They thought they could get away with it. The 37 million people who put nude photos and intimate details of their sexual fantasies on the Ashley Madison website (which has the slogan “Life is short. Have an affair”) had a get-out clause.
Ashley Madison, like some other sites, offers a hard delete – a guarantee that for a certain amount of money, your data will be scrubbed from all of its internal records. To permanently destroy all traces of your affiliation with the adultery social network costs £15 in the UK.
However, a hacker collective called Impact Team has revealed that customers’ details aren’t entirely deleted. Compliance with auditing requirements means that the credit card details and name used to scrub the account remain in Ashley Madison’s database, rather defeating the point.
Serves them right, some might say. But this should be a reminder that there is a big gap between what web sites do with our data and what they tell us they will do. And that there is a lot of wiggle room in the technical details. That’s true even if you haven’t been having an affair on the internet.
Your digital remains
Take Facebook, for example. The site advises that “when you delete your account, people won’t be able to see it on Facebook“. However, just because you can remove your account from the public-facing servers doesn’t mean no data about you remains in Facebook’s coffers.
“Facebook’s data policy is ambiguous on what exactly it promises to delete after you delete your account,” says Brendan Van Alsenoy, a legal researcher at the Catholic University of Leuven (KUL) in Belgium. “It mentions ‘information associated with your account’,” he says, but “it’s unclear whether this covers any information other than the information that is immediately visible to users themselves”. So while Facebook is legally bound to delete things like status updates, the same legal protections may not apply to internal business information of the sort that Ashley Madison kept.
“Copies of some material may remain in our database for technical reasons,” a Facebook representative told New Scientist. However, “when you delete your account, this material is disassociated from any personal identifiers”. According to European Union law, says Van Alsenoy, “if the data has been sufficiently anonymised, the individual will not be able to insist on deletion”.
Back from the dead
The precise workings of deleting accounts or history with other companies is similarly unclear. A Google spokeswoman directed us to the company’s fine print, which reveals similar caveats: “It is possible to deactivate your user name“, but “if you deleted your Gmail account but want it back, we work to help you recover your deleted account whenever we can.”
“Because we maintain backup systems to make sure we don’t lose users’ data,” she said, “the deletion process may take time.”
This makes business sense given the calamity associated with hacked and deleted Gmail accounts. While the company lets you delete your search history, it does keeps those search logs, but dissociates them from your Google account: anonymised.
However, data anonymisation is becoming increasingly unrealistic. “Re-identifying supposedly anonymised data has been demonstrated many times,” says information privacy legal scholar Paul Bernal of the University of East Anglia, UK, and it will only get easier as re-identification techniques become more sophisticated.
Unfortunately, the law often either misunderstands or lags behind technological developments. In health law, for example, squabbles are ongoing over the definition of “sufficiently” anonymised.
Some say full anonymisation is simply impossible. EU regulators have issued guidelines on anonymisation, however, that are sensible, says Van Alsenoy. “Whether or not somebody is “identifiable” or not is a question of fact,” he says.
And the proposed reform of the EU Data Protection regime includes an explicit “right to erasure” motivated by the frustration of Viviane Reding, the European commissioner for justice, fundamental rights and citizenship, with the difficulty of deleting social media profiles.
The bottom line
Perhaps the real reason companies bury their promises in caveats has to do with the bottom line. Facebook accounts are replicated across geographically distributed data centres. “It would cost Google and Facebook money to delete all data – just setting up the systems would be complex, I suspect, and tracking down all data might be a little hard too,” says Bernal.
For the time being, no one knows what data is kept, how identifiable it is, or how it could eventually be strung together. Plenty of people have been convicted of murder partly on the basis of web searches such as “how to commit murder” and “undetectable poison”.
But even if your search queries are more anodyne, they or other online traces might come back to haunt you. “People tend to think short term, accurately believing that the threat over exposure of “just one post” over a small time frame is rather minimal,” says David Dunning, who studies cognitive biases at Cornell University in Ithaca, New York. “It’s this neglect of the long term that often gets people into trouble.”
So how would such information come to light? A hack would do it. But even if every company were scrupulous about storing your information far from a hackable internet connection, there are still other avenues for your information to find its way back into the open internet.
“The notion of a defunct Facebook seems preposterous today,” says Bernardo Huberman, director of the Social Computing Lab at Hewlett Packard. But many other social networks like Orkut and Friendster fell to the fickle winds of Silicon Valley. In the future, Facebook’s valuable data may become its most valuable commodity.
What guarantee does anyone have that someone can’t one day use Facebook’s or Google’s log files to construct a damning narrative about you?
Whether it’s an incriminating Facebook back-and-forth from 2004 or a series of late-night Google searches on erectile dysfunction, “many people likely don’t know just how long their material stays on the internet, what companies can do with it, or how open it is to hacking”, says Dunning.
Surprise!
A grandmother was shocked to open her local Sunday paper and see a picture of herself from 1955 posing topless for the cover of a magazine.
Helen Dunn, 78, did some modelling as a teenager to help pay the bills and was featured on the front of Span, the Loaded of its day that was published between 1954 and 1976. She did photo shoots for about a year under the pseudonym Sherry Morris until her boyfriend, Alan Dunn, who is now her husband, grew tired of being teased by friends about the pictures.
Now 79, he was in the RAF at the time but went on to play professional football for Manchester United and Aston Villa. The couple married in 1957 and she went on to work as a doctor’s receptionist near Kinver, Staffordshire. The pictures surfaced again after 60 years when the Birmingham’s Sunday Mercury ran a feature about a seller of old magazines. In a mocked up winter scene, she used a large woolly hand muff to cover her chest.
Ms Dunn, who has two grandchildren, said: “I just could not believe my eyes. I started screaming: That’s me, that’s me. I had almost forgotten all
about the picture, but I think it’s great. I can still remember the photo shoot, the photographer was a gentleman, a very nice man. There was nothing iffy about him. I always made my own outfits, even the umbrellas. The picture was originally for a Christmas calendar. My parents knew all about it, they were fine.”
Her boyfriend was not so keen, she admitted. “Alan wasn’t a fan, I think he got a little bit green-eyed at his friends seeing my pictures . . . but the money was very, very good. Two pounds an hour and the shoots usually took two hours. I chose the name Sherry Morris because my great-great gran was a Morris. And Sherry sounded so glamorous.”
The money, though, went straight to her parents. “Dad was a miner and I can remember him coming home with a £5 note. That was his wages.”