Baring your soul online can open a can of worms

SUPER SLEUTH: Warren Olson is now retired as a private eye but is  adept at ferreting out information on the internet. People would be surprised just how easy it is, he says.
SUPER SLEUTH: Warren Olson is now retired as a private eye but is adept at ferreting out information on the internet. People would be surprised just how easy it is, he says.

Former private investigator Warren Olson once tracked down a man who was thought to be dead after he used his airpoints.

The man had supposedly been killed in the Boxing Day tsunami in Asia but, after a tip from a fortune teller, his wife contracted Mr Olson to find him.

Through a contact at an airline, Mr Olson discovered the lost husband, who was heavily in debt, had recently activated his airpoints.

Using that information, the man was found living in the Cayman Islands under a new identity.

"We found him because he had used one of those gold-card things for flying and it had racked up some airpoints."

Mr Olson, who started out as a hotel manager and is now a writer, and founder of Thai private investigating company Thai Private Eye, says people would be surprised just how easy it is to find information about them online.

"We do let out far too much. It's amazing what you can find out if you've got the time and make the effort.

"You can do a lot at home, but especially with websites like government agencies have, there's very little you can't pull down about people and we're just not aware of it – we just post away."

Mr Olson is now retired, but recently put his skills to personal use. After his nine-year-old daughter was offered a spot at an Australian acting school, he wanted to know more.

Starting online, he dug out the names of past pupils and found them on Facebook, some living as far away as the United States.

He found one teenage girl with an open profile had lost her mobile phone and asked friends to send her their phone numbers.

Her Facebook page was littered with phone numbers, completely accessible to the public, allowing Mr Olson to ring people who had previous contact with the school.

"It only took me an hour or so overnight."

With so much of our time spent online, does anyone have the inclination to stop and consider the consequences every time we post a photo or a status update or sign up for a website that requires us to enter our name, age, email address and date of birth?

Do we give it much thought or has the time we spend online worn down our suspicions and replaced it with an uncurbed enthusiasm to share all on the worldwide web where, in most cases, it will remain indefinitely?

Sometimes we don't have a choice about what information is collected and recorded.

As one legal expert said in The Dominion Post, web businesses were learning more about what their users would find acceptable after a series of high-profile faux pas and backlashes against internet giants such as Facebook.

But mistakes continue to be made. Apple was in the news after revelations it was recording the movements of iPhone users using data drawn from cell towers and wi-fi hotspots.

Google also drew criticism when it was discovered it had inadvertently captured the content of communications carried out through unsecured wi-fi networks while filming for its Street View maps.

Lloyd Borrett, a "security evangelist" who travels Australia and New Zealand preaching the privacy and online security gospel, says New Zealanders' attitudes mirror those around the world.

"Basically, everyone's far too open ... When you think about it, who is the customer of Facebook? It's not you. Facebook's customers are the people that they sell access to you to – you're the commodity that they sell.

"Therefore it's in their interest for you to be providing as much information and for that information to be available to as many people as possible."

The recent hacking of Sony's PlayStation Network highlighted the danger of keeping so much information online – even in secure databases – with the personal and possibly credit card details of tens of millions of people exposed.

In an information economy, such data can prove irresistible to cyber criminals. "It then becomes this sort of central target for the bad guys to get at because, if they manage to crack through the security of the thing, they've hit the motherlode."

MR BORRETT highlights the risk of people using the same passwords on a variety of different sites – often as simple as "password" or "12345".

If one site is hacked, criminals could try to steal details from other sites, including Facebook, PayPal and eBay, where the person whose identity has been stolen is a member.

The information could be used to rip victims off directly or to build enough of a profile of you to target your friends.

"It's constantly happening. There's attacks going on every day ... It's the constant flow-on effects that are problematic and it's because most people are pretty lax."

Innovative cyber-criminals were also cashing in on major news events and online talking points, such as the death of Osama bin Laden.

Links to videos purporting to show his dead body now litter Facebook news feeds, with those drawn into clicking on them finding their accounts have been hacked and the link reposted to the walls of their friends.

Spam links are also posted on trending topics on Twitter.

"Any time there's any major event – be it a disaster or some celebrity does something or something happens – the bad guys scam the search engines and set up false links to try and phish information out of people."

The problem is worse with smartphones and tablets – they are being used the same way as laptops or PCs, but users are taking fewer precautions, he says.

But what's the alternative to exposing ourselves to cyber-risks? Today everyone is online.

We converse with friends via email and social networks, text and call, plan dates and holidays, do our grocery shopping and banking – even blog our deepest and most personal thoughts in some cases.

According to Privacy Commissioner Marie Shroff, people are compelled to be online to fully participate socially – those not online risk social exclusion.

Privacy Commission figures show that, in 2007, 14 per cent of Kiwis used social networking sites. Last year that number had ballooned to 43 per cent.

Another survey showed 58 per cent of respondents thought social networking sites were mainly private or were unsure – something that dismays Ms Shroff.

THE DEFAULT settings on Facebook make your profile public – able to be viewed by anybody – though your setting can be changed so your information can only be viewed by friends.

People need to be aware that the internet is not some sort of free zone where you are in some virtual world – what we put online can have severe effects on our real lives, she says. "People need to take the same precautions and exercise the same caution that they would in the so-called real world."

However, while she is charged with protecting our privacy, Ms Shroff admits it is a fluid concept.

"Many fine people have spent many years trying to define privacy but I guess our basic position is that privacy is what you want it to be. Each person has to be aware of what they want to control and they also need to be ... aware of what they need to control."

Experts say this lack of clarity extends to the way the 18-year-old privacy legislation is interpreted – it is often unclear what is acceptable and what's not.

People are unsure about what they can legally disclose and what they cannot.

Lawyer and privacy expert Barbara Buckett says this is often what leads to trouble. Online privacy is a particular can of worms.

"That's a clear place where there needs to be more attention ... because the legislation just isn't keeping pace with where things are going, particularly in social media and the like.

"It's so wide and open and there doesn't seem to be that much respect. Even on Facebook – I can get, or anybody can get, access to a whole lot of information."

Debate has raged over issues such as whether anything posted on social networking sites is indeed in the public arena and therefore fair game for anyone, such as the media, to use.

Ms Schroff says that, though the bulk of the commission's 6000 annual inquiries and 1000 complaints are mainly from people prevented from accessing their own information and concern unlawful disclosure, the bigger problems are about the development of huge information systems.

"The flexibility with which that information can be swapped, used and disclosed is probably the main generic issue for us."

Government departments, banks and consumer reward programmes, with their huge databases, are described by Mr Olson as a boon for anyone seeking information.

Ms Shroff says our personal information needs stronger legal protection. "The best way to protect people's information is by getting those agencies to handle those huge databases well."

She hopes this will be covered by a Law Commission report expected to be made public soon. After a four-year study of the privacy legislation, she expects the report will award regulators such as the commission more power to target those who are non-compliant. Privacy protection is also starting to gain momentum around the world and last year New Zealand joined the Global Privacy Enforcement Network.

The network, set up to enhance trans-national co-operation about privacy, is being led by the US Federal Trade Commission, which is taking complaints from international citizens about breaches by US companies.

Although they would select what they followed up, the recent censure of Google over its illegal collection of wi-fi data effectively forced the internet giant to sign a 20-year good behaviour bond.

"That shows you that our sister or brother regulator in another country is acting in the interests of not only its own citizens but also internationally," Ms Shroff says.

But while the legislative framework is changing and agencies such as Netsafe and even big businesses that understand the need to protect valuable information are joining the movement to help make people more aware, much of the onus needs to be placed on the individual, she says.

"People are their own best watchdogs. We are the watchdog agency for this booming field, this hugely growing and dynamic field – but we can't be holding everybody's hand every time they're shopping online or filling in their social networking page or sending emails to companies or whatever it may be."

In her time as the privacy commissioner, awareness has increased, she says. "As the online world has grown at a huge rate, inevitably people's attention has been drawn more and more to that fact that they're taking risks when they go online."


Help keep your children safe by encouraging them to talk to you about what they are doing online.

Limit your risk when buying online by having a separate low-limit credit card.

Use a nickname when posting personal information on the internet.

Be cautious about putting personal information such as birth dates, addresses, your mother's maiden name or other information online that could be used by identity thieves.

Don't say when you are going away on holiday.

Use https (secure) websites when buying online because they are generally considered to be safer.

Deal with known, established agencies and suppliers wherever possible when buying online.

The Dominion Post