When I first read about the exposome, I thought the term “digital exposome” would be a good way to refer to the digital environment we inhabit when we “go online.” Not surprisingly, I was not the first person to think of this term. For example, it appears in a 2017 article from Studies in Health Technology and Informatics: “In an increasingly digitised world more attention should be paid to the digital component of the exposome derived from the interactions of individuals with the digital world. We define this “Digital Exposome” as the whole set of tools and platforms that an individual uses and the activities and processes that an individual engages with as part of his/her digital life.” (G. Lopez-Campos et al., 2017)
While I strongly agree with the gist of that article, I have also found digital exposome used in other ways, for example, to describe the use of digital tools to record pollution exposure in the general and specific external environment (think personal air quality monitoring devices and so on).
I propose online exposome as a more appropriate term for “the set of tools and platforms that an individual uses and the activities and processes that an individual engages with as part of his/her digital life.” The online exposome would thus include using a smartphone or other Internet-connected device, having an email address and one or more online accounts, and engaging digitally with individuals or organizations.
The online exposome as high crime neighbourhood
I am confident in asserting that the online expose is, in some significant ways, similar to a high crime environment. However, there are some serious differences between living in a high crime neighbourhood in meatspace and going online.
For a start, it can be harder—in some ways—to get out of being online than it is to move out of a high crime neighbourhood (and I say this fully mindful of how socio-economic factors can trap people in disadvantaged locations). Consider what it takes to get to a point where online crime is no longer a concern.
People use terms like “going offline” or “disconnecting” when they forsake their screens for the weekend, or leave phones and computers at home when they go on vacation. But our online presence persists even when we’re not logged on, and unless we are good at compartmentalizing, so does the stress of knowing that our digital identity can be stolen and abused while we’re offline (it can even be hacked and hijacked after we’re dead). To truly go offline means closing accounts, erasing profiles, deleting cloud storage and all the data entities have stored about you as a result of your online interactions.
To be clear, I’m not advocating that we should all go offline. There are many genuine benefits to being online. But I would argue that it’s getting increasingly difficulty to enjoy those benefits without being exposed to the harmful effects of criminal activity. At the same time, many of the entities that benefit from us going online are failing to do all they can to make it a safe and healthy place to be.
It should also be noted that some “benefits” of going online feel so good they are addicting, further complicating efforts to manage exposure to the online exposome. Intentional fostering of online addiction for profit is now at the center of some big lawsuits and I am hopeful these cases will lead to positive changes. However, I also think regulation of online technologies is needed at the national and international level. Absent such interventions, the future deployment of increasingly immersive technologies will make going online even more addictive, a prospect my good friend Winn Schwartau explores in his forthcoming book: The Art and Science of Metawar: How to Survive AI-Driven Reality Distortion, Disinformation, Manipulation, & Addiction in the Metaverse.
Duty of care when saying “go online”
Both professionally and personally, I see the online exposome as highly criminogenic, that is: “causing or likely to cause criminal behaviour.” Indeed, many countries devote an entire month each year to raise everyone’s awareness of all the things one needs to do, or not do, in order to avoid becoming a victim of online crime (I mean Cybersecurity Awareness Month). And every day of the year we are warned and reminded, both online and off, that cyber-criminals are out to get us, to take our money and data, to access our accounts and devices.
For me, all of the above raises the following question: If an entity requires a person to go online, do they have a duty of care to that person when they do go online? I think the answer is yes. Entities that require a person to go online have a responsibility, a duty of care, to protect that person from the harms they may suffer from being online. I also think that the current high levels of digitally-enabled crime mean that many institutions are in breach of this duty of care.
In my opinion, there is an urgent need for all countries to address the detrimental effects of their citizens going online. Globally, the number of hours per day that working age Internet users spend online is currently somewhere between six and seven hours (DataReportal). By going online we add another dimension to our total environmental exposure, one that contains considerable potential for harmful effects on our health.
Think about being on a crowded underground train, a part of your general external exposome. You are exposed to bacteria, viral diseases, and air pollution. You are also exposed to pickpockets and stalkers. It’s not exactly a healthy environment. Now you take out your smartphone and go online. Sadly, you are now exposed to criminal activity on top of all the other potentially harmful exposures (as I attempted to illustrate at the top of this article).
Clearly, there are many reasons why governments need to do more to reduce cybercrime; but, as far as I can tell, protecting the health of the country’s population has not yet been accepted as one of those reasons. That needs to change, starting now. The benefits of online technology are being undermined by the harmful effects of going online. Furthermore, absent serious intervention, going online is likely to become an even more immersive experience, expanding the amount of time we spend online and—without serious online crime reduction—the range of crimes to which we will be exposed.
Summary
Hopefully, some legal experts out there will read this article and be inspired to pursue litigation based on the information that I have laid out. For example, they could develop cases that confirm a duty of care arising from online imperatives, achieving settlements that push governments and companies to either drop “go online” requirements or do more to make going online less harmful. At the same time, legislation is needed to acknowledge the full range of harms suffered by victims of cybercrime, along with adequate funding of victim support to minimize the short- and long-term impact of those harms on individuals, families, and society at large.
In closing, if you think this article makes a good case for one or more of my four assertions, please share it with others:
- Going online exposes us to a lot of crime. We see criminal activity all around us, coming at us through emails, texts, social media posts, malicious advertising, poisoned search results, and so on. Phishing attacks and losses to Internet crime are at record levels.
- High crime environments are unhealthy. We see multiple studies showing that exposure to crime, online as well as offline, has harmful impacts on mental and physical health, individually and across society.
- Governments and companies that make us go online may be breaching their duty of care. We see people going online because some entities force them to do so, even though those entities know that going online exposes people to harms and victimization against which there is currently inadequate protection.
- More must be done to reduce cybercrime and support cybercrime victims: We see the current situation causing multiple preventable harms and seriously undermining the benefits of current and future technologies.