The de-evolution of online privacy
June 24, 2015
Our big institutions, both corporate and government, are not able to keep up with security in the digital age. As our communications, commerce, and even our health data continue to move online, what is the individual to do?
From the recent breach of US government systems exposing valuable personal data, including Social Security numbers, for millions of Federal employees; to the Sony hack revealing private corporate communications to embarrassing effect; to the intrusions on computer networks at major health insurance companies Anthem and Blue Cross, the list of concerning events goes on and on.
Do we need a cultural shift in our understanding of cyber-privacy? And what would that be? In this episode of the Digital Life, we discuss the consequences of online privacy devolution.
WikiLeaks Dumps More Sony Documents
Chinese Hackers Get Access to US Government Systems
So I wanted to start with some of the big news events of the past couple months around privacy and then talk a little bit about that topic both from a user experience perspective and from the general digital culture perspective as well.
So let’s get started with one of the more disastrous security breaches of the 21st century so far which is that of millions of federal employees having their personal data siphoned off by hackers, presumably of Chinese origin, at least according to a reporting I’ve seen by the New York Times. And essentially getting into our governments antiquated systems and then extracting this data which included social security numbers from what I understand. And this is data specifically about federal employees, so now this has been exposed and for the United States I think this is a horrible black eye because we’re at least given the story that our cyber security and our digital readiness for the future is solid and it quite clearly is not. So we have this huge governmental on the cyber security side and I just found this news item to be somewhat shocking. I don’t know, what was the impression that you took away when you heard about this?
But it’s a problem that’s not going to go away, the nature of computer science, the nature of computer security is such that an individual or particularly a group of individuals that are banded together officially or unofficially by a federal government or a federal group have the power to get into anything they want given enough time. And that’s the price that we pay, whether it be the U.S. government or individuals, for having our information on the internet. For engaging with this thing that is, by it’s very nature, global, virtual, and really hard to protect. It’s tough.
So it makes me wonder if this centralized information and these large institutions that are unable to protect themselves, if that’s going to necessarily sort of need to change in some way. And I don’t have the security vision to see how that would happen. But there’s no longer the all powerful large institution that can control all aspects of it’s being. It’s now these smaller nimbler players who have very much the advantage when it comes to the security aspects.
But if the institution really wanted to protect against it, it would be very … It’s very doable, but it’s a kin to … Like if you think about CDC workers dealing with a real virus. They put themselves in a special suit, then they go in that suit into a staging room between, say the room where they live and the room where the yuckies are, and they’re … I’m sure I’m using the imprecise and silly specifics but they’re hosed down essentially. So they have to put this outfit on and then they’re additionally have all these other protocols in order to be safe.
By taking these systems off the internet, by essentially having the data in literally a physical and safe place. Having the systems in a physical and safe place. And then going through this safe staging process, and then being available in real time for a period of time, and then being pulled down and walked down again. Like that’s a way around it, that’s a way … If its built correctly and can handle responsibly and consistently, and if the physical infrastructure and the ultimate safe space is truly, truly safe, which there’s a different vulnerability right there. In that scenario the hackers can be avoided, these things can be avoided.
But how many of us, how many organizations would want to deal with those kind of protocols? Because it requires a whole lot of downtime. And we are accustomed to using the internet in a way where there’s no downtime whatsoever. And that is indeed one of the key features of it. So it will take something really, really cataclysmic for something at the level of the United States government to take major every day systems and put them into that kind of a process. But it is solvable, it is doable. It’s just using the internet in ways that are very much divorced from how we’ve becoming accustomed to using them up until now.
So as our online presence increases … As the amount of information about us in the digital world increases, so does our exposure and becoming a target for people to do not so nice things with it.
And you know another nuance to all of this is, there’s a difference between what I’ll call criminal hacking, and what I’ll call destructive hacking. And the distinction I’m drawing is criminal hacking is one that is done with a plan, whether it be done by a vigilante or whether it be by a shadow government group, the idea is we want to get N data for Y purpose and it will be operationalized for that purpose. A very few of the big breaches were seen in the news fall into that category. Most of them fall into the category of destructive hacking, where it’s less about executing the plan to exploit the data and it’s more about embarrassing, humiliating an enemy. Somebody you want to hurt, basically. Somebody you want to bully. And so, the U.S. government of course is a huge target for that. Just like Sony Entertainment Group was a huge target when they were putting out a movie lampooning the supreme ruler of North Korea.
And at more personal level, I think where it gets more troubling is what could be done to us as individuals. We already see it from a non-hacking perspective, in terms of the bullying and doxing that go on with social media. But if a target was juicy enough, it could be a lot worse than that. What would happen if someone who really had reputation and clout … Who’s a good example for this? If like a Malcolm Gladwell, if he, who people listen too, came out with something that was very subversive against whatever; the Chinese government or some individual organization that just wasn’t going to tolerate that, what could they do? How could they criminalize their hacking, their nefarious efforts to really, really put a world of hurt on that individual?
So we just are all vulnerable in so many different ways. And we are now in a world very much where if you stand up and stick you hand up above everyone else, it could get chopped off in brutal, brutal ways. Most of which are virtual but have real impact in our physical realities.
So we’ve come to this moment, and our expectations of privacy moving forward are based on this pre-digital world. And it feels like we’re really learning a lot of hard lessons all at once, which is making the scenarios even much more different culturally. So I wonder from a user experience perspective, how we can expect our concept of privacy to evolve over the next, who knows, 10, 20, 30 years. Are we capable of changing how we think about our personal and private data? Or are we just going to feel more and more squeezed by our online presence and try to keep everything under wraps? What’s your take on that, Dirk?
So it’s just so difficult in the current ecosystem to really be private, to really have your data protected. And what exacerbates it, and what makes it something that is not urgent for us … And I’ll speak for myself here but I’m assuming it’s the case of many other people, is that we think we’re safe from the standpoint that even if we get drilled, even if our data gets out there we get identity thefted the worst things happen, I have confidence that I’ll be bailed out. That whether it be my bank, whether it be the government, whether it be the company that holds my mortgage. However I’m undermined that there’s a safety up there. So the only thing where I feel vulnerable ultimately, and it sucked to have a really nasty identify theft. But that it would be fixed and over and life goes on.
The only place where I think I’m vulnerable are things that might be embarrassing if they got out. But I’m increasingly just not caring because I think it’s going to happen if I’m ever well known enough to matter, I think my stuffs going to get out there and I’ll just own it. Because there’s nothing that I’ve done online or been interested in that I wouldn’t be able to stand up and own at the end of the day, even if they’re thing that conventionally, somebody would be vulnerable from. So it’s just a really, really hard situation given the nature of the digital ecosystem and then just, again, given the fact that the safety nets are there. It’s very unlikely that any of us would be compromised, and the compromise would be turned into literally our life being totally changed. It may be for a short period of time, but then it’s fixed and life goes on. So, it’s tricky stuff my friend.