Online privacy
By Marcelo Chiriboga
Your information is more valuable than you imagine
Most people are likely to share the opinion that privacy and the security of personal information are of utmost importance in everyone’s life. Despite this, they are still concepts that often remain abstract in common perception. Let’s imagine this scenario: you’re walking down the street and you stop to talk to a stranger you’ve just met. In the middle of the conversation, you suddenly give them your phone number, home address, the names of your family members, and details about your finances, including information about your bank and recent transactions. It sounds highly improbable, no doubt. In real life, no sane person would share such sensitive information with strangers on the street. However, due to the extensive global interconnectivity today, many people—unaware of this—share this kind of information every time they browse the internet or use digital applications. Online data is just as valuable and delicate as anyone’s personal matters, and leaving them exposed can have equally serious consequences, which can even affect aspects of our everyday life outside the digital world.
The digitalization of our lives is an inevitable phenomenon and an intrinsic part of technological progress. It’s astonishing how we can instantly access information with just a click, but we often overlook that this has also made things easy for third-parties to access—be it individuals or even institutions—our personal information. Resisting progress in a counterproductive manner would be like trying to stop a speeding train with your bare hands: futile and harmful. Instead of opposing change, the key is to adapt to this reality and take responsibility for our own personal security and that of our community, using the tools that progress itself has provided us.
Why is your data valuable?
Our online activity—from the searches we conduct to our interactions on social networks—is a valuable resource for various companies, organizations, and institutions. An obvious example is the customization of ads based on our browsing habits, which has become a common and even normalized practice. The rise of the digital market and the wide range of services within the framework of capitalism have led to practically every online service requiring a customer-associated account. Often, for convenience, many people tend to use the same password for multiple service accounts, if not all of them. This habit brings significant risks because if the security of one account is compromised, all the information from other accounts linked to that password is potentially exposed solely due to this simple association.
Similar to epidemics, where individual actions can impact an entire population, our online actions can expose not only our own information but also that of our family, friends, and other contacts to risks. By protecting ourselves, we provide an additional layer of protection to those close to us, much like public health prevention measures benefit the entire community.
Regardless of whether we are celebrities, political figures, famous personalities, or if our bank balance barely makes ends meet, the misconception that our personal data is not of interest to third parties is a common mistake. Digital crimes, state surveillance, or systematic censorship do not discriminate based on fame or the amount of money we have in our wallet. Any data—from passwords to personal information—is valuable to those seeking to exploit it. Digital attacks are not always targeted at specific individuals; they often rely on opportunity. Disregarding the importance of protecting our personal data simply because we are not famous or wealthy is a very dangerous fallacy that can expose us to unnecessary risks.
The consequences of data leakage
The leakage of personal data is not merely a matter of theft in the conventional sense. Its consequences ripple far beyond, like a domino effect that triggers a series of potentially catastrophic events. When leaked personal data falls into the wrong hands, it can lead to ransomware attacks that encrypt and lock files, demanding a ransom, often in money, for their release. The data can also be employed to craft convincing scams that impact financial stability or resort to phishing to deceive the victim and obtain even more confidential information. Identity theft becomes a constant threat, with repercussions ranging from economic harm to reputation destruction. However, some implications are even darker: governments and malicious actors can use leaked data to target political activists, journalists, or anyone holding politically sensitive information, jeopardizing their lives and curtailing freedom of speech and press. The leakage of personal data is not just a security issue; it is a matter that can result in forced disappearances and even death.
Thanks to capitalist dynamics—where economic gains take precedence over the common welfare—personal data protection services have become a consumer service to meet the critical need in the face of widespread ignorance and the lack of effective intervention by companies and the state to safeguard information efficiently. Data protection has turned into a luxury within reach of those with enough capital to pay for these specialized services, leaving many people vulnerable to dangers due to a lack of access. Moreover, the same companies that provide these services are not exempt from risks, and the emergence of large technological monopolies has made them an appealing target for such attacks, as was evident in the data breach of Facebook in 2018, affecting over 50 million users.
Public institutions are not immune to these threats either, and their vulnerability is exacerbated by contradictory legislations and the massive management of the population’s information. Sometimes, services are outsourced to private companies, which brings us back to the same point of risk. An illustrative example of this is the ransomware attack suffered by the state-owned telecommunications company CNT of Ecuador in 2021, where the information of millions of users was held hostage. Despite the claims by authorities and the public company’s spokespersons that no data breach occurred, the versions provided to the press are so contradictory that the official version is not known. This is not the first scandal in which this institution has been involved. In 2019, CNT subcontracted the private company Databook to acquire databases under the pretext of having information about delinquent customers. In other words, a public company facilitated the trafficking of information. This adds to another similar incident that occurred the same year with the company Novaestrat, which exposed a database containing information on 20.8 million Ecuadorians, including even deceased individuals, considered the largest data breach in Ecuador’s history. It’s not surprising that this private company was founded by former government officials who directly obtained information from at least six state institutions for subsequent sale, further highlighting the complexity and fragility of data security in a world where information is the most valuable asset. However, due to the limited understanding and knowledge of the general population about technological matters, these crimes received media attention for a limited time and then fell into collective oblivion. Years after these incidents occurred, we are still waiting for a resolution and a statement from the authorities on the matter.
State and laws do not guarantee digital rights
The above example is quite explicit and alarming, but it’s only the tip of the iceberg in the list of issues with institutional practices. One of the most notable obstacles lies in the breakneck speed at which technology advances. Threats and vulnerabilities in the digital environment constantly evolve, and legislation often can’t keep up with these changes. Laws can become outdated, limiting their ability to effectively address current data protection challenges. The fragmented jurisdiction in the digital world complicates matters further. The internet is a global environment, but data protection and cybersecurity laws vary significantly from one country to another. This regulatory diversity hinders the effective enforcement of any legislation and protection against attacks originating in foreign jurisdictions.
Another significant limitation is the reactive approach to legislation. Many laws related to data protection and digital security tend to be knee-jerk reactions after the crime in question has been committed. They focus more on punishing those who commit the violations rather than actively preventing them. Additionally, technical complexity is a factor that cannot be overlooked. Digital security and data protection are technically complex areas that require specialized knowledge. The lack of technical understanding among legislators, prosecutors, and law enforcement, coupled with the challenges of keeping up with the latest technological trends, can result in laws that are difficult to enforce in practice. In addition to this, a lack of resources is also a common problem. Often, the agencies responsible for enforcing these laws lack the necessary resources to effectively address the growing online threats. International barriers further complicate the situation. International cooperation in enforcing digital security laws can be complicated due to differences in regulations and enforcement approaches in various countries.
Finally, there is a risk of abuse in the enforcement of laws. Some data protection laws can be inappropriately used to restrict online freedom or limit people’s privacy rather than protecting them. These limitations underscore the need to effectively address these challenges to ensure proper protection of digital rights in the face of a clear state failure.
As we have seen, the rapid pace of technological advancement and the limitations of laws and the state compel us to take an active role in safeguarding our digital rights. The security of our information becomes both a personal and communal responsibility. By protecting ourselves, we contribute to the security of those around us. We cannot blindly trust anyone, especially government institutions, due to the complexities and obstacles they face in the digital world. In this context, education and awareness about the importance of online security and privacy become paramount. By taking steps to protect our information and adopting safe online practices, we not only safeguard our own interests but also promote a safer environment and protect the digital rights of our community. Digital autonomy is ultimately a responsibility we must assume for the well-being of all.