Home Depot. Adobe. Target. Staples. Michaels. If you have a credit card and follow the news you probably know that all these companies have something in common. As long as financial information has been digital we've been involved in a global game of cat and mouse with hackers trying to grab it for their own personal gain. In the past few years they (the hackers) have escalated this to an art form and it's quite clear we're losing. The number, scale, and value of data breaches is staggering and climbing daily it seems. While credit and debit card numbers, email addresses and passwords, and other vital information is hitting the black market, financial institutions are struggling to protect their customers and these corporations are experiencing harsh backlash from the public in the form of decreased revenue and distrust as well as heavy fines levied by both private and government organizations. The cost to everyone is almost beyond belief.
The relative up side to this is that when these breaches do happen, the negligent companies responsible step up (whether by choice or not is inconsequential) and invest in limiting or eliminating the effects felt by consumers. Complimentary credit monitoring solutions are provided to prevent personal information from being used to obtain unauthorized credit lines, new bank cards are issued to remove the compromised accounts from circulation, security is overhauled and increased, and massive discounts are offered as means of apology and atonement. For the most part everyone moves on with their lives; a little more wary the next time they swipe their shiny new card but no worse for wear. We're also seeing a shift in the way payments are secured with EMV cards finally headed to the US and secure digital payment systems like Google Wallet and Apple Pay gaining traction (although astonishingly fighting an uphill battle against the same retailers unable to secure existing systems). Someday soon retail data breaches may be a thing of the past... or maybe they'll just be a different type of data.
While it's annoying to have to get a new credit card number issued and update all your online payment accounts, it's a fairly painless task. Credit monitoring and bank fraud systems have us pretty guarded against abnormalities in our spending habits. A credit report is a digital representation of your financial life that we refer to as your identity, but when an error is found it's correctable. It's a fallible system that provides the means to be changed if needed. There is something you have that is far less fluid and far more valuable.
What if that something else becomes the target? What if something far more personal like your mother's maiden name, your first pet's name, your 3rd grade teacher, your first kiss, or the street you grew up on, your actual identity, the existential and sentient you, you, became the black market wares? What if there existed a way that the real you could be data mined, analyzed, and categorized to build a profile of you that was able to predict your next purchase, figure out that you're wife is pregnant before she even knows, know your schedule down to the minute and accurately map when your house will be empty? That'd be some pretty valuable information to have for any number of reasons, nefarious or not. And it exists.
It has become appallingly obvious that our technology has exceeded our humanity.- Albert Einstein
We all know that large online companies like Facebook and Google and Amazon as well as government entities like the NSA and FBI build profiles on us to a scary degree of accuracy. What if that small town cafe you frequent when you want good coffee and a quiet atmosphere to work on your computer had this information too? Now a small town coffee shop isn't likely to have the money to invest or the know how for building this sort or system so you have nothing to worry about... or do you?
What if there were technology companies specifically building and marketing these tools to small companies as ways to generate revenue and guarantee customer loyalty? That would be a monumental undertaking and quite difficult to build; getting people to voluntarily surrender that information would be near impossible. Or would it? If you have an online life at all, more likely than not it's all out there just waiting to be grabbed, meta tagged, and correlated.
Okay, I think that’s enough “what if” and rhetorical questions… I’ll get to my point now.
Although it may have started out as an ease-of-use feature with the added benefit of tying real, actionable data into loyalty programs and engaging with customer within meaningful contexts which in turn generates more return business, the goal of these systems is no longer to provide easy-to-use Wi-Fi, the goal isn’t even to provide Wi-Fi at all. Deep down, these systems are design for one purpose: data mining. They’re designed to turn people into data points and data points into dollars. When it’s the core feature of a product and the main (or only) selling point, that’s how it’s going to be pushed to marketing executives and that’s why it’s going to be purchased with marketing budgets. The Wi-Fi isn’t the product, the Wi-Fi is a collection point for the product.
As they say in poker, "Look around the table; if you can’t see the sucker, you’re it"
Ninety-nine times out of a hundred when someone is selling something yet they give you something for free, it's not really free. You should look at the situation and figure out how they're making money. If you can't figure it out then you're the sucker and you are the product. When you grant a company access to your personal social media profiles they collect and warehouse that data. Their rights of use are based on whatever bullet proof Terms of Service their lawyers have slaved over making absolutely sure they can use it any way they desire, now or later. Obviously they will use your personal information to generate revenue for themselves.
Some companies who have built such data collection tools base their entire business model on creating profiles, analyzing the data, and determining the best way to monetize it. What sort of protections do they have in place? How often are they audited? What regulations and safeguards are there to prevent an employee from putting your detailed personal data (and the data of countless others) on a flash drive and then accidentally leaving it on the seat of a bus? The answer is a deafening NONE because the technology is too new. The sensitivity of the data isn’t classified under any existing regulations so there is no regulatory body keeping an eye on it. There are certainly some who are trying though.
Don’t get me wrong, Social Wi-Fi is a great technology, it enables customers and Wi-Fi owners to interact in ways that haven’t existed before and in and of itself isn’t inherently evil. However the same can be said about nuclear fission.
If we as consumers continue to allow the owners, developers, operators, and implementors of this technology to go unchecked or to self-regulate, the worst case scenario will be absolutely nothing happening to protect the consumer. The best-case scenario is ending up with just another half-assed PCI-like organization that touts security while lining its pockets and buying forgiveness after the fact. Without proper safe-guards, plain-English data use and retention policies, clearly communicated intentions, and easy to use tools for consumers to add, update, and delete their data at-will, I foresee this personal information will become the next big target. Right now it’s just sitting in plain sight.