Read the terms and conditions - you don't have to accept them. Photo / iStock
A legal war between Apple and the FBI has thrown up worrying issues about how much personal information we freely give to companies. Ahead of Privacy Week, science reporter Jamie Morton finds many Kiwis now accept their personal data doesn’t just belong to them.
"Do you accept our terms and conditions?"
It's a seemingly harmless question we're asked each time we download an app for our smartphones or sign up for a new social media account. Invariably, we hit the agree button without thinking about it.
We then happily start dishing up our personal details, ranging from seemingly innocuous specifics like the name of our ISP provider to our credit card number and pictures of our children.
What we agree to share is all there to be read in the policy, which sometimes isn't easy when it's a lengthy document, deliberately written in capital letters and packed with long sentences and legal jargon.
If you did read it, you might learn Facebook shares much of your information with advertisers so they can target you, and that Apple uses your iPhone geodata to track your location in real-time.
And you'd know you can block the cookies Google uses to collect and share data about you.
Although we'd still never tell a stranger in the street the names of our kids or where we've been in the past week, newly published survey data indicates nearly half of Kiwis accept we don't enjoy such privacy in the online universe.
We volunteer personal information because it allows services to be tailored and leads to a better online experience, tech commentator Peter Griffin says.
Open your Facebook newsfeed and check the list of pages its algorithms have recommended for you based on topics you've discussed in a conversation you might have assumed was private.
It might be a link to a food festival you weren't aware was on in a city you posted you were visiting soon.
But too regularly we forget the treasure trove of information we offer is being dissected every which way to target us more effectively with advertising and marketing campaigns. This anonymised data is also sold to Facebook's partner companies so they can improve their targeting, too.
Griffin expects we'll see more of this with the introduction of chatbots on Facebook Messenger and other similar platforms.
These are computer programs that act like customer service agents, offering what you want, be it directions to a hotel or a room booking for that hotel.
"New technologies will gather even more data - from health and activity trackers to virtual reality headsets," he says.
"Because the large tech com-panies have fingers in so many pies and link multiple services with one account, we will get to a point where they know their users better than users know themselves.
"That is kind of cool on one level but pretty creepy on another."
Unless told otherwise by a trustworthy source, you should assume anything you tell friends on social media can be read by any employee of the host company, as well as by any competent hacker or domestic or foreign government.
Some communications are encrypted and often in an end-to-end form, meaning only the sender and receiver can see it. Some (ChatSecure and Orbot, WhatsApp and TextSecure) are rated more secure than others (SnapChat, Skype and Hushmail).
you should assume anything you tell friends on social media can be read by any employee of the host company, as well as by any competent hacker or domestic or foreign government.
Facebook can't pass on details to advertisers and other companies that "personally identifies" you - your name or email address, for example - but it does share demographic information such as your job, age, home city and interests.
It's why we get those unsettling moments where an advert for sleep therapy can pop up on your Facebook page after your partner has tagged you in a post complaining about your noisy snoring.
As web blogger Andrew Lewis puts it: if you're not paying for it, you're not the customer, you're the -product being sold.
And those frighteningly targeted ads could be a fraction of what is known about you. "It's simply impossible to know for sure how much information may be captured by these companies," says Dr Alastair Nisbet, a lecturer in security and forensic IT at Auckland University of Technology (AUT).
"The technology exists to capture a lot of the information but whether it is done or not is unknown."
We can opt out of sharing data but it is increasingly difficult to avoid the social networks as they become the main way people interact. It is a vast and rich well from which marketers and advertisers can draw.
Worldwide, Facebook legally owns the personal details and communications of about 20 per cent of the planet's population - more than 1.4 billion people.
In New Zealand, two-thirds of us log on to social media sites like Facebook every day and 85 per cent of people use them at some point.
We're getting friend requests from older family members who, just a few years ago, couldn't text or send an email.
The AUT-led World Internet Project New Zealand (WIPNZ) survey, which canvassed nearly 1400 people last year, found more than a third of Kiwis over 65 have a Facebook account. Intriguingly, it also revealed that we're more worried now about companies violating our privacy online than the Government.
The researcher who led the survey, Dr Philippa Smith, believes media coverage of online privacy issues and documentaries such as Terms and Conditions May Apply have raised big concerns.
Griffin also points to high-profile data breaches at companies in which the personal details of millions of people were leaked on the internet, notably the shamed users of cheating site Ashley Madison.
"These high-profile events and a growing understanding that the internet giants are using ever more sophisticated algorithms and artificial intelligence to gather and analyse our data makes it a bigger concern than government surveillance, and rightly so," he says.
It's hard to tell whether spy agencies or companies like Facebook hold more information about us.
The eye-opening revelations by former CIA employee Edward Snowden suggest most governments are involved in the collection of metadata - the data about our data - which reveals much about who we communicate with, where and when.
In the US, a fresh privacy debate has been fuelled by the FBI gaining access to the iPhone that belonged to the gunman who shot dead 14 people in California last year.
Usually, law enforcement agencies have to request data. In New Zealand, in the second half of last year alone, Apple handed over data in three-quarters of the 311 cases where it was requested.
But the FBI case raises fears around encryption and whether companies like Apple can keep us safe from those snoops it doesn't open the gate to.
Auckland University computer science lecturer Dr Paul Ralph, however, says social media companies are still doing a much better job of protecting user privacy and security than ISPs and telcos, which track everything we do online and keep it forever.
"Going incognito or 'private browsing' only hides your actions from your family. Your internet service provider still has a complete record of every porn site you've ever visited."
Are we also safeguarded by New Zealand law? The Privacy Act and other legislation are specific about informing people about the intended use of data and there are strict laws relating to data collected for one purpose not being permitted to be used for another purpose.
Further, the Privacy Commissioner states the use or disclosure of publicly available information may still be covered if that use or disclosure is "unfair or unreasonable in the circumstances of the case".
When dealing with websites and services that aren't trustworthy, use anonymous browsing settings or dummy email accounts and user names.
Yet the reality is that it comes down to whether the company is adhering to the terms and conditions you signed up to and largely, that will be policed in the country in which that company operates.
In New Zealand, part of the ongoing work of the government-established Data Futures Partnership looks at addressing worries around government data use, which is subject to a set of principles approved in 2011.
These require that government data and information should be open, readily available, well-managed, reasonably priced and reusable unless there are necessary reasons for its protection.
But Privacy Commissioner John Edwards agrees there is an "increasingly urgent need" to modernise the law to deal with the challenges of our data-rich digital economy.
Meanwhile, there are easy steps you can take to protect yourself.
Griffin suggests sharing the bare minimum about yourself to be able to use the services in the way you want and use privacy settings to control who can see your content, limited to what you'd be comfor-table appearing in a newspaper.
When dealing with websites and services that aren't trustworthy, use anonymous browsing settings or dummy email accounts and user names.
Fortunately, the WIPNZ survey shows two-thirds of Kiwi internet users actively protect privacy online and almost half believe they can control it.
The problem remains that many people are willing to relinquish information for the price of being connected - prompting one final recommendation from Griffin.
Read the terms and conditions - you don't have to accept them.
Five things your iPhone knows about you
1. Where you've taken it
If you want to see what your iPhone knows about where you've been, click on Settings, then Privacy, then Location Services. Scroll to the bottom and click on System Services and open Frequent Locations. If the system has been enabled, it should tell you everywhere you have taken it.
2. Whatever you've told Siri
What you tell the dictation feature - and even the sound of your voice - is collected, processed and used by Apple, according to the company, to improve the services.
Apple says it may collect "non-personal" information such as your occupation, as well as your language, postcode, area code, unique device identifier, referrer URL, location and the time zone where its products have been used.
4. What you tell other people
Apple says it may hold iMessages for a time - although in an encrypted or protected form.
5. Who your family and friends are
If you share your content with your family and friends using Apple products, or invite others to use Apple services, the company can collect the information you provide about those people - such as their name, mailing address, email address and phone number.
• Consider how much personal information to give. You have a choice about what information you provide.
• Read website privacy notices. If a website has a privacy notice this may state its purpose for collecting personal information.
• Adjust your browser settings to control the collection of information. Websites can collect information about your browsing habits through the use of cookies.
Source: Office of the New Zealand Privacy Commissioner