if you violate it. we have seen something similar with hipaa. in the consumer model, people are not even aware this is going on. driven a consumer
3:12 am
approach, everyone would have to be an informed consumer. that is not a reality. so it has to be both. the consumer saying, company a hazard privacy policy and says they are going to do something with it. company a has privacy and security controls, company b doesn't, i am going to get my money to a. there has to be regulation and policy enforcement behind this. there is no incentive for anyone to change right now other than the negative publicity. when we want convenience, we forget about privacy again. alr thank you very muchight,. -- thank you very much. enjoy the rest of the conference. [applause]
3:13 am
this weekend on american history . just before 5:00 eastern on saturday, barry lewis talks about the construction of the brooklyn bridge, why manhattan needed the bridge and how transportation in the city changed at the turn of the 20th century. >> when the brooklyn bridge was opened, it did not put fairies out of his news. they were still running out of cash at capacity. in the 1890's, the city of -- had reached one million people. then, at 8:00 in lectures in
3:14 am
history. that is the interesting thing about country music. it is the music of poor white people. people who are privileged to be white. and i will talk about that in a second. but also people who are underprivileged, in terms of their identity and economic opportunities. the emerging definitions of whiteness and blackness in colonial america and how it impacted the origins of country music. then, sunday afternoon at 4:00 on railamerica -- >> budget cutbacks and a tingle ,f administrative problems created evidence that this crusade against society's greatest enemies may be slow or may level off and fade. this was the climate, the land and the unfinished task that faced lyndon johnson on the first of december, 1966. >>

7 Views

info Stream Only

Uploaded by TV Archive on