data retention

“OPSEC” (Operational Security or Operations Security)

ByKen J. Last Update
95 Comments

data retention

Guest post by ‘restoringBrad’

What is OPSEC

Basically, OPSEC is used to describe a means of keeping sensitive or potentially sensitive information “secure” or private. This prevents said information from being used to your disadvantage by others.

Most of us have heard the advice about what to do if we’re going on vacation… arrange for a trusted neighbor to pick up the mail and the newspapers, don’t get on social media and tell the world that you’re going on vacation, use timers to turn lights on and off, etc.

We know that we shouldn’t put the boxes that our televisions, gaming consoles, computers, etc. came in out on the curb for everyone to see.

Most people teach their families that certain things are not talked about outside the home such as if weapons are owned, if there are expensive things in the house, when and where family members work, prepping supplies on hand, etc.

These are examples of Operational Security. They’re obvious in nature to most of us by now. We do these things to help minimize the odds of becoming the victims of crime. Most of us know that if we advertise, someone will notice.

Everyone has their own OPSEC parameters; i.e.- what they are comfortable with being known by others and what they want to remain private. Those parameters can touch on just about any aspect of life:

Open carry vs. concealed carry, family stick figure stickers on the vehicle back window or not (tells a lot about your family), photographs online or not, social media and to what level, comments online, it goes on and on.

This is a sort of “intuitive” form of OPSEC for most people. Information that we see and understand could have negative ramifications should it become public.

The reason I am bringing this up is because there really is a detachment for many people when it comes to information we don’t see but is nevertheless collected, aggregated, and analyzed by algorithms continuously.

This is information that most of us are either not really aware of, or we do not assign the same level of sensitivity. “Out of sight = out of mind”, right?

This information that you don’t see is about YOU.
It covers almost everything about you.

There are protections afforded to us by law when it comes to the collection, retention, and use of information by the government regarding United States Citizens… right?

There is much less protection when it comes to businesses doing the same.

Sure, banks cannot disclose your personal financial information to just anyone. Health care information is private to a degree as per HIPAA laws. But what about the information many people never give a second thought to?

Without delving into conspiracy theory, think about the following few examples:

 

Loyalty Cards/Membership Cards

These are great, right? I go to the store, gather the groceries I want, and when I get to the checkout I simply whip out my card and I get discounts on some of the items I purchased. Or I pull out my membership card so I can prove I am a member and thus am allowed to purchase the items in my cart.

It helps save a few bucks and that’s a good thing, right?

Sure, but it also personally identifies you and logs everything you bought.
Everything… Every time. Forever.

I have been told by employees of a few stores that require membership cards or offer loyalty cards that this data is kept forever. We’re not normally allowed to access it, but it is reviewed constantly by software.

Is that a bad thing?
Maybe.

Years ago, Forbes published an article titled “Kroger Knows Your Shopping Patterns Better Than You Do”, and they’re right. How? Because of that loyalty card and those electronic coupons. They also know if you lean more towards the health food or the bacon and beer.

So how can this be a bad thing? Well, does any other entity currently have access to this information? Will any other entity have access in the future? I bet health insurance companies would love to get their hands on it! Think maybe some of them might be trying to become one of those “associates” that some loyalty card programs warn in the fine print they may share information with?

So, what do you think could happen if insurance companies started using this kind of data?

 

Credit / Debit Cards

Everything you have ever paid for with these can be retrieved. Sure, there is no itemized receipt on your credit card bill, but it’s been recorded all the same.

I cannot find a definitive answer as to how long those records are kept and by whom, but I suspect that they are another “forever” thing.

I once had to return a faulty item to the store, but could not find my receipt. When I explained this to the guy at the customer service desk, he asked if I had paid using a credit card. When I advised I had, he asked for the card and swiped it. On the screen was a list of everything I had ever bought at that store using that card. Everything.

Sure, that’s just one store, but what about all the other places both in real life and on the Internet that we used plastic?

I called my credit card company back in 2008 or so to ask them to help me with a problem. I had used my card on a major nationwide retailer’s website and had not received one of the items that I had paid for. The representative at my card company was able to tell me everything I had purchased. Everything.

Ever buy long term storage food online? Ammunition? Firearms accessories? Books? Supplies? Even if you used a prepaid card, someone somewhere has a record that you bought it. Who has or may someday have access to that information?

 

EMR (Electronic Medical Records)

By January 01, 2014, ALL private and public healthcare providers were required to start using EMR by the American Recovery and Reinvestment Act of 2009.

It also prodded them to use EHR (Electronic Health Records) which are apparently different from EMR. EHR provides a comprehensive medical history of a patient while EMR is just the medical history from a single health care provider.

Think about that for a moment. EMR is just the records from a single health care provider. EHR is everything from all the health care providers you’ve seen, lumped together in a big data file with your name on it.

This could help save lives, no doubt about it. It can also work against you.

Ever seek care from the V.A.? Ever had a doctor you simply did not “click” with? What did he or she say about you in your file?

I once had a nurse react very badly when the doctor told me to disrobe and she saw my firearm. The doctor chastised her for her attitude and verbal attack, but the doctor isn’t the one entering my medical data into these records. Did her sudden hatred for me as a firearms owner skew what was entered?

These databases of your medical information are controlled at the federal level, and are available to more than just healthcare providers. There is indication that they are available to all the alphabet agencies (as evidenced by one of them using these records to add numerous veterans to the NICS no firearms list). I think they are available to the department of health as well.

 

Mobile Phones

Good luck figuring this one out. There are conflicting reports and privacy policies out there which indicate your mobile provider keeps call logs, text messages, multi-media messages, text logs, IP sessions, etc. for anywhere from a few hours to forever.

Sure, you can contact your provider and ask, but you may be getting information that isn’t accurate. Look at the problems many people have had with mobile phone companies just in regards to plans and pricing! Consider the investigations and lawsuits that have been able to “retrieve” long since deleted SMS and MMS messages.

The thing to consider is what information is kept and who may have access to it.

And let us not forget the “Stingray” type devices out there. These pick up all the calls in a given area, not just a targeted handset. My neighbor told me that he can log into his mobile account and literally see every single thing his sons do with or on their mobile handsets. He can read their texts, look at MMS messages, the whole 9 yards, and apparently does not need physical access to their handsets to do it.

 

Apps

Applications or “Apps” on your phone can be a privacy nightmare. Scrolling through the detailed permissions many of them require should give any sane person, and especially every prepper pause for concern.

Years ago, my wife and I once had an application on our first smart phones that was nothing more than a notepad program for grocery shopping that automatically updated on both of our handsets. It was even marketed as a grocery list. If I added an item, say milk, it would show up on her list. We thought it would be handy and used it for a few weeks before I had to reset my phone and a plethora of permission pop-ups starting appearing.

Even though this application could only be used for entering text (such as the items on your grocery list), it required permission to access and activate our phone still camera, video camera, and microphone, as well as required access to all data, text and multimedia messages, photo gallery, contact lists, call records, and location. Seems like allot of required access for nothing more than an auto-updating grocery list app.

More: Read Part 2 (Operational Security on the World Wide Web)