Are hackers really the problem when governments can just ask for or legislate the requirement to turn over user data? Russia currently has approximately 149 million people living within its borders, and while Tinder is not the most popular dating app in the country, even a small percentage of the population could be subjected to exposure by the government. Couple that with Russia's desire to establish its own walled-off local internet, similar to China, and privacy and access to information become a very rare commodity indeed. Privacy has always been a concern of mine to a certain extent. Waaaaaay back in the olden days, as Al Gore was inventing the internet and I was but a mere Padawan in grad school working towards a Ph.D. in political science, the concept of privacy in a rapidly advancing technological age was the thesis I was shaping. While I left those ambitions behind when I stumbled into the early days of the dot.com era and wound up with a career in technology, those educational influences wound up directing the path I would take into computer security, where the concept of protecting systems and personally identifiable information (PII) still has a strong hold. We are constantly bombarded by news articles, blogs and blurbs on the local news about the latest breach in security and how many users were potentially affected. It sounds awful, and the impact that an actual identity theft has on an individual can be profound. I don’t know a single person who has not had to change their credit card or get a new account issued because someone managed to skim their information and monetized it on the dark web. As humans, we have this interesting dichotomy within all of us. We are social creatures, and we crave to interact with the world around us. Technology today gives us the tools to do that on a global scale. At the same time, we also crave privacy. The ability to shut ourselves off from the world around us and to be one with our own thoughts.
Where Is the Balance?
In order to thrive in this increasingly interconnected world, we are almost required to give up a huge amount of the privacy we desire. Want those Bose noise canceling headsets fast? Amazon. Want to collect enough points to get cheap gas at the local Safeway? You have to use their loyalty card. Want to get Pearl status at the Mandalay Bay so you can pretend to be a hi-roller? Loyalty card. Every business wants your business. Every business will offer you some incentive to join their club, so they can market directly to you. What do you have to give up in return? Your personal information that is added to a growing data pool. That pool, pond, lake or ocean of data is now under constant threat not only from the pirates and government sanctioned hackers (privateers, if you will). For the most part, some of these governments have now realized that they can just ask (or demand) the information, and businesses – for the most part – are complying in order to sell or operate in said countries.
I guess my point is that privacy may be nearly extinct at this stage and what little privacy we have must be fiercely guarded.
Individuals must hold the companies they do business with accountable for the personal information they store. At the same time, don’t be in such a rush to provide your PII to every business that offers you a 10 percent discount on your purchase if you join their club. Is saving a few bucks at the register worth the hassle when your information gets dumped into the bigger world and you have to clean up the mess? Unless you are a tin foil hat-wearing conspiracy theorist who has gone off grid, for most of us, the genie has definitely gotten out of the bottle. Our information is already out there, and we have to accept that. At some point, that tub of data is going to spring a leak, or some government is going to just come and scoop some of it out.
What Can We Do?
Volumes have already been written on different tips and tricks to reclaim some of your precious privacy. Hell, in an alternate dimension of the multiverse, I completed my doctorate and wrote a volume or two on how to protect yourself. In this universe, I joined a company that operates at a more systemic level. I help companies protect the data with which they have been entrusted. If I had to provide a bit of additional advice, it would be to take some personal responsibility for your data just like you would any of your physical appendages.
If something looks or feels sketchy, don’t be so willing to give up a piece of your cyber-self any more than you would stick your hand into an unknown substance hoping that it’s not going to harm you.
Maybe that’s the ultimate lesson to be learned here. Your personal data is not some abstract concept to be tossed away or sold without a thought. It is real and should be treated as if it were a physical part of you and protected as such. Unless you’re the guy who sold a kidney for an iPhone… don’t be that guy…
