Security's Everyman

Security's Everyman

Thursday, December 13, 2007

Privacy is a goner!

When I wrote my post on the SSN fiasco earlier this week I started to title the post
"Is Privacy Dead?", but I decided against it for lots of reasons. It's an over used
statement, it's been used before on other blogs, etc. Then today I listened to the
latest episode of Secuirty! Now and what was the title? "Is Privacy Dead?" It was an interesting episode that was very light on "true" security content (many would say that all episodes are light on true security) but had some interesting information.

I think most of us have known for a while that remaining anonymous and retaining full
privacy is a thing of the past. Just when we think we have found the way to hide our
tracks someone else finds a way to follow us. Just about everything that we do is
monitored. Our TV viewing habits, phone calls (or at least who and when), what we buy, what web sites we visit, when we go through a toll booth w/ a "FastPass" type of
technology, who we IM and text message, what music we download, what movies we rent
and on and on and on. These are just a short list of things that someone is watching.

What is bad about this for the average person is that there is little in the way of
control as to what happens to the data. Rarely, if ever, do you have a say in what the company that has the data will do with it. They may sell it, store it, give it away, use it to "profile" you, make recommendations on ads to push to you, products to sell you, which department of the government to pay you a visit. :) It's just mind boggling.

Why can't we just live our lives and remain somewhat anonymous? Why do all these companies need to know so much about us? I know the answers to these questions. At least the reasons that they give, but I just want to be me. I just want to buy my milk and bread without being told that other people who bought milk and bread also bought beer and chips.

We have to rethink what we decide to try and keep private about ourselves. Do we care
that the grocery store knows that we always buy a certain type and flavor of Ice Cream? Is it worth saving 50 cents a tub? Probably for most of us. The same goes for our browsing and buy habits online. Most of us aren't doing anything that we don't want others to know about so we don't care.

What is the problem then? The problem is that we risk becoming apathetic and then when something that really matters comes along we let it go without asking why or doing something to prevent it. The loss of something usually starts out small and then slowly gets bigger and bigger until it's gone.

So, who has your data? Who knows what you do? It may not matter now but I think that you need to care and take steps to limit it.

  1. Ask why a company needs to know this much about you in order for you to save a few cents.
  2. Ask what other options you have other than giving out PII about you.
  3. Ask then what data they collect, what do they do with it and who do they share it with.
  4. Ask what controls do you have over the data and what they do with it.
Then make a decision.
  • Do you go ahead and give in?
  • Do you not give out what you don't have to?
  • Do you "opt out" of what you can?
  • Do you make up some of the information so they can't track the "real" you?

They aren't going to quit collecting data and the bad guys are getting better at getting to it so you have to decide what to do. Protect what you can and make plans to recover if something bad happens with what you can't protect.

Creative Commons License
This work is licensed under a Creative Commons Attribution-NC-SA 3.0.