Tuesday, December 25, 2012

Who owns Doppelgaenger data? #dataprotection #DPC

Your account was compromised, someone else out there became you.

Who owns the data created by this impersonator, or doppelgaenger?

The company that runs the social network, or email service, the shopping site, the bank, some government  -- is there any serious discussion around this topic?

I have encountered three known breaches in all my years on the internet, many years.

One breach notice came in the form of a letter from a bank I had never dealt with. They informed me that some data was lost and gave me a free one year credit bureau watch deal.

The second breach notification came as a series of emails from my ISP and Google. Since I could do something about this one, I did, all was well within a couple of hours.

The third was not a breach notification but a "your account was accessed from a different location -- are you good with that" sort of note from Facebook after I had managed to find a real person to contact at the FBook.

You can look through previous posts here or check Twitter for details, but the end of the story is, after four weeks, lots of digital kicking and screaming, I received a note that the account had been compromised and had been deleted by Facebook. Facebook congratulated themselves on having discovered the breach, where they only found something out of the "ordinary". Like my email operator every time I skip a country.
I received no indication of the cause of the breach. Had someone managed to get around my anti-virus? Doubt it, but still possible.

In those four weeks, I went through the junk mail folder to which I had re-routed Facebook emails for some time and had a closer look.
There were numerous "do you know <person name>", there were a few "<person name> has added you as a friend". I knew not a single person named there.

I asked myself, should digital privacy rights include the right to the data created by an impostor?

And I believe, the answer should be a resounding yes.

The Facebook account is gone, and I will likely never know what Other Me said and did. Did Other Me do or try to do something illegal? Will Other Me's actions come back to haunt me?

How? In the form of being pulled off and airplane and asked nasty questions? In the form of a series of calls from a collection agency?

Can someone please introduce legislation that mandates transmission of the doppelgaengers' data trails to the person who was doppelganged. I do not want the yacht, the 10 kilos of Gold, or the magazine subscription Other Me takes out in my name. I want the data.

No, don't even think of saying that this could compromise the privacy of Other Me.

The increasing persistence and interconnectedness of data, combined with advanced ways of re-attaching all sorts of data to a person, are somewhat disconcerting to me.

Give me the data, so that I can at least see who my new friends and business partners were, so that I have something, anything, to show if I run into problems.

So, if you want my name and birthday, you owe me.

One more thing: I never use my real, real name or my real, real birthday on the net for anything but official needs.

And the reason is that out of all the billions of people alive right now, there is just one who has that name. I am not John Miller or Henry Smith, my name is as unique as, say, Lady Gaga.


No comments:

Post a Comment