The sheer volume of data sucked out of us every minute is creating a digital duplicate of our lives that can be exploited by the nefarious. Follow an NBC News reporter through one day in his life to see how much and how often he unknowingly leaks data.
Cell phones tell stores you are walking by. Thermostats tell power companies when you get home. Computers in your car tell companies where you go, and how fast you get there.
All that data is available to the government with a simple phone call, or search query, of course. And hackers can get this data with a simple computer magic trick, or a little social engineering.
But the sheer volume of data sucked out of us every minute is creating a digital duplicate of our lives that can be exploited by thieves and by those looking to curtail our freedom. All those gadgets and appliances that can talk to the Internet might fulfill the dream of George Jetson, or they could bring about the nightmare of George Orwell.
In some respects, the nightmare has already become reality. In Ukraine, government protestors last week received text messages telling them they were committing a crime. At Target, online thieves used a single hacking incident to disrupt the lives of 100 million Americans. Computer criminals have stolen some victims' most private “selfies,” for ransom, demanding cash with threats that the embarrassing images would be published for all the world to see.
So at NBC News, we tried an experiment recently to account for just how much data a person leaks in a day. We invited Tod Beardsley, a “white hat" hacker from security startup Rapid7, to follow this reporter for a day and collect every single piece of data leaked -- from the moment I hit snooze on my smartphone in the morning to the second I finally stopped reading e-mail on my iPad at night.
Beardsley’s task was impractical, of course. Physically speaking, no one person could collect all that information, even just one day's worth. He figured one consumer-grade hard-drive, a terrabyte in size, could do it, however.
One terabyte is an enormous amount of data, equal to roughly one-quarter of the books in the Library of Congress. Or, Beardsley thinks, roughly equal to the amount of data you "leak" on any given day.
Picture a room in your house, filled with shelves, stacked with such hard drives. A few thousand of them are plenty to store nearly every fact about every aspect of your entire life. With video.
Where does this terabyte come from? Let's hit some highlights:
You wake up: Your smartphone alarm knows precisely when you wake up, where you are, and which e-mails you open to start your day.
You drive to work: Red light cameras, E-Z pass tolls, and opportunistic Bluetooth listeners go along for the ride. Traffic cameras and license plate readers take photos of every car driving through town.
At work: Your boss knows all your Amazon purchases, and can read all your personal e-mails, no matter what service you use. Use your personal phone for work, and your company can seize your gadget.
At a coffee shop: Using free Wi-Fi makes your computer free to a hacker, who could easily mimic the shop’s WiFi signal and intercept every bit and byte.
Shopping: Stores track the phone in your pocket and know each step you take towards the cash register. They even know if you walk by, outside, and can pester you to come in.
At the gym: Gadgets can track your heart rate every second; they can tell an insurance company if you are keeping up with that cardiac rehab therapy, too.
Back home: Turn up the thermostat, the Smart Grid knows you’re home. Return after midnight several days in a row? Maybe an employment background company will tell your employer.
Naturally, we’ve only skimmed the surface.
Add it all up, and you’ve got perhaps a terabyte’s worth of data spawned in a day. The real question is: So what? Why should I care that some company knows I excessively check NHL hockey scores from my smartphone?
For starters, it’s going to be very hard for data leakage and the Constitution to co-exist, experts say.
“We have this idea in America about the First Amendment and the freedom of association. We don’t have to register with the government who all our friends are,” Beardsley said. “Like if someone gave you a form and said please list, you know, your top fifty friends, I mean, no way? Nobody would do this. Except we do this now all the time with Facebook. "
So what if someone – a corporation, a government, a hacker – knows who all your friends are? The phrase “nothing to hide” always arises in discussions like this.
Daniel Solove, a privacy law professor at George Washington University and author of a book called “Nothing to Hide,” usually dispenses with the argument by asking audiences, “Do you have curtains?” Author and lawyer Harvey Silvergate is more blunt. Most citizens, he says, commit “Three felonies a Day,” in a book of that name. A government that can observe its people 24 hours per day will have no trouble finding a reason to imprison any of them, if it wants to.
The problem is not the gadgets. The problem is the human urge to try things before thinking through the consequences. Gadgetry always wins out over privacy; it's been happening for decades. At nearly every turn it the age of the Internet, when we've hit a fork in the road, we’ve chosen more invasive technologies over more privacy. Why? Because the benefits are immediate (Cool! My fridge just texted to say I'm out of ice cream!) and the consequences come later (My health insurance premiums went up again?).
Add the data up, and what does it really mean?
“There was this fear like twenty or thirty years ago, that the government or corporations would be implanting chips in people and know where they are at all the time. Well, we’ve opted into this now,” Beardsley said.
It’s not a chip, though. It’s the database of our lives, collected from a river of leaked bits and bytes.