Corporations Misusing Our Data

In the Internet age, we have no choice but to entrust our data with private companies: e-mail providers, service providers, retailers, and so on.

We realize that this data is at risk from hackers. But there's another risk as well: the employees of the companies who are holding our data for us.

In the early years of Facebook, employees had a master password that enabled them to view anything they wanted in any account. NSA employees occasionally snoop on their friends and partners. The agency even has a name for it: LOVEINT. And well before the Internet, people with access to police or medical records occasionally used that power to look up either famous people or people they knew.

The latest company accused of allowing this sort of thing is Uber, the Internet car-ride service. The company is under investigation for spying on riders without their permission. Called the "god view," some Uber employees are able to see who is using the service and where they're going -- and used this at least once in 2011 as a party trick to show off the service. A senior executive also suggested the company should hire people to dig up dirt on their critics, making their database of people's rides even more "useful."

None of us wants to be stalked -- whether it's from looking at our location data, our medical data, our emails and texts, or anything else -- by friends or strangers who have access due to their jobs. Unfortunately, there are few rules protecting us.

Government employees are prohibited from looking at our data, although none of the NSA LOVEINT creeps were ever prosecuted. The HIPAA law protects the privacy of our medical records, but we have nothing to protect most of our other information.

Your Facebook and Uber data are only protected by company culture. There's nothing in their license agreements that you clicked "agree" to but didn't read that prevents those companies from violating your privacy.

This needs to change. Corporate databases containing our data should be secured from everyone who doesn't need access for their work. Voyeurs who peek at our data without a legitimate reason should be punished.

There are audit technologies that can detect this sort of thing, and they should be required. As long as we have to give our data to companies and government agencies, we need assurances that our privacy will be protected.

This essay previously appeared on

Posted on December 5, 2014 at 6:45 AM • 51 Comments


WmDecember 5, 2014 7:04 AM

"we need assurances that our privacy will be protected"

There is no and will never be any "assurances" concerning our privacy. You must try to secure your own privacy. I have never made a single post on Facebook, Twitter or and other social network. I never allow a hotel or motel to make a photo copy of my driver's license. I use cash everywhere. If you do not secure your own life, you will have no security. Almost all people and people in government are corrupted today.

AnonymousdDecember 5, 2014 7:18 AM

Sadly, this type of behavior is not as effective when the people you meet and interact with are tacit informants for these companies. Their data trail is your data trail. Motivated to tag in posts and photos, constantly report their location, tirelessly record the minutiae of their lives, they make the surveillance machine's job easier. The trouble now is to convince people to use systems that empower users with their own data, rather than be exploited by it. It's most difficult because the desires of corporate and government surveillance are satiated by the same behaviors and tools.

Jeremy LDecember 5, 2014 7:30 AM


Companies, and notably Silicon Valley, have no concept of consent.

Most things are opt-in. Terms of agreements can change unilaterally without notice. Our information is abused, and we lose control over it.

WinterDecember 5, 2014 7:58 AM

"There is no and will never be any "assurances" concerning our privacy."

We can get some way with transparency and accountability. If the line of command and the stockholders are accountable and get punished for breeches, they will get grip on the matter.

What is needed is registration of all data access and the right to see who accessed your data. This has been implemented in many systems (the government data base of Estonia, most hospitals keep track of who looks at patient data).

It is a social and legal problem, not a technical one.

keinerDecember 5, 2014 7:58 AM

Just installed a new OS on a computer for my wife, started pidgin+OTR and there popped up a "contact" of my wife, a 15 year old AOL-email account of here sister, which she hasn't used for about 10 years...

My son came home these days, the auto fill function of some google trash application was filled with parts of SMS's he exchanged with a friend in school (SMS's sent via a mobile phone not even capable to go online)...

He and a friend googeled the name of their youtube chanel and Google found other things, totally unrelated (no names, email addresses shared) of the same guys working on this youtube channel...

It's time to throw the switch, this whole thing is totally f*cked up...

Bob S.December 5, 2014 8:00 AM

Access to the corporate/agency personal info data base is a widely known used and abused job perk.

Generally a little snooping is OK, but there is a limit sometimes known, sometimes, not that marks the line of going "too far".

Data is Power
Power is Data.

It's also a job perk.

Try to inject as much spurious data as possible into your records. Spell your name wrong (Bruce that's easy for you), never give the same phone number twice, lie, lie, lie like hell. Then when they come looking for your money, your vote or your life you have gained a few foot steps on them in the chase.

For entertainment you can check yourself out on the net and see how much of your bogus data is out there. Sometimes it's humorous, sometimes mildly satisfying.

John KDecember 5, 2014 8:16 AM

"The HIPAA law protects the privacy of our medical records, but we have nothing to protect most of our other information."

Well, no, it does not. It provides penalties if a violation is caught and prosecuted. See Wikipedia HIPAA entry. It says
"According to the US Department of Health and Human Services Office for Civil Rights, between April 2003 and January 2013 they received 91,000 complaints of HIPAA violations, in which 22,000 led to enforcement actions of varying kinds (from settlements to fines) and 521 led to referrals to the US Dept of Justice (criminal actions)."

It also says:
"Covered entities may disclose protected health information to law enforcement officials for law enforcement purposes as required by law (including court orders, court-ordered warrants, subpoenas) and administrative requests; or to identify or locate a suspect, fugitive, material witness, or missing person."

Law cannot "protect" something. Law defines what happens when the law is violated. People and processes provide protection. We base our trust on how well the people and processes provide that protection.

paulDecember 5, 2014 9:24 AM

How US-centric is this? At least on the face of them, data-protection laws in other countries would bar all of these uses a priori. "Hi, we'd like to use your data as part of a study of who used our service for one-night stands -- what, you don't consent, why ever not?"

Of course, the sanctions for violating those laws are generally minimal; have the laws themselves been pretty much trashed at this point as well?

vas pupDecember 5, 2014 9:59 AM

@John K:"Law cannot "protect" something. Law defines what happens when the law is violated. People and processes provide protection. We base our trust on how well the people and processes provide that protection."
You are exactly right.

First of all, gov should required that ALL other gov Agencies (except SSA) and private business' DBs should generate their own unique ID (one way hash) based SS#, so whoever need access multiple data base for the same person should file a formal request with proper approval/ authorization(court, etc.). As best of my knowledge, most of gov forms stated that all information is required to be provided for such and such purposes only, e.g. Census.

Administrators have access to access logs of other folks and could doctor it. Who is watching watchers?

Nothing bad in LOVEINT if same information is in public domain already, but just could be better obtained being in stored in electronic form in DB. Other thing when such information is confidential by its nature (is my prospective wife/husband is kind of MR/MRS Smith? or working undercover for CIA/FBI etc.? Are there any sealed court records? and so on).

Organizations are doing background checks on their prospective employees whom they could fired (in US) at the end of any week without any explanations (employment at will doctrine) - yeah no protective shields exists for straight white Christian healthy young man. You know what I am saying. Right?

Then, when you tie a knot with somebody (except just after graduation from high school, and he/she your school sweet heart), you have legitimate right for full disclose as well as duty to full disclose by yourself to prospective partner of all 'skeletons' may affect your/partners decision. Divorce is too expansive (financially, socially and emotionally) in US not to take such precaution. But as usually, that is personal choice.

EVO VIDecember 5, 2014 10:02 AM

It's not easy to detect unique illegal data access attempts in realtime before it happens. Some Database Activity Tools ( DAM-Tools) suggest this. Important is an intelligent monitoring based on multiple Database Events. This should be done in a first step by DAM Tools and later via a Security information and event management (SIEM). I think, perhaps 1% of all databases woldwide are monitored by their owners. 99% of this monitoring data dissolves in a generic SIEM Solution based on a black hole >/dev/null 2>&1, mostly after a few hours. So, data thief is job with good prospects of success.

BoppingAroundDecember 5, 2014 10:07 AM


> My son came home these days, the auto fill function of some google trash application was filled with parts of SMS's he exchanged with a friend in school (SMS's sent via a mobile phone not even capable to go online)...

> He and a friend googeled the name of their youtube chanel and Google found other things, totally unrelated (no names, email addresses shared) of the same guys working on this youtube channel...

If you don't mind telling, what was his reaction to this?

keinerDecember 5, 2014 10:12 AM

We talk a lot about this and why no "smart"phones, no facebook, why noscript, why tuning firefox to erase everything when closing the session, why the router at home blocks some facebook-google stuff and so on and he simply looked at me: We knew it before, but it's even much, much worse...

keinerDecember 5, 2014 10:16 AM

btw. they have to use this Google trash applications at school, because Google bought the teachers (some Google books and stuff...).

That's were all this starts from, schools not able to keep this pest out...

AustinDecember 5, 2014 10:45 AM

Calling for companies to require audits and such is easy, though. (And probably good corporate policy anyways, even if it means you can't perform silly party tricks anymore.)

If this becomes a requirement, which particular person/entity is going to enforce it, and under what penalty?

That's the great political question, with serious ramifications if wrong.

Nick PDecember 5, 2014 11:30 AM

We need a EU-style Data Protection Directive over here. Without a [strong] legal basis, privacy of data will continue to be optional and a less profitable option as well.

AlexDecember 5, 2014 11:51 AM

The whole crux of the issue is people actually taking action. HIPPA's a joke. The first thing which needs to happen is the UN-linking on social security #s. Literally, ban companies from collecting & using SS#'s and from creating another universal #. Have someone's DOB & SS#? The world is your oyster.

Next, penalties need to be severe and as close to immediate as possible. (Remember, this is how we USED to discipline children, back when you still could without being accused of child abuse) Take a look at Swiss driving laws. Penalties are severe and scaled to one's income to make sure the pain felt is equally felt at all levels of society. Fining a small private doctor's office $50K would probably make an impression. Fining Comcast $1M isn't even going to make a hill-of-beans difference to them, yet fines to large companies often are laughable in comparison to annual revenue.

These penalties also need to be scaled to the severity of the crime. Hyundai & Kia were fined $100M for overstating fuel economy, which didn't kill or injure anyone. GM paid $35M for the ignition switch issue which has actually killed and injured people. Maybe it's me, but I think covering up safety issues is far more egregious than overstating fuel economy. The same should be true with a data breach. Someone accessing personal information without need is bad. Someone acting upon it is worse. Someone publicizing what they've gleaned is very bad. The media publicizing it should be treated very harshly.

Nick PDecember 5, 2014 11:59 AM

@ Jacob

Thanks for the link. That was a great read! The best part of it is that the main source for that article did security for Sony Pictures. In a rare event, we got to see how his philosophy works in practice. Err, doesn't work. ;)

SoWhatDidYouExpectDecember 5, 2014 12:41 PM

DOJ Launches New Cybercrime Unit, Claims Privacy Top Priority

And this is a clear example of a cover-up. This is simply PR to minimize the fallout of what the spy agencies are doing. If the administration wants to show support as this DOJ initiative is attempting to do, the first thing they should do is close down all data collection on U.S. citizens and destroy the data already illegally collected. The spy agencies have become centers for crime committed by our government. Stop them and the DOJ will achieve some credibility.

DanielDecember 5, 2014 12:43 PM

I think there is a bigger problem here that makes Bruce's suggestion less than ideal. The problem arises from two factors:

(1) We live in a world-wide village, not just on the internet but on mobile, cable, and radio. The result is that information is disseminated rapidly, almost instantaneously. In the 1980s and before, even if someone snooped on your personal data that data had very limited "reach". The snooper could not easily communicate that data to a wide audience.

(2) Personal data is not forgettable. Imagine that a person is a closet transsexual. If someone hacks their computer and discovers this fact, it's gone. There is no way for the transsexual to make the hacker forget that information. He knows it now.

The result is that one's privacy is as only as good as the first hop. Because once one person knows it, everyone can quickly know it. When one's privacy is gone, it's gone for good and it's gone permanently.

So laws that make data snooping illegal are cold comfort to the person whose privacy has been violated. Sure, at the margin such laws might make a snooper think twice but the reality is that the victim can never be made whole. Data wounds never heal.

Adrian LopezDecember 5, 2014 1:02 PM

"There are audit technologies that can detect this sort of thing, and they should be required."

Disagree. Mandating particular technologies would constrain the platforms and technologies available to programmers, while the bureaucratic red tape required for compliance would make it very expensive for small businesses to operate online. That's fine for special cases such as health information privacy, but is overkill in most other situations (like, say, operating an online blog).

For most kinds of personal information, all we need is a rule that prevents unauthorized sharing of information not meant to be visible in the particular context being considered, without the bureaucratic red tape of audits. In other words, a reasonable expectation of privacy standard for personal information.

David LeppikDecember 5, 2014 1:55 PM

I wouldn't put too much faith in HIPAA. Health care workers see HIPAA as a barrier to doing their jobs of saving lives and relieving pain. They don't often see the negative effects of security breaches. If anything they are more likely to see the positive effects of security failure: a helpful relative accidentally informed, for example.

As a result, HIPAA compliance is often seen as another bureaucratic checklist item, whereas computer security professionals have more of a siege mentality.

BoppingAroundDecember 5, 2014 5:12 PM


> and so on and he simply looked at me: We knew it before, but it's even much, much worse...

'We' meaning he and his coevals? Thank you.


> The result is that one's privacy is as only as good as the first hop. Because once one person knows it

True enough. 'Was wissen zwei, wisst Schwein', the germans say. What know the two, kno
ws the swine too.

ThothDecember 5, 2014 6:41 PM

@David Leppik
The reason security is a hindrance is because the designs to make the security interfaces sucks big time. Ask a health worker to use command line or understand terms like Private Key, Crypto, AES, Secret Keys, Salt ...etc... Might as well copy all the medical records from encrypted form into plain text and work from there for convenience.

HIPAA might be decent but the products around HIPAA are not decent. I have seen cryptographic products for company deployments that are so hard to operate (even for seasoned technicians) and so cumbersome and prone to random crashes and hardware failures. I am currently testing a black box crypto that have similar intentions and that's what happens. Have fun :) .

End of the day, it's just a theatrical show to play and results to show. All good politics and cash.

Casual FridayDecember 5, 2014 7:10 PM

One that I don't hear much about it sharing information internationally. Customers are not told when they are talking to someone in a foreign country. Customers are not asked for consent before data can be shared outside their home country. I'm not saying this from a nationalistic "I don't trust the other guy" stand point, but I'm really not sure how much we know about the application of privacy law when data leaves our borders. Even when held within your home country it's just the reality employees have way to much access, data is held in too many places, for too long and for all the wrong reasons. The current incentives are on holding data as a profit driver, but I think society would be better off if personal data was such a legal hot potato that companies would want to restrict and discard as much as humanly possible to avoid serious liability. Real security cannot exist in the absence of privacy, the two are eternally linked.

JamesDecember 5, 2014 7:41 PM

Shouldn't this be an issue with Facebook's internal corporate policy? Once you sign up for Facebook, you already consented away your rights to data submitted to them. Facebook owns the data you submitted and can do whatever they wish with it. You have no legal ground to tell them otherwise.

tzDecember 5, 2014 9:04 PM

How exactly? It sets standards, but is no more enforced than the SEC has done anything but a trivial "cost of doing business" penalty to the too big to fail banks.

If every last detail of your medical history and status was posted on pastebin tomorrow - maybe a disgruntled employee, maybe a hacker, maybe the government getting the medical records in bulk and someone in the government revealing them, exactly what standing would you have personally to compensation for the damage to your privacy?

There are lots of laws on the books, some are enforced, some not. Most deny individuals the right to get proper damages for the harm they suffer.

If the CEO, CTO, CIO, etc. would be held personally liable for HIPPA (or other) breaches, maybe they would care. But they will either declare bankruptcy and move on to found some other company (think Long Term Capital Management for a parallel in finance), or just sit back on their pile of cash.

Paul CoddingtonDecember 5, 2014 10:32 PM

It's even worse than that. Once upon a time, while on contract to the Australian Public Service, I discovered that the big name outsourcers that were being contracted to maintain the IT systems could not be bothered to obtain security clearances for all their youthful, inexperienced, and hopelessly incompetent staff, because "staff turnover is too high" for it to be worth their while. And that was just the tip of the iceberg. Even more perplexing, no-one seems to care.

ThothDecember 6, 2014 2:43 AM

@Paul Coddington
You are not alone. Even the Security Industry (ITSec/Infosec...etc..) do not care about proper security until when crap hits the deck and by then it's too late. Non-crypto people writing critical crypto codes ??? Nothing wrong with that until nasty bugs and crypto flaws are found.

When you rant about security, it's like talking to a wall. It usually never works until it hits where it is most painful and hurts the most.

You do not need to attack the crypto and weak keys to bring a system down. You attack the system to bring it down because it's already a sinking ship.

Clive RobinsonDecember 6, 2014 7:58 AM

@ Thoth,

One of the reasons why non domain specialists should not write domain specific code for serious proxuction systems can be seen to be the likes of "turorials" such as this,

Whilst the basics are OK, there is a mind set issue, if you look at what the author says about the return from sbrk() it typifies the issue.

Basicaly tutorials for the sake of brevity / clarity / small code snippets / etc leave out the error and other critical handeling and show an "all is OK" example.

This gets into non domain experts heads as a legitimate way to do things, even when the text of the article says in big letters "here be dragons" etc.

This is almost invariably because non domain experts are realy looking for "cut-n-paste code" to "up their productivity" etc.

Just to be clear I'm not saying the authors are to blaim, usually they are not, but it is a "tap root" of insecurity....

Rufo guerreschiDecember 6, 2014 9:09 AM

Misuse of data on the server side can be meaningfully prevented by devising user-controlled organizational processes ensuring that:
-sw and hw actually running are those supppsed to be and have been audited extremely relative to conplexity
-access to servers require physical entrance in a hosting roon whose access is conditional to 5 randomly selected users acting as citizen-jury in guarantee of the legality AND constitutionality of access. The will be able to launch a scorched earth procedure with plausible deniability in case of forceful abise attempts.

The latter would protect from insider as well as state abuse, while maintaining access for constitutional intercept.

We are planning that at the User Verified Social Telematics project.

keinerDecember 6, 2014 1:44 PM

"'Was wissen zwei, wisst Schwein', the germans say."

Funny, never heard of. And it's not even German, might be Jiddisch... dunno...

Clive RobinsonDecember 6, 2014 2:39 PM

@ Bruce,

As has been noted in the past there are two main angles to privacy.

The first of which is "trust" the second is "linking to an individual".

That is an organisation requests as much --if not more-- personal information to establish either an ID or a Profile which they then evaluate to decide some form of "trust value", the fact the likes of Governments encorage this to involve a real person is purely a "leagle nicety" based on a lazy viewpoint not a necessity.

The organisations then further market the information directly or indirectly to others as they link the ID to an existing profile or add data to make a profile or amplify a profile. As we know there is a hugh market for content rich profiles linked to verified IDs that then get used for targeted action against an individual. Even though it should be clear, it needs to be said again none of the actions are benign they all have an adverse effect on the individual directly or indirectly and are discriminatory at best.

The argument behind this is "trust" is not "two way trust" but trust on the terms of those who hold what they consider the advantage or whip hand, and thus believe like the Kings of old they have "A devin right" to act as they wish, against those they regard as "vasals or villains" and thus sub servant to their whims and wishes.

There is however an effective and fairly reliable way to decouple "trust" from ID and thus enable privacy to be regained and it is little different to that which mankind established several thousand years ago with traders names, and in more recent centuries in business partnership / company names.

That is you as an individual have multiple "arms length" entities, where the entity identity is unique but not attached to your personal ID. This can be --reasonably-- reliably done using self signed certificates. In effect all transactions the entity carries out are signed, and are not attached to any PII. The entity establishes it's own "reputation" profile by it's behaviour.

An individual can have as many entities as they wish and would if sensible use them for the various roles in their lives that require some kind of "trust relationship" of value. As with companies these entities could be "limited in liability" in return for providing a certain legal minimum of information about the entity such as having valid liability insurance etc, or as in partnerships etc they take no liability limitation and this is clear to any that enter into a trust relationship with them.

Over time entities will build reputation irrespective of the unknown person behind them. However any entity casting doubt on an other entity must be prepared to put their reputation on the line by so doing and sign their accusation and defend it if challenged.

Whilst it is not perfect as a system, I doubt anything is, just as in normal real world life, trust relationships can and do break down for various reasons, it's in human nature. That said few breach trust for gain and for those with that intent no system is going to stop them, again as in real life, criminal sanctions usually fail to prevent re-offending when that mind set is prevalent. The best prevention as in real life is to make the cost of throwing away a reputation to high to be lightly considered let alone done.

Sancho_PDecember 6, 2014 6:17 PM

@Clive Robinson

Seconded, but I don’t know if you exactly mean what my computer (hypothetically, of course!) already does.

So it would be interesting what you think about the flaws?

Thinking as a private I see two main issues:

First it is dangerous because not “only” the markets react to collected intelligence, probably with big money and jobs.
Government + marketing organizations already use sock-puppets in mass, the question isn’t if but when it will really harm people.
Playing the game with hidden identities we are part of the morass.

But obviously the bigger problem is the law.
It’s at least against the “accepted Terms and Conditions” of most “services”, and the law doesn’t help the individual in this case.

From my point of view this isn’t my problem but the problem of the law.

However, a fake ID requires

- ignoring T&Cs (not my problem as I don’t understand them, TL;DR)
- inventing a persona (name + DoB, … I do have a small problem with that [1] )
- probably giving that persona a street address (no problem because the request is already illegal in my personal T&C)
- in rare cases presenting a valid ID (basically no problem in my T&C because the request + copy/sending is already illegal - but faking my personal ID might be a crime anyway …).

At least it leaves my with a slightly sour feeling.

But the real flaws is here:

What if e.g. amazon realizes that three out of the 17 IDs originating from my computer
(- obviously a Internet cafe, and the computer is simultaneously shared by 3 to 7 individuals, 24/7, really ???)
always use credit cards containing the name “Sancho” and have the same street address in Spain? And the others ID's will never order?

Then they know it’s my script buddy checking their catalog, wasting energy on both ends of the line (and of HSAs) to hinder personal profiling?

I think we have to go this bad route of deception to improve privacy, but what will be the consequences?

[1] Playing the game with different IDs must be done in the open, so that worldwide everybody involved knows that an Internet ID isn’t worth a dime.

Dave NullDecember 6, 2014 6:35 PM

When you click "agree" on their(company's) website, you are allowing them and US government to use your privacy data.

Look at people who still using Google or Apple products.
Even the news told us about snowden's data, those people still use these
PRISM companies.

And many companies are using "Google Apps/Google Drive".
If you send a job application, these data will go to Google Drive.
And Google is making a profit from user's data, including your history.

I'm using Tor all day, and not signup to any SNS.
If you really care about your privacy like me, stop using online companies when you can.
Go shopping offline. Pay with cash.

DanielDecember 6, 2014 7:35 PM

"I think we have to go this bad route of deception to improve privacy, but what will be the consequences?"

I don't agree. See, this ties into the other thread. Posner says that we overvalue privacy. I think we overvalue identity.

The current logic is that what gets measured get managed. That's the essence of social control. Since one cannot measure what one cannot identify there must be laws against fake identities or the lack of an identity. From the perspective of social control the lack of identity means a null value and a fake identity means a corrupt value. Both are obviously undesirable.

Take a birth certificate. All modern countries have them in some form because they need to know who was born there and who was not. Now imagine a world in which there were no national governments. There would no need to have a birth certificate because the person would be a citizen of the world by the mere fact of being physically alive. One wouldn't need passports either, since everyone would be free to go where they pleased.

The point is that identity only means something within the framework of a larger legal system. It is possible, though, to a create a legal system where identities don't matter or matter much less. To be sure, we don't have this today but I don't believe that deception is the /only/ way out.

Clive RobinsonDecember 6, 2014 8:20 PM

@ Sancho_P,

As far as I'm aware in most jurisdictions it is not illegal to say you are someone else. It only becomes a crime when it is used to facilitate other crimes.

If that were not the case you could not have "Stage Names" or "Pen Names" --which sometimes are required to avoid commiting other offenses-- or have companies owned by other companies etc. Likewise it's actually quite common to have "agent names" for the likes of "landlords", "recruitment agents", "sales agents", "event organisers", "managers" and all sorts of other agents who want a catchy but simple name that is memorable and "sexy". You also have lots and lots of people from foreign countries using "local names" so an unpronoucible name is swaped with a similar pronouncable name. It happens that both "Clive" and "Robinson" are unpronounceable to many orientals so if I was to go and work in Hong Kong I would seriously consider using a "local name" or one that they could easily pronounce.

In the EU they have the expression "any person legal or natural" to cover the many forms of "entities" that are permissable.

Whilst traditional banks may get "sniffy" about opening accounts for new companies, there are plenty of other financial arangments / instruments available. One of which is "pre-pay" for both phones and credit/debit/charge cards with these you can rent "office space" and "dial through receptionists" through "business clubs" and the like and get as many "post office" boxes as you want. Once you have a "company" getting "company credit cards" is usually not difficult, there was a time when certain CC companies would issue what was jokingly refered to as "pet cards", that is they would put just about any half reasonable name on a Company CC with no questions asked.

You could thus have several entities that appear in paper only to be associated with what is in effect one or more "umbrella companies" etc with post office box addresses. This used to be very common in asia and Australia and New Zealand large chunks of Europe Africa and quite a few places in South America.

Thus setting up a "paper organisation" or series of "paper entities" is not particularly difficult. Having done so "renting" shared computer facilities can be suprisingly cheap and putting up an stunnel bridge to create the "far end" point of a VPN is not difficult. Likewise buying several different Mobile Broadband USB dongles with different service providers and using them with different versions of Live Linux CDs etc.

The hard part is the OpSec part of keeping the entities segregated from each other in "your head and actions".

_December 7, 2014 12:31 AM

your blog post is a tad misleading. facebook does have strict internal security / auditing policies that prevent employees from snooping.... it's clearly in their best interest at this point (why on earth would they subject themselves to that liability??)

"We have advanced internal tools that restrict access to information to only those employees who need it to do their jobs... Each use is logged and requires the employee to explain the purpose of his or her use, and we audit all of this regularly."

MattDecember 7, 2014 2:21 AM

@ Doug

Interesting idea. I've wondered if thoughts can be measured if can be broken down into pieces of fundamental units of measurement. For example, can thoughts be mapped to web searches, web articles to a knowledge graph of some sort, or an online behavioral profile linked to our born identities.

StewBaby911December 7, 2014 11:24 AM

I don't think the HIPAA laws protect us as much as we imagine.
I got a notice from our local hospital (St. Josephs in Michigan)
that pretty much said that they can do what the want with my data,
including sharing it with third parties.
It was a while ago, and I kept it - but not sure where... :(

I'll noodle around and try to find the requisite quotations..

Sancho_PDecember 7, 2014 2:45 PM

@ Dave Null

Yea, but they will stop you from paying cash above, say, 100$ … to stop terror & crime.
Hiding is good but makes you suspicious.
Not perfectly hiding will bring you into "their" (the mighty bad guys) focus.

The topic here is “corporations misusing our data”, I understand that as:

“ Oh, using a 32” iMac, living in urban area, interested in 4WD cars (male), investments (rich), reading Bruce Schneier’s books (suspicious), listening to classical music (old), searching for “cancer” and “Traditional Chinese medicine” (end stage [1]) …

… == let’s try to sell him our “Luxury Additional Healthcare Plan”
+ suggest to his wife our “Extra Bonus Short Time Partner Life Assurance & Inheritance Service”

… and instead I’d be interested in Vietnamese girls below 20,
my wife probably would appreciate suggestions regarding Versace handbags!

Agreed, to exactly meet our needs they all need our healthcare data as well !!!

Sancho_PDecember 7, 2014 2:49 PM

@ Daniel

Probably I didn’t catch your point regarding privacy versus identity
(even without any national government the birth certificate would be necessary for your real identity and minor things like right for voting, retirement …?),

but what would be the other ”way out” of corporate misuse?

Sancho_PDecember 7, 2014 3:15 PM

@ Clive Robinson

Yes, no problem to “say” you are someone else,
- in case the other individual isn’t an officer ;-)

You can have as many pseudonyms as you want
- until you sign a contract of any form, like accepting the T&C that require you to enter your real personal data, like FB or Giggle.

Some services even require a telephone number (SMS confirmation).
Now I’m not aware of any EU member where you can buy activated pre payed phone cards without showing and registering your ID.
You can buy a blank prepaid but that has to be activated online, and whilst you can (not always successfully …) lie here this would be a serious step into illegality (for an individual, a private, lowest end of the food chain).

- Of course there are grey and dark markets to access a (prepay) phone card but that’s also a step closer to court.
Anyway, the metadata will either reveal your identity or ruin your life (because of stress from being careful).

A fake bank account and credit card seems to be impossible at least in central EU without serious criminal energy, the judge would acknowledge that, granted.

Also the “paper organization” is not suitable for Nelly Krauthammer, who would need several such “organizations” at once.
Trying that would be seen as “preparing a crime” and I’d personally support any legal action to encounter and stop it -
especially because it’s everyday’s practice for the biggies.

“… “umbrella companies" etc with post office box addresses. This used to be very common in asia and Australia and New Zealand large chunks of Europe Africa and quite a few places in South America.”

I’d like to substitute “used to be” by “is” and include the U.S. + in the listing.

However, for billions of small individuals privacy ends at the source of money.

Therefore my script will waste energy only to disguise my browsing habits and hinder personal profiling for advertisements (from search engine, youtube, forums, emails, news, downloads, etc.).

That may be worth the effort because I don’t want to determine my search results by my search history, just to name one of the smaller issues of that actual practice.

Regarding the “segregation” I think that’s not the core problem here because my script buddy produces enough data noise to make it very hard, if not impossible, to gather useful information without using time consuming human intelligence.

If widely used this would increase the cost even for HSAs - which could be considered a crime (to hamper national security efforts) and increase energy wasting (but wait - most providers use green energy, that would mean it could even protect the environment, isn’t it?).

BoppingAroundDecember 8, 2014 4:53 PM


Would you mind posting this script of yours somewhere (pastebin or else)?

Sancho_PDecember 8, 2014 7:04 PM


Sorry, it’s hypothetical at the moment.
I’m “embedded” only and my first aim was sending USB keystrokes so malware couldn’t realize that it’s not really a person in front of the machine giving the commands. It would be universal as well - but there is no feedback which limits the possibilities.
Now l’m tinkering with a Raspberry Pi but I’m a beginner in Python (don’t expect anything within one year … ;-)
Also I still want the noise to originate from my iMac’s Ethernet which means sending keystrokes but reading the reply going to my iMac’s Ethernet - seems to be another challenge.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.