Amongst banks going bankrupt and the economy ever-spiralling downwards, the one thing you can bet on will happen all the time is data loss. Whether it be a payment firm being breached, a retailer with an unsecured network, or employee’s walking out of the office with gigs worth of company sensitive information.
Of course, its a good time for security execs to consider some of the options in the market by which they can protect more of their valuable data. Such as locking down USB drives, having tighter access controls in place, encrypting all hard drives etc. Such steps do form part of the solution, but do they actually address the real problem?
Generally, I only really ever buy petrol so I’m aware of how the transaction works. I fill up my car or bike, dash into the shop and hand over my debit card to the Sri-Lankan man behind the till. He hands me over the chip and PIN machine which I cover up whilst I enter my PIN to make sure no hidden camera captures it and dash back to my vehicle to go off to wherever I was heading.
Its a similar process at a supermarket. You are served by an overweight lady who breathes loudly through her mouth who undoubtedly makes a mistake either scanning your item, or doesn’t know how much an item calls which means she subsequently has to ring the buzzer on the till so that her manager Janet can come over and reverse the error. But all in all its a pretty efficient process.
But apart from petrols stations and supermarkets, the whole transactional process comes with a lot of unnecessary information baggage. I mean, have you ever tried buying anything from the internet? You have to register before you can buy anything. This involves you telling them who you are, where you live, your password, inside leg measurement, whether you would like to buy some viagra, how much you earn, what your first pet was named and a whole host of other information which is completely unnecessary and irrelevant to the fact that I simply want to purchase the Dark Knight on Blu Ray.
In the real world, things are just as bad. I recently purchased a new laptop, simply so I could channel hop and look up random youtube videos at the same time. Anyway, I picked the laptop I wanted and handed over my credit card to the spotty teen with half a tub of gel in his hair. Who proceeded to walk over to his sale terminal to process the transaction. He then proceeded to ask me a series of questions. Like where I lived, my phone numbers and email address. Presumably so that his bosses could sell my details onto a spammer who, knowing that I’d just bought a laptop, would clock me immediately as someone who visits unsavoury websites all the time and hence someone in need of a larger penis.
But there lies the problem. The marketing people want your information so they can target their marketing more accurately. The boss wants more information so that he can sell it on. The spotty teen wants more information so he can sell it on some underground forum later that night. And we willingly give out all this information all the time. Sometimes in return for a bar of chocolate!
There’s simply too much information held by people and company’s who just shouldn’t have any need for it.
I think Bruce Schneier summed it up quite nicely when asked in an interview whether he thought that privacy was the new environmentalism.
“data is the pollution problem of the Information Age. Think about it. All computer-mediated processes produce data. Unless dealt with, it stays around. And it’s after-effects can be pretty toxic. And, just as 100 years ago we ignored pollution in our rush to build the Industrial Age, today we’re ignoring data in our rush to build the Information Age. And, I believe, 100 years from now our great-grandchildren will look back at the decisions we made and wonder how we could have been so ignorant and short-sighted.”
Maybe these crazy bearded people who go on about the environment all the time should also divert some of their attention towards the information problem. Or privacy may simply become a thing of the past.