Last week, an outsourced customer representative working at an Orange Kenya activation point served a female customer. Maybe flattered by her looks, he thought, why not save this number and hit on her later? Which he proceeded to do that very evening.
This naive and stupid move put him in unprecedented trouble not only with the online brigade, but also with his employer. Correctly, this was both a breach of trust and invasion of privacy. But there is more to this.
How many times have you written your contacts in a book before entering a building in town? Many people are giving out their personal information obliviously, especially on online platforms.
Developments in online information sharing
Messaging application WhatsApp’s new privacy policy, announced in August, allows Whats App to share users’ account information with Facebook and other social apps.
The Delhi High Court ordered the app to delete data of users who choose to opt out of WhatApp’s policy changes before September 25. Furthermore, WhatsApp was asked not to share data collected before September 25 with Facebook even for those users not opting out of WhatsApp’s new policy. Hamburg data protection commissioner announced the same in Germany.
Reuters on October 4 reported that Yahoo Inc last year secretly built a custom software programme to search all of its customers’ incoming emails for specific information provided by US intelligence officials. The company complied with a classified US government demand, scanning hundreds of millions of Yahoo Mail accounts at the behest of the National Security Agency or the FBI.
Even when users take precautions, many times their private information goes public.
Many times you come across an online invitation to a certain “conference” and apply. No invitation follows. There are online competitions or surveys in which people give personal details.
There are also links on social sites presented as games matching users or compiling “your best 50 friends”. Or “massive recruitments” online that require you to send your curriculum vitae online. Be certain that you are definitely exposing your personal data.
Data companies are collecting, analysing and packaging sensitive and personal information and selling it as a commodity, or providing it as a service, for themselves and to other companies and governments.
This is often even without knowledge of the consumers, thus the name “data brokers”. Buyers usually include marketers or political campaigners.
Information posted by users online on social media websites includes names, website addresses, interests, types of friends, orientation as well as posts.
Security risks
In 2003, in a hacking scare, the Syrian Electronic Army managed to breach the Truecaller website. The hacking group provided the database host address, name, username and password in plain text on Twitter, proving that they made away with a great deal of data. But now that the search entries are out in the open, one need not even hack into Truecaller, or download the app, to find a number.
Security concerns don’t end there. The volumes and nature of the data that is collected by these companies is a concern. Names, home addresses, occupation, age, mobile numbers, purchase histories, credit card activity and probably education level. Based on this, there is a possibility for a criminal to find out your home address or track your credit activity making one’s security vulnerable.
Local legislation
Nyeri Senator Mutahi Kagwe has sponsored the Cyber Security and Protection Bill 2016, to protect Kenyans from criminals and terrorists, but unfortunately, not the data companies. They are legal entities and when you subscribe, you agree to terms and conditions of use. Many are ignorant about this, and don’t even read these terms anyway.
The law grants every citizen the right to information relating to their family or private affairs to not be unnecessarily required or revealed; or the privacy of their communications infringed on.
High Court advocate Lempaa Suyianka says, “When you have stored your information in your computer, anyone who accesses it without your permission is liable. But when you post it online, you give up your right to privacy. Online is a publishing platform,” he says.
Kagwe correctly says,” The world is now too dynamic to the extent that the law is playing catch-up to technology and not the other way round.” He says although cyber crimes are unique, we can’t stay back and do nothing.
He says the law needs to fix the loopholes and grey areas criminals are taking advantage of and getting away with in courts.
“As we get into the campaign period, a malicious opponent will photoshop your face on a naked body and spread those images online. With which crime will you charge him or her?” Kagwe asks.
But Lempaa says any manipulation of pictures or information is unethical and anyone responsible should be held to account. But it is easier said than done.
Last year, former Devolution CS Anne Waiguru filed a suit against California-based Google, its subsidiary Blogger Inc and Kenyan website Daily Post, seeking damages for a story the latter published. She had in a separate suit in 2014 sued Google and its Kenyan subsidiary Google Kenya seeking to compel them to reveal owners of the Daily Post website. The first hurdle was serving these two companies. Google Kenya distanced itself from the matter, arguing that it only does marketing and support services for its parent firm.
But to help tackle and curb the illegal aspect of it, Kenya, through the Communication Authority of Kenya, has established a Cyber Coordination Centre, where attacks on critical infrastructure can be reported. It will respond to actual online attacks or threats, which have led to an increase in online insecurity.
“Cybercrime is real and we must remain alive to the fact there are people whose preoccupation is to carry out malicious activity online. It is therefore necessary for users both at institutional and individual levels to take necessary measures to safeguard themselves,” CA chairman Ngene Gituku said.