Why is my Personal Mobile Number being asked indiscriminately?
The legal definition of Privacy is “A person's right to control access to his or her personal information”. It is my right as an individual to determine what information I would like others to know about me, who all can know that information and the ability to determine when those people can access that information. I should take care (based on basic due diligence) that every product / application I use gives me confidence that my Privacy is not compromised. And gives me the authority and the permission to choose what I share and with whom. This will ensure that transactions done by me are not done at the cost of my privacy and security, instead supports these two attributes. Now-a-days, most of the organizations (whose products or services touches my life on a day-day basis) have conveniently assumed that my phone is my second-factor authentication instrument. This includes on-line purchases and purchases made by visiting the shop. Most of the Super markets, hyper markets, vendors, shops or shopping outlets, also wanted my cell phone number, again with no explanation or context. Some of the petrol pump outlets, Toll Plazas, Social Gathering Events in a public place are constantly attempting to solicit my number under one pretext or the other through freebies (complementary water bottle), distributing free magazines, lucky draw etc..
Cell phone numbers, of late are indiscriminately and increasingly used as authentication instruments. Not only that, this number which is so personal and privy to me, is also being shared with third parties without my consent. My personal mobile number can yield much more information than what I can imagine because it is available with so many Websites, Vendors, Super markets, Government Agencies etc and that it is connected to so many related databases. Moreover, the hand held device itself is generally with the user, that is me unlike landline numbers that are common for a family or an organization. I am quite alarmed when people share their mobile numbers casually or freely without any inhibition, to whom so ever is asking without even batting their eyelid – “sure, please take it”. I am put to hardship (at times) when I don’t share my mobile number in the first instance while making purchase related payments. A casual glance at the count of soliciting agencies (for my number) or the demanding agencies (for authentication) easily runs to about a fifty. Vehicle Purchase
Voter ID
Property Registration
SIM Card
Movie Tickets
Vehicle Registration
Aadhaar
Govt. Property Tax
Landline Phone
Travel Tickets
Vehicle Insurance
PAN
Water Tax
Utilities Bill Pay
Online purchases
Driving License
Govt Certificate(s)
LPG
Recharges
Warranty Card
Vehicle Service
Public Exams
PDS
Money Wallets
Private Hospital
Life Insurance
Cable TV
Bank Transactions
OLA, Uber
IT Returns
Job Consultancy
Marriage Registration
Schools/College s Coaching Centres
Health Insurance
Internet Service Provider E-Mail sign up / fallback recovery
Hotel Stay Office
Grocery
Visitor’s Entry
Contests
Pharmacy / Dr Clinic
Club Membership
Matrimony
Let me take for analysis 3 such sample interfaces where I share my mobile number and let us deduce what pattern of information can be constructed. 1. Pharmacy 2. Dress Purchase 3. Grocery Store
Example 1 - Pharmacy
Basic analysis of the above data reveals 1. Family composition, diseases manifest in the individual or family, medicines being consumed etc.. 2. Their chances of childbearing (based on age, current suffering (based on diseases diagnosed), medicines consumed etc). 3. (can even predict) the ideal time - when the spouse can attempt ‘getting pregnant’. Example 2 - Purchase of Dresses
Basic analysis of the above data reveals 1. An individual’s style and preference, his / her employment background, payment preference (credit card / cash) etc.. 2. Their religion, community, number of family members etc. 3. their ‘native’, a. Their behavioural pattern (based on the native, community details, dress preferences) ▪ Temperament (eg. easily provoked, aggressiveness, ‘cut-throat’ approach to business) etc. Example 3 - Grocery Store
Basic analysis of the above data reveals 1. An individual’s place of stay and number of family members. 2. Single parent households, ● Elderly people living alone, ● Their preferred time of delivery of grocery items (can be linked to planning to con elderly people on the pretext of goods delivery) 3. ‘health consciousness’, for eg. (based on the groceries ordered) 4. Pets at home 5. Diseases / ailments at home (based on specific groceries being ordered)
These three examples cited above – when subjected to basic analysis of the purchases made and the payment method gives an extraordinary insight to the life and psyche of the purchaser. The analyst (who has the purchase bills from these three entities) has the requisite data to arrive at the personality of the individual, his family composition including pets, predict his lifestyle, family’s health condition, travel plans etc Furthermore analysis will help the analyst predict happenings in the family to a greater degree of accuracy.
While the traditional definition of hacking relates to “unauthorised access to network, IT resources and information”, there is a general misconception that the term hacking is used only when there is an intrusion into the networks of big organizations, banks, data centres etc. leading to leakage or loss of information. It need not be necessarily so. When we study the information culled out (abovementioned three cases), reconstruction of “meaningful personal information” based on analysis also constitutes leakage of private information (which I have thinking is very close to me) or loss of privacy. This data when shared with telemarketers will help them bombard calls to the individual, focussing on areas of interest / health concerns surprising the individual, thereby creating an element of worry and fear with respect to his / her safety and security. There is an equal chance that the same data / information landing in the wrong hands can make my life miserable (as my peace of mind is lost due to misuse of data or information).
Sounds scary, isn’t it? So, what should I do? Think before you share your information ● ● ● ● ● ●
What are my personal data (vendor/agencies) being collected? Why do they need this information? How is it going to be used? With whom will my personal data be shared with? When and how the ‘data collected’ will be deleted? How long will they keep my data? How are they securing my data?
Conclusion I Hope you enjoyed this article and also it could be useful for everyone to find how our information is shared. And my sincere thanks to Vaidyanathan Rajan, Senior Consultant IARM Information Security who shared this fantastic and informative article. And also know about Email Spoofing
