Security

Why you really should care about privacy

Privacy is not just for people who have something to hide. It is for everyone -- even you.

Privacy is not just for people who have something to hide. It is for everyone — even you.


Privacy is an increasingly popular topic of discussion as the reach and relevance of the Internet in our lives increases. More and more, people find their leisure time, work time, and even home improvement time dominated by the Internet. Outdoor activities like hiking and bicycling often involve long hours spent researching and purchasing gear online for the best prices and quality equipment. Amazon has turned book readers into online bargain shoppers. LinkedIn, Facebook, and Google Buzz are turning the Internet into an invaluable job seeking tool — more so even than job-hunting sites like Monster.com ever did.

With the amount of information we share over the Internet with vendors, social networking sites, and banks, privacy matters take on a whole new urgency. This urgency is only enhanced when one reads headlines about privacy breaches at such organizations, whether it be foreign governments cracking security at US Web-based corporations, the US government or UK government losing data, or corporations effectively giving information to anyone who pretends to be a law enforcement official — because there is no reasonable way to service eight million requests in a year without automating the process to the point that there is no effective oversight. To the perceptive observer, it quickly becomes apparent that privacy is security.

Despite this, many people seem entirely uninterested in matters of privacy. They don't see the dangers of Internet services with automated law enforcement portals, trusting the government with private data, or encryption that doesn't trust the user. Even more disturbing, a common refrain echoes through online debates about the importance of privacy — neatly paraphrased by Google's own CEO, Eric Schmidt:

If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

Another common form of it is "You have nothing to fear if you have nothing to hide."

Despite the evident necessity of encrypted connections to e-commerce websites and the frequency of new vulnerabilities discovered in various implementations of SSL/TLS encrypted connections, many persist in believing that concern over sending private information to various corporate and government websites is paranoia.

Despite the evident necessity of guarding against social engineering attacks, many persist in believing that concern over providing automated access for law enforcement personnel — and just trusting that they both have the required warrants and are who they claim to be — is paranoia.

Despite the evident necessity of double-checking the encryption implementations offered by vendors to see if they're just using a glorified XOR cipher with a static, symmetric key, many persist in believing that concern over the inability to audit the source code for proprietary cryptographic systems is paranoia.

Is it really paranoia if someone is actually out to get you?

Is trust in the intentions and policies of corporations and government agencies really relevant if you cannot trust their competence to protect your private data?

I challenge those who do not believe in the importance of privacy in our information technology enhanced lives to put their money where their mouths are. Create a publicly accessible Website and post your private data there, to simulate the eventuality of some organization trusted with your data having its security cracked, suffering the ill effects of a disgruntled or rogue employee, reaping the rewards of bureaucratic complexity and laziness, or just leaving you to clean up after its representatives' and officers' incompetence. Here are some key examples of the sort of data you should share with the world:

  • Bank Account Numbers
  • Computer, Email, and Web Site Usernames and Passwords
  • Credit and Debit Card Numbers
  • Email Contents for the Last Six Months
  • Employment History (Including Current Employer)
  • Every Photograph You Have
  • Full Name
  • Medical Records
  • Mother's Maiden Name
  • Purchases for the Last Six Months (from Condoms to Reading Materials)
  • Social Security Number
  • Street Address
  • Telephone Numbers
  • Voter Registration Information
  • . . . and Anything Else that Comes to Mind

When you have done all that, and lived with it for a few months, come back and tell us whether you still think privacy is unimportant, and only for people who "have something to hide".

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

Editor's Picks