Hostile Acts in the Data Spheres: The Battles for Your PII
By Dr. Frank Kardasz, MPA, Ed.D.
Editor: Ava Gozo
December 24, 2021 (revised September 17, 2025)
The relentless barrage of cybercrimes—data breaches, doxing, deepfakes, identity thefts, intrusions, and malware—constitutes a continual assault on efforts to preserve personal information, freedom, and finances. Leak-prone storage, widespread surveillance (both lawful and unlawful), and ineffective regulations further these risks. As the current era succumbs to the rise of relentless data collection, the monetization, politicization, and weaponization of information has become an alarming and wicked menace. This article discusses some core issues and concludes with resources for defense and prevention.
Some Terms of (the Dark) Art
For newcomers to the world of data compromise and cyber misdeeds, here are definitions for four key terms:
Personally Identifiable Information (PII)
Personally Identifiable Information (PII) is data that, alone or in combination with other information, can identify an individual (Investopedia, 2021). Examples include date and place of birth, social security number, addresses, account information, maiden names, pet names, schools attended, and graduation dates. PII is often at risk through accidental or intentional leaks. Many people do not realize how vulnerable their PII really is (PYMNTS, 2018).
Phishing
Phishing is an exploit where perpetrators impersonate reputable businesses or people to acquire sensitive information, such as credit card numbers and passwords (Techopedia, 2021). Tactics are often disguised as friendly social media questions, gradually harvesting personal details.
Doxing
Doxing involves retrieving, hacking, and publishing private information such as names, addresses, and phone numbers. Motivations vary; coercion is a common one (Techopedia, 2021). Attackers may threaten to publish doxed information unless a ransom is paid.
Deepfakes
Deepfakes, or synthetic content, use AI and advanced imaging to falsify video and audio, making people appear to say or do things they never did (Techopedia, 2021). Celebrity and political deepfakes are common, but any publicly available image could be targeted.
Some Users Place Themselves at Risk
In the pursuit of fame, fortune, or recognition, some individuals—both young and old—overexpose personal and familial details on social media while striving to become "influencers." This makes them vulnerable to tailored exploits by data harvesters. Cases of sextortion and other social harms are an increasing concern across the United States.
Depending on geopolitics, exposing personal data and wealth online can have serious repercussions. For example, in China, flaunting wealth online can lead to government censorship (Wang, 2021).
Unwitting Victims
Not all victims are careless. Often, PII is compromised simply by being in the wrong place at the wrong time and then exploited for malicious acts.
Synthetic Content (Deepfakes)
Law enforcement agencies recognize the rise of deepfakes as a growing threat. The FBI has warned that “synthetic content” may be increasingly used for cyber and foreign influence operations (FBI, 2021). Deepfake technology has evolved to create false but convincing video and audio, including invasive software that can “undress” photos via AI manipulations (Cook, 2021).
Data Harvesting Profiteers: Commerce, Capitalism, and Profit
Shoshana Zuboff's The Age of Surveillance Capitalism describes the "rogue mutation of capitalism" that gave rise to today's surveillance industry—quietly capturing data for financial and political gain (Zuboff, 2019).
Edward Snowden put it succinctly: “What they are selling is not information, they are selling our future, they are selling our past, they are selling our history or identity and ultimately stealing our power and making our stories work for them” (Snowden, 2021).
Children's Privacy at Risk
TikTok faced a $29M fine in the UK after breaching child data protection laws for two years (Sawers, 2022).
Weak Efforts to Mitigate Data Collection
Mobile devices and connected systems collect vast amounts of personal data. Although companies like Apple offer features such as "Ask App Not To Track," critics argue these measures often fall short (Fowler, 2021).
Disturbing Anecdotes
Cybervigilante Misidentification & Harassment
-
In 2017, a Michigan man was wrongly identified as the Charlottesville driver; his family faced harassment and required police protection (Bowden, 2017).
-
In 2021, incorrect identification of Capitol rioters led to harassment of innocent people, including a retired firefighter and the comedian Kevin Seefried (Kornfield, 2021).
Facial Recognition Misidentification
-
In 2020, Detroit police arrested the wrong man due to a faulty facial recognition match, resulting in public humiliation and wrongful incarceration (Ward, 2020).
Stolen Identity, Data Breaches, and Doxing
-
A California grandmother spent a night in jail and thousands on legal fees after ID theft led to false fraud charges (Fender, 2011).
-
Fraudsters used a disabled Florida man’s identity to secure fraudulent Medicare loans (Neal, 2022).
-
In Portland, law enforcement officers were doxed during protests; personal data was disclosed, and police withheld officer names due to credible security threats (Toledo, 2020; Portland Police Bureau, 2022).
Ransomware and Schools
-
According to CISA, the education sector remains a frequent ransomware target with broad impacts and high risk due to limited cybersecurity resources (CISA, 2022).
Laws and Legislative Hearings
US legislators struggle to keep up with the pace of cybercrime and data privacy challenges. Declassified CIA documents reveal ongoing civil liberty concerns about unwarranted data collection (Wyden, 2022). In contrast, countries like Australia have made meaningful legislative progress.
Successes and Shortcomings
-
The Children's Online Privacy Protection Act (COPPA) enabled a $2 million penalty against an advertising platform for privacy violations against children (DOJ, 2021).
-
Oklahoma advanced bills to protect active and retired law enforcement officers from doxing—a recognition that such threats require legislative responses (McEachern, 2022).
Some Have Surrendered
Some, like broadcaster Leo LaPorte, suggest surrender is inevitable given regulatory inertia: “...you might as well just assume that if you are on the Internet; Facebook, Google, Apple, they all know what you are doing” (Laporte, 2021).
Celebrity culture can exacerbate these risks, as public figures sometimes attract physical threats via exposed PII.
Don't Give Up
Privacy advocate Rob Braxman insists on fighting back: “...if Google, Facebook, and Amazon play tricks on us, we are entitled to play tricks on them” (Braxman, 2021).
Former law enforcement officer Michael Bazzell assists people in regaining privacy; his book Extreme Privacy (2021) and related services have helped many victims work toward anonymity and protection.
Protect Yourself and Your Loved Ones: Mitigators and Preventative Measures
There is no single foolproof solution. Multiple mitigators can bolster your defenses—keep fighting, stay vigilant, and never give up.
Tips and Resources from Experts, Government, and Industry
-
IntelTechniques – Michael Bazzell:
Excellent guides for data removal, credit freezes, and related tasks.
Best tip: Use the Data Removal Workbook.
https://inteltechniques.com/links.html -
Schneier on Security – Bruce Schneier:
Expert cybersecurity commentary.
Best tip: Use Signal Messaging Application for secure communications.
https://www.schneier.com/blog/archives/2017/05/the_us_senate_i.html -
Federal Trade Commission (FTC):
Consumer protection strategies, especially COPPA compliance.
https://www.ftc.gov/tips-advice/business-center/privacy-and-security -
Electronic Frontier Foundation (EFF) – Privacy Badger:
Browser add-on to block trackers.
Best tip: Install Privacy Badger and UBlock Origin.
https://privacybadger.org/
https://www.eff.org/wp/behind-the-one-way-mirror -
ICE / Homeland Security Investigations:
Guidance to keep children safe online.
Best tip: Set strictest privacy settings for online gaming and devices.
https://www.ice.gov/news/releases/ice-hsi-shares-tools-keep-children-safe-online -
Cybersecurity & Infrastructure Security Agency (CISA):
Recommendations for ransomware and data protection.
Best tip: Maintain encrypted, offline backups and test them regularly.
https://www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf
Conclusion
Cyber-attacks are inevitable, but persistent education and layered defenses are key. Protecting PII is challenging and a continual effort. No single fix exists, but staying current and implementing expert recommendations can reduce risks.
References
Bazzell, Michael. (2021). Extreme Privacy: What it takes to Disappear. ISBN 9798729419395. https://inteltechniques.com/
Bowden, John. (2017). “Man misidentified as Charlottesville driver by far-right sites in hiding.” The Hill. https://thehill.com/homenews/news/346900-man-misidentified-as-charlottesville-driver-by-far-right-sites-in-hiding-report
Braxman, Rob. (2021). “Google Watches ALL Your Devices! How to Stop It.” [YouTube]. https://www.youtube.com/watch?v=LLfoGAHrlQk
CISA. (2022). “Alerts #StopRansomware: Vice Society.” https://www.cisa.gov/uscert/ncas/alerts/aa22-249a
Cook, Jesselyn. (2021). “A Powerful New Deepfake Tool Has Digitally Undressed Thousands Of Women.” HuffPost. https://www.huffingtonpost.co.uk/entry/deepfake-tool-nudify-women_n_6112d765e4b005ed49053822?ri18n=true
Cyphers, B., Gebhart, G. (2019). “Behind the One-Way Mirror.” Electronic Frontier Foundation. https://www.eff.org/wp/behind-the-one-way-mirror#Part4
DataBreaches.net. (2020). “CO: Woman Accused of Bilking 28 victims.” https://www.databreaches.net/co-woman-accused-of-bilking-28-victims/
DOJ. (2021). “Advertising Platform OpenX Agrees to Injunctive Relief and $2 Million Payment in Case Alleging Violations of Children’s Privacy Law.” https://www.justice.gov/opa/pr/advertising-platform-openx-agrees-injunctive-relief-and-2-million-payment-case-alleging
FBI. (2021). “Malicious Actors Almost Certainly Will Leverage Synthetic Content for Cyber and Foreign Influence Operations.” https://www.ic3.gov/Media/News/2021/210310-2.pdf
Fender, Jessica. (2011). “Victim of ID theft, once thought a suspect, helps solve her own case.” The Denver Post. https://www.denverpost.com/2011/11/12/victim-of-id-theft-once-thought-a-suspect-helps-solve-her-own-case/
Kornfield, Meryl. (2021). “The wrong ID: Retired firefighter, comedian and Chuck Norris falsely accused of being Capitol rioters.” Washington Post. https://www.washingtonpost.com/technology/2021/01/16/sleuths-falsely-identify-rioters/
Laporte, Leo. (2021). “The Tech Guy, Ep 1852.” https://twit.tv/shows/the-tech-guy
McEachern, Hunter. (2022). “Backing the Blue: Bill to protect retired law enforcement from doxing advances.” https://kfor.com/news/oklahoma-legislature/backing-the-blue-bill-to-protect-retired-law-enforcement-from-doxing-advances/
Neal, David. J. (2022). “‘He was almost dead.’ $350,000 fraud investigation found Miami man, 84, in squalor.” Miami Herald. https://www.msn.com/en-us/news/us/e2-80-98he-was-almost-dead-e2-80-99-miami-medicare-fraud-investigation-found-elderly-man-living-in-squalor/ar-AATMlnT
Portland Police Bureau. (2022). “Information related to Officer-Involved Shooting in SE Portland.” https://www.portlandoregon.gov/police/news/read.cfm?id=442429&ec=3&ch=twitter
PYMNTS. (2018). “First Data: 34 Percent Of PII Has Been Compromised In 2018.” https://www.pymnts.com/news/security-and-risk/2018/first-data-pii-compromised-cybersecurity/
Rusch, Jonathan. (2021). “Dissecting the Security Implications of the Australian Critical Infrastructure Act.” The OT and IoT Security Podcast. https://tunein.com/podcasts/Technology-Podcasts/The-OT-and-IoT-Security-Podcast-p1354400
Sawers, Paul. (2022). “TikTok faces $29M fine in UK for ‘failing to protect children’s privacy’.” https://techcrunch.com/2022/09/26/tiktok-faces-29m-fine-in-uk-for-failing-to-protect-childrens-privacy/
Snowden, Edward. (2021). “I Remove it Before Using The Phone!” [YouTube]. https://www.youtube.com/watch?v=0dGqR4ue8dg
Techopedia. (2021). “Phishing, Doxing, Deepfake.” https://www.techopedia.com/definition/4049/phishing
Toledo, Arsenio. (2020). “Law Enforcement Officers in Portland Doxed by Antifa.” https://www.newswars.com/law-enforcement-officers-in-portland-doxed-by-antifa/
Wang, V., Dong, J. (2021). “In China, Bragging About Your Wealth Can Get You Censored.” New York Times. https://www.nytimes.com/2021/12/25/world/asia/china-money.html
Ward, Jacob. (2020). “Facial Recognition Software Under Fire After Misidentification Causes Wrongful Arrest.” [YouTube]. https://www.youtube.com/watch?v=Bxpx8izG5nA
Whittaker, Bill. (2021). “Synthetic Media: How deepfakes could soon change our world.” CBS News/60 Minutes. https://www.cbsnews.com/news/deepfake-artificial-intelligence-60-minutes-2021-10-10/
Wyden, Ron. (2022). “Wyden and Heinrich: Newly Declassified Documents Reveal Previously Secret CIA Bulk Collection.” https://www.wyden.senate.gov/news/press-releases/wyden-and-heinrich-newly-declassified-documents-reveal-previously-secret-cia-bulk-collection-problems-with-cia-handling-of-americans-information
Zuboff, Shoshana. (2019). The Age of Surveillance Capitalism. ISBN-10: 1610395697. www.publicaffairsbooks.com
No comments:
Post a Comment
Thank you for your thoughtful comments.