Your Digital Footprint

Data Protection – 2020

I just had to take an exam for my current job, proving that I understand the new California Consumer Privacy Act. The new law requires CA companies to allow their customers to request what individual data is used, the ability to opt-out of data usage, and the ability to request that your personal information is deleted from their system.

This leaves me wondering; how does one know which companies are using their personal data? As some of you know, I was a victim of identity theft. A cashier at a Sprint Mobile store had the ability to use minimal information to apply for credit in my name. I was not, nor have I ever been a customer of Sprint. How would I know to request that Sprint deletes (or at the very minimum opt-out) my personal data?

We as consumers never explicitly gave Experian the right to our data, but our government gave them the ok to manage our data. This data hack was one of the U.S. most significant breaches, exposing over half of U.S. consumers to identify fraud.

So, although our laws are catching up to technology, we are not all the way there or entirely protected.

PS – our government allows ALL cellular carriers the right to our credit scores, etc, for ease of switching providers. Regardless of your knowledge or permission.

Your voice – the newest member of personal digital data.

Our vocal cords are now an instrument for the digital age. Our voice is transformed into digital content in two ways. Voice assist that allows you to active a device hands free. And voice security, uses your vocal cords as a unique identifier for a user.

Lets start with voice assist. Simply put it is a hands free device waiting for your next command. These devices can listen carefully and translate your speech into text, assist in turning a device on or off, or taking dictation. It decodes the human voice without having to use a keyboard, mouse, or press any buttons.

As we fill our homes with appliances that are smart/connect via Wi-Fi or Bluetooth we give ourselves more freedom by providing the ability to control the device with our voice.

Technology has increased the confidence factor in understanding the intent of the request. Smart technology weeds out the ‘ums and hums’ from the dictation or command. Eliminating the unnecessary words, allowing people to speak naturally in a comfortable conversation with a device.

The most interesting and beneficial things about Voice Assist is the ability to be hands-free. We can now turn lights on/off by shouting across the room, instead of walking over to the wall switch. We set kitchen timers with our voice when our hands are messy or full.

Voice assist tools (like Amazon Echo, Google Home Assist, Apple Siri & Comcast TV remote) use a wake word to activate the beginning of a request. A wake word is a word that signals the device become active and is followed with a request. For the Amazon Echo, there are a handful of wake words the factory installs, you pick one during the set up. The most popular is “Alexa.” A typical request may be “Alexa, what time is it?” She will respond with an answer.

These devices are always on, waiting for the wake word. And like any connected device, there are security factors to address. If the device is always listening, the bad guys can also hack into the device and listen, without your knowledge. Similar to a baby monitor.

And if the device controls other home applications is the possible the hacker can gain control and manipulate the gadget.

To continue to protect yourself, always reset the factory passwords in any device. This may not prevent all hacking but make it hard for them to access your personal devices.

If you are wondering what data is stored, Amazon states the only history recorded from the Echo devices are requests and answers provided by Echo. To date, Amazon has stated that they have not released any access of anyone’s Echo activity to the government. Amazon reports it only stores the data accessed by its cloud-based storage system and does not consistently record or listen when not in use. However, in theory, a government agency could request a warrant to listen in even before you use the wake work.

Another use of your voice becoming data is thru biometrics. Biometrics is the means of verifying a personal identity thru physical characteristics, much like a fingerprint or retinal scan, your voice can be used as an identifier.

Voice security systems store your voice print data similar to a fingerprint and can be used to authorize or verify an individual. It is another form personal identify, much like a drivers license. It can distinguish similar voices from one other. Banks have been using voice recognition as a second step validation process for clients over the phone for over a decade.

Today voice assist devices do not use your voice a security mechanism. But they are getting smarting, providing the ability to distinguish between different voices in a household. So that when you ask it to “read my horoscope,” it knows who is asking and reads the correct zodiac sign.

To keep your voice assist devices safe:

- Know what devices are always on, and always listening.
- Watch what you say around a voice assist device.
- Change all factory passwords on all devices.
- Give each device a unique password.

Which VUI devices do you use?

VUI (voice user interface) is a device that on command using human voice to communicate. Another word for this is intelligent voice agent or voice assistance.

Technology has increased the confidence factor in understanding the intent of the request from the speaker. Programs have been built to weed out the ‘ums and hums’ from the dictation. Eliminating the unnecessary words from the speaker. allowing people to speak naturally in a comfortable conversation of setting with technology.

Like any other data, there is a security factor to be aware of. The devices are always on and listening which can allow for hackers to listen in. Also data is passing thru the servers the input and output from questions asked and information given. The device is active when a wake word is used. (For example, Alexa is mostly used as the wake word for the Echo device.)

You can reference the criminal case with evidence from Amazon echo.

To date Amazon has not released any access of anyone’s echo to the government. Amazon currently reports it only stores the data access by its cloud-based storage system. However in theory a government agency could request to listen in even before you use the wake work. A warrant is necessary by a federal judge to access this information, same as phone records and email. Although the Net Neutrality laws will give permission for providers to sell access history, making it accessible in aggregate information.

Location, location, location – it’s tracked as your data footprint

Did you know there are multiple features and apps on your smart phone that track your location data? This information to personalize your experience. In some instances you are capable of disabling this feature, and sometimes you don’t it’s just there.

This feature that stirred up a lot of commotion among tech fans who are concerned with privacy.

Apple says this data is well protected though, and it’s actually quite useful if you’re comfortable with it.

Want to see the places you visit most often – they are captured on your iPhone?

Go to Settings >
Privacy >
Location Services >
System Services >
Frequent Locations

You’ll see everywhere you’ve been recently. You can easily disable the feature if it makes you uncomfortable.

Other apps that use your location data: camera apps (location is embedded in the metadata), web browsers, maps, weather alerts, Facebook, Tinder. Programs can use a function called geo-location to help identify when you are close to their facility, they will use this data to send messaging (to you or an employee). One day, in the near future, we will have “instant check-in”, once your phone crosses the threshold, the system will be notified that you have arrived.

What makes VUI new and unique – its hands-free!

VUI – Voice User Interface, is the audio equivalent of GUI ( graphical user interface = visual). VUI uses voice commands, giving us a conversational and hands-free experience. We have been using IVR for a long time, especially call centers (press or say 1 for location…) And remember the Clapper? (Clap on, Clap off, THE CLAPPER!) I used one for a long time, it wasn’t the most technical piece of equipment, but it was practical for me. Today I can ask my Echo to control multiple lights with having to clap my hands. And it is the best when you are elbow deep in the kitchen and need to set a timer.

Growing up int he 70s we changed the TV channel by getting up from the couch and twisting a dial on the TV set. Soon we had remotes controls (aka ‘the clicker’ – because of the clicking sound it made with the buttons). Today, you can opt for a voice controlled TV. A simple shout and the TV will turn on, off, or the change the channel.

It’s fascinating when we can turn hardware into software.

The other night I went to a UX presentation on VUI. With today’s technology the capabilities and functionalities for voice assistance are constantly developing new use cases.

VUI also called voice assistance or intelligent voice agent relays on speech recognition technology to provide a high confidence factor in understanding the ‘intent of the request’ from the speaker. Programs weed out the ‘ums and hums’ and other unnecessary words from the speaker.

Always-on allow the devices to respond when give a wake word or prompt. For my Echo (brand) device, the wake word is defaulted to Alexa (name).

Are you wondering about big brother, fraud or hacking? Like any other data points or apps that you use, there are security factors to be aware of.

First, VUI devices are ‘always-on’, this allows for the device to respond when necessary. But because it has the ability to listen – if someone was looking for a back door this could be it (remember when baby monitors were new). Keep your router and Wi-Fi secure, this will help eliminate intruders.

Second these devices create, collect and store your history data. Each request is captured similar to your browser search history and click thought and saved on cloud-based storage systems.

In both security cases, a warrant is needed before a government agency may request to listen in or see your history files from these VUI providers. It is similar to a request for a mobile phone call history. (To date – Feb 2017 – Amazon has not released any access of anyone’s Echo to the government.)

Another always-on device is Google Home. Applications such as Siri and Comcast’s voice remote control require you press a button to start the commands. Highlighting the hands-free benefit of always-on.

A ‘skill’ is a command using human voice to communicate. Echo recently released its open API at CES 2017 – it now has over 10,000 skills. By having an open API, it allows any developer to create skills that can integrate with other electronic devices. Like shouting from your bed to have Alexa to start brewing your coffee.

Next on the horizon is biometric voice identification. This voice recognition can distinguish who is talking or making the request. So when I say ‘play my favorite song’ it knows the difference between my favorite song and yours based on who gave the request.

Digital Privacy Predictions for 2017

Happy New Year Everyone!

Fact: Your digital data will more than double in the next year. As we all acquire new devices, we create new data. This is often referred to as velocity of data.

My data predictions for 2017 include:

New Policies governed by our legal system.
Legal groups fighting for consumers’ data rights.
Applications merging personal health data from multiple devices for new analysis.

#1: We need better laws and standards to protect our data. Large companies continue to get hacked leaving the individuals vulnerable to identify theft and other financial problems. Better measures are needed to ensure our data is captured, saved, used and destroyed safety. This would include audits and fines for companies that are not in compliance when collecting your data.

Data is collected on devices via GPS/time stamps, voice commands to always on devices, and (of course) web and application activity.

Data collection for new apps, devices, etc are often defined in the fine print of the terms and conditions, but we quickly scroll through the text knowing we want to download the app regardless of the data price.

We have recently seen controversy over accessing smart phone data history (US government and iPhone) and now there is a murder case that wants access to the Echo/Alexa history for the night in question. What and how information is accessed is still in question for the general public. Which leads us to prediction #2.

#2: We will see multiple class action law suits involing data permissions. There will be a couple of companies that will be in the news and used to set the example. Data sharing is a quite side business that happens with most companies that creates or collects data (a retailer, social media group, web history). As more permissions are breached, customers will demand to know how or why their data was shared and will want full functionality to manage permissions on what data can be used and when. Creating new features and options helping us manage our own data.

We have become so comfortable giving way our data in exchange for access to ‘free’ use of apps and software. But at what cost are we paying in the long run if this data is not protected and can cause significant financial lost if stolen.

#3: I also predict we will be smarter using our health data. Wether the data is from wearables, x-rays or lab results, new applications will make it possible to share and analyize data across application types to identifying new trends and health markers. Forecasting health problems quicker. This will open new opportunities for medicine.

Protecting your accounts (and money)

A couple of (easy) ways to protect your money in a digital world:

1. Use a credit card, not a debit card. Most credit cards come with protected against unauthorized charges on your account. You will not be responsible for a charge that you did not authorize, online or otherwise. A debit card does not offer the same opportunity, any charges applied to your card are directly withdrawn from your funds in your (banking or savings) account.
2. And to help reduce the risk of credit card fraud, most offer alerts to provide you with account activity quickly.

Some people think credit cards are dangerous. But you can find a card that works best for you. If you are afraid of ‘overspending’ set your credit limit low, just enough to support your monthly normal charges. Or you can keep more than one card – one for every day spending and another for extra large purchases. Also managing a credit card (with on-time payments) will help improve your credit score.

Last night a group of us went out for a ladies night. The bar was hopping and we all had fun. I had given my credit card to the bartender so that I could keep a tab open for my drinks.

Like I said the bar was crowded and there were multiple bartenders serving our group. When time came to cash out our tabs, we all received (inaccurate) checks. It took a couple of minutes to sort out who owed what. The bartender re-rang the checks and gave us the new totals.

My tab was small, only $22. When he handed me the bill my credit card was not with it. It took the bartenders more than 10 minutes to find the credit card I handed them when I ordered my first drink. The bar was crowded, but I sat in the same bar stool for most of the night.

One of the girls (Holly) commented to me to check my card when I got home, something fishy many be going on since they had to really search for my missing credit card. I told her I should be okay, I get alerts on my phone each time there is a charge on my card.

Ironically after everything was settled, it was Holly’s debit card number that was stolen and her account was drained. She didn’t know this until the 12 hours later when she was using her card to buy groceries the next day.

What is PII (Personal Identifiable Information)

United States General Services Administration defines PII as

“any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual‘s identity, such as name, social security number, date and place of birth, mother‘s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.” So, for example, a user’s IP address as used in a communication exchange is classed as PII regardless of whether it may or may not on its own be able to uniquely identify a person.

Why is this important to you:

A company as the obligation to keep your name safe and secure from thieves (crooks, hackers, the bad guys).

Depending on the type of information lost/stolen, an individual may suffer social, economic, or physical harm. If the information lost is sufficient to be exploited by an identity thief, the person can suffer, for example, from a loss of money, damage to credit, a compromise of medical records, threats, and/or harassment. The individual may suffer tremendous losses of time and money to address the damage. Other types of harm that may occur to individuals include denial of government benefits, blackmail, discrimination, and physical harm.

Because of the power of modern re-identification algorithms (aka data science), the absence of PII data does not mean that the remaining data does not identify individuals.

Cookies

http://www.acxiom.com/About-Acxiom/Privacy/How-Cookies-Work/

What is Big Data?

I’ve been working with customer data for over 20 years now. I’ve seen good data, bad data, black data, red data, big data and bigger data.

Big data is not lots and lots of data; well actually it sort of is, but that not all it is.

Big data has 3 components. These three components must provide value and insight to the user.

Let me explain…

A group of data programming geeks were consulting on site for a large airplane manufacture. They were creating a large data warehouse to store all sorts of details about a planes engine, parts and maintenance details. Each part was to be tracked and available for complex queries. It is big data but it is not Big Data, yet.

A lot of information is collected regarding an aircraft. Mandatory maintenance schedules and updates are recorded. All maintenance (scheduled or unscheduled) must be recorded, commercial and private. This is not a requirement for cars/trucks; cars don’t fall from the sky, yet.

Side Note: Should autonomous cars have mandatory maintenance schedule to be used? Like an aircraft? For example a check point for the vehicle may be required to be road worthy a scheduled intervals.

With tons of data being entered into storage, where to you begin? This is new data to the user, there needs to be exploration to find new patterns that provide insight to decision making. Add lots of information together, so that it is accessible to ask ‘what if’, ‘when if’, ‘why if’… and answering that question is BIG DATA

The geeks, analysts, programmers had already defined that an unscheduled repair is 1000x more costly than a scheduled repair. A well known statistic in transportation. What what can you do about it? How do you find new scheduled repairs that prevent costly unscheduled repairs? Using the data to define benefit or advantage is BIG DATA.

BTW – you don’ t need lots of data to have Big Data. Just Big Value.

Weather forecasts are a user of Big Data. The weather data points have been recorded for centuries. We have applied analytics to this data to create weather forecasts (aka predictive analytics). Weather forecast are a result of Big Data – using history to find patterns to forecast the weather.

Big Data can come from all sorts of sources.

You can see from the chart below ‘every minute of the day’, we as individuals create tons of social data every time we use social apps.

domo-data-never-sleeps-30-600x954 — Amount of data captured every minute.

Data is not just created by website searches; is also also created every-time we take a digital picture, a doctor scans a patient on digital film, or a Fitbit collecting steps. This is new data that didn’t exist so long ago.

Side Note: There were pedometers when I was a child. They measured your steps the same way, by movement. Today ‘Fitbits’ are a rebirth of an old tool. The ability to report and share your metrics changed the industry.

If you are digital health geek, you create your own Big Data. Tracking your vitals, exercise, food intake and sleep patterns, gives you insight into goals.