How can we take control of our data and protect our privacy in an increasingly digital world? Carissa Veliz, an Oxford University research fellow, explores this issue in her book Privacy Is Power, where she highlights how tech companies and data brokers harvest personal information from unsuspecting users. Every time we unthinkingly click "agree" or "accept cookies" on websites, we relinquish control over our private data, often without fully understanding the consequences hidden in lengthy terms of service. This practice, commonly known as surveillance capitalism, turns our personal thoughts and behaviors into commodities, allowing companies to predict and influence our future actions with alarming precision. Safeguarding our privacy in the face of these technological intrusions is more critical than ever.
George Orwell’s dystopian observations about government eavesdropping are eerily prophetic to today’s consolidation and monopolization of information and the power that comes with it, held by organizations that may not have our best interests in mind. Today, data is bought and sold by tech titans in Silicon Valley, social media, news outlets, government agencies, and other organizations profiting at our expense. Using artificial intelligence (AI) and increasingly sophisticated algorithms, these entities extract metadata every time we scroll the internet or log on to websites. Moreover, personalized profiles about you, your family, and your friends are monetized without your consent—potentially violating Fourth Amendment rights protecting us from unreasonable searches and seizures.
Approximately 17 billion interconnected devices worldwide are enabled by the ubiquitous Internet of Things, codes, and sensors. What could possibly go wrong? Well, actually, a lot. This system enables cyber thieves to target confidential information housed in your computer or on ostensibly secured cloud services. Data insecurity is more prevalent than we’re led to believe with the advent of generative AI and large language models (LLMs) such as OpenAI/Microsoft’s ChatGPT and Google’s Gemini.
Cyberattacks aim to exploit security vulnerabilities to access sensitive data spread across the cloud data centers worldwide. The more data collected by a company or third party, the more tempting a target they become to infiltrators. According to estimates, the global cost of cybercrime topped $8 trillion in 2023 – larger than the national economies of all but two countries: the U.S. and China – and cybercrime revenues are expected to grow to more than $23 trillion by 2027.
Electronic devices like iPhones, smartwatches and smart home appliances all have substantial susceptibilities. One of the biggest culprits are cars, which can contain up to 150 million lines of code to power sensors, phones, cameras, microphones, infotainment systems, and maintenance updates. While this added functionality has gained wide consumer acceptance, its highly intrusive nature is unknown to many, as data privacy is breached without their consent. For example, information technology embedded in your vehicle collects and shares your driving habits with vehicle manufacturers, law enforcement, insurance companies, and other data brokers. These data points, particularly your acceleration and braking patterns, are of great interest to insurance carriers and one reason auto premiums have recently skyrocketed.
When we trade privacy for protection, we risk losing both. The widespread adoption of AI and generative AI has raised the frequency and severity of cyberattacks. Paradoxically, generative AI and large language models may also provide solutions for countering and managing digital data leaks. Security experts and coders can evaluate and vet computer code via chatbots and provide actionable recommendations to improve data protection. One example of this type of AI-powered assistant is Microsoft’s 365 Copilot for Security, which detects threats in real time.
As technology advances, the responsibility for data security and privacy ultimately rests with the user. While no method offers complete protection, several practical steps can significantly reduce the risk: keeping software updated in real-time, investing in continuous employee training, using dual-factor authentication and security keys, regularly changing passwords, managing cloud data responsibly, and utilizing ID theft protection services. Equally important is having a robust risk management strategy and an up-to-date business continuity plan, so you’re prepared to act quickly in the event of an attack. Being proactive now is far better than scrambling to react when it’s too late.
