Why is my personal mobile number being asked indiscriminately in India?

By Vaidyanathan Rajan, Senior Consultant, IARM Information Security Private Limited

The legal definition of Privacy is “A person's right to control access to his or her personal information”.

It is my right as an individual to determine what information I would like others to know about me, whom all can know that information and the ability to determine when those people can access that information.

I should take care (based on basic due diligence) that every product/application I use gives me confidence that my Privacy is not compromised. And gives me the authority and the permission to choose what I share and with whom. This will ensure that transactions done by me are not done at the cost of my privacy and security, instead supports these two attributes.

Nowadays, most of the organizations (whose products or services touch my life on a day-day basis) have conveniently assumed that my phone is my second-factor authentication instrument. This includes online purchases and purchases made by visiting the shop.

Most of the Supermarkets, hypermarkets, vendors, shops or shopping outlets, also wanted my cell phone number, again with no explanation or context.

Some of the petrol pump outlets, Toll Plazas, Social Gathering Events in a public place are constantly attempting to solicit my number under one pretext or the other through freebies (complimentary water bottle), distributing free magazines, lucky draw, etc..

Cell phone numbers, of late are indiscriminately and increasingly used as authentication instruments. Not only that, this number which is so personal and privy to me, is also being shared with third parties without my consent.

My personal mobile number can yield much more information than what I can imagine because it is available with so many Websites, Vendors, Supermarkets, Government Agencies, etc and that it is connected to so many related databases. Moreover, the handheld device itself is generally with the user, that is me, unlike landline numbers that are common for a family or an organization.

I am quite alarmed when people share their mobile numbers casually or freely without any inhibition, to whom so ever is asking without even batting their eyelid – “sure, please take it”. I am put to hardship (at times) when I don’t share my mobile number in the first instance while making purchase-related payments.

A casual glance at the count of soliciting agencies (for my number) or the demanding agencies (for authentication) easily runs to about a fifty.

Let me take for analysis 3 such sample interfaces where I share my mobile number and let us deduce what pattern of information can be constructed.

1.      Pharmacy

2.      Dress Purchase

3.      Grocery Store

Example 1 - Pharmacy

Basic analysis of the above data reveals

1.     Family composition, diseases manifest in the individual or family, medicines being consumed, etc..

2.     Their chances of childbearing (based on age, current suffering (based on diseases diagnosed), medicines consumed, etc).

3.     (can even predict) the ideal time - when the spouse can attempt ‘getting pregnant’.

Example 2 - Purchase of Dresses

Basic analysis of the above data reveals

1.     An individual’s style and preference, his / her employment background, payment preference (credit card/cash), etc..

2.     Their religion, community, number of family members etc.

3.     their ‘native’, Their behavioral pattern (based on the native, community details, dress preferences) § Temperament (eg. easily provoked, aggressiveness, ‘cut-throat’ approach to business), etc.

Example 3 - Grocery Store

Basic analysis of the above data reveals

1.     An individual’s place of stay and number of family members.

2.     Single-parent households,

• Elderly people living alone,
• Their preferred time of delivery of grocery items (can be linked to planning to con elderly people on the pretext of goods delivery)

3.     ‘health consciousness’, for eg. (based on the groceries ordered)

4.     Pets at home

5.     Diseases/ailments at home (based on specific groceries being ordered)

These three examples cited above – when subjected to basic analysis of the purchases made and the payment method gives an extraordinary insight into the life and psyche of the purchaser.

The analyst (who has the purchase bills from these three entities) has the requisite data to arrive at the personality of the individual, his family composition including pets, predict his lifestyle, family’s health condition, travel plans, etc

Furthermore, the analysis will help the analyst predict happenings in the family to a greater degree of accuracy.

While the traditional definition of hacking relates to “unauthorized access to the network, IT resources and information”, there is a general misconception that the term hacking is used only when there is an intrusion into the networks of big organizations, banks, data centers, etc. leading to leakage or loss of information. It need not be necessarily so. When we study the information culled out (abovementioned three cases), the reconstruction of “meaningful personal information” based on analysis also constitutes leakage of private information (which I have thought is very close to me) or loss of privacy.

This data when shared with telemarketers will help them bombard calls to the individual, focussing on areas of interest/health concerns surprising the individual, thereby creating an element of worry and fear with respect to his / her safety and security.

There is an equal chance that the same data/information landing in the wrong hands can make my life miserable (as my peace of mind is lost due to misuse of data or information). 

It sounds scary, isn’t it?

So, what should I do?

Think before you share your information

• What are my personal data (vendors/agencies) being collected?
• Why do they need this information? How is it going to be used?
• With whom will my personal data be shared?
• When and how the ‘data collected’ will be deleted?
• How long will they keep my data?
• How are they securing my data?

Send your thoughts and feedback to [email protected] and help us make Mind Over Articles more relevant to your needs. If you would like a friend or colleague to receive these Articles, reach us at +91 9361906667.