Friday, January 01, 2016

What about PII that is never published on social media but stored in cloud accounts?

The recent story about aggregation of voter data (on the ID Theft blog today) reminds me of another idea:  the possibility that PII of others is aggregated on a personal hard drive, or particularly Cloud space, and could be hacked.

I never post PII on a public space for any reason, and I’m pretty judicious about letting others know my location most of the time.  I don’t announce my trips or events on Facebook.  I don’t have the degree of social connectivity that could use Snapchat, or constant texting of others as I often see in bars.  (That also raises questions about appropriate use of Twitter messaging, as I discussed on the main blog Dec. 4).

I do have PII of a few individuals on various hard-drive files, that get backed up in the Cloud.  It’s not that many.  There may be a few emails with some specific correspondence (outside of official business with banks, for example, where email is secured and encrypted). It’s not that many.  A few relatives, a few other friends, some from the family.

I also have a personal diary file, which is never published, with code names for people and events (although dates are real).  You could say the file is effectively encrypted, and would very difficult even for the NSA to decipher (not that it would particularly want to). So while it is theoretically possible for unpublished PII from my personal hard drives and clouds to be hacked, it would be very difficult for a hacker to know where to begin to look and to make any use of the information.  Also, I don’t network my computers.  I move the data physically and keep thumb drive backups.  (Optical would be a good idea, just in case of EMP).  I even keep some thumb drives in safe deposit boxes.
I do recall, back in the 1990s, the government (in an interview with a former CIA official) claimed that there were ways to get at personal (unshared) data if it really wanted to.

One issue to keep in mind if saving passwords on PC’s, that are left in a house (even with normal home security), particularly when going on a long trip (none are scheduled right now).  That would include PW’s to major social media accounts, bank accounts, and cloud accounts.  Two-step verification is desirable.  It’s also desirable that any PC require a log on with a password to even be used.

No comments: