We Are All Vulnerable

Privacy may be a reasonable expectation, but where do we draw the line between what is for our own protection and what is exploitation.


Target, Neiman Marcus, Michaels. We are all familiar with the huge loss of personal and financial data from these establishments. A lot more people are fuming over the data being accessed by the NSA. While we only know the details as leaked by Edward Snowden, this has to be the biggest data breach in history with the government having hacked into the data centers of Google, Yahoo and who knows which other companies. The truth of the matter is that the Internet is not secure and neither is any of the data held there. The questions are: Should we be concerned, and how do we personally control it?

The second question is perhaps the easier to answer. You can’t. If the largest technology companies cannot secure the data, then we have no control over who gets to see it. Just because Google says it is now encrypting more of the data that moves between its data centers does not mean it has done anything to stop the NSA from listening in, because it is not known how they are getting access to the data. If the government can do it, so can criminals and those who wish to exploit us.

But there is a second aspect to this. While Google has proclaimed its disgust with the NSA’s antics, there is an ongoing lawsuit against the company (Case5:13-md-02430-LHK United States District Court of Northern California – San Jose Division) for illegal wiretapping. Google does this so it can provide targeted advertising, and in this process build up an extensive profile about people. This is exactly what the NSA is likely doing with the data, as well. However, the end result is somewhat different. The NSA wants to find terrorists; Google wants to find people with open pocket books.

Which do you fear more? I have nothing to hide from the NSA. Even as a foreigner living in this country, I am grateful to the government for keeping us relatively safe, and I understand that this can mean giving up some rights and paying some taxes to enable them to do this. Snowden himself asserted that about 300 terrorists had been captured because of this program.

To say I fear advertising is perhaps not the right sentiment. I like to think that I always make informed judgments about products and only buy those that I really need, but I also know that I have weaknesses and that they are exploited—sometimes with advertising so subtle that I don’t even see them as such. I can say that I do not like being profiled without my express permission. Those emails were not sent to the company providing the “free” email account. They were sent through them, with the expectation of privacy. Yes, I understand that those accounts are not really free and that you sign your rights away when you start using their services. This is why I prefer not to use them. This is why I don’t use search engines that track me; this is why I will not put my data in the cloud. The companies providing these services have not gained my trust. They have thrown it away.

If we want our information to be secure and only read by the people we intend to see it, then:

  • What is good for the goose is good for the gander. Nobody should read our mail. Not the NSA, not Google, not Facebook, not anyone. If you make an exception for one, they should all be treated equally.
  • Security is something we need to take control of. It should not be entrusted to the people who store or transport the data, but encrypted at source with the keys only being accessible to the recipient.
  • We should not continue to think about security and privacy as afterthoughts when we design products. Products should be designed from the ground up with this as a primary requirement. This applies to software and hardware equally.
  • Until true privacy is possible, all agreements about data usage should be opt-in and not opt-out. Almost nobody reads those lengthy legal agreements, because if they did they may pause before agreeing to their services.

This is too important a subject to ignore, and the only true results will come from people taking action at the individual level. I have done several such things myself, including setting up a personal cloud where data is encrypted and uses secure sockets for access. I have stopped using services that track my personal data. And I will continue to make buying or usage choices based on sellers’ and providers’ levels of data exploitation. If you don’t do the same, then how can you complain about what the NSA or Google is doing?