Please Rob Me! The Lack of Internet Privacy – Get Used to It!

It never ceases to amaze me how naïve people can be when it comes to the Internet and their privacy.  On February 17, 2010, the group For The Hack, a self-proclaimed “concept and idea factory,” published their first “hack” called Please Rob Me. The concept is simple… They scan social networking sites for people who indicate that they are not home and they post a link to the blog or twit – pun intended.  While they do not directly have or publish the actual location of these potential victims’ homes, with a little bit of investigative work, it is possible to track them down. I personally like this concept.  I am not sure that it will do much to modify behavior in such a way as to get people to think about their privacy and protect their personal information.

Let’s face it, we live in a world technology outpaces social behavior.  But in that same vein, it shapes it too.  The “older” generation is cautious about the web, yet they find themselves requiring computers to function in today’s society. (For instance, some banks and credit card companies will charge you extra now to receive a paper monthly statement rather than opting in for a “green” e-statement.) This generation, that would never think of publishing intimate details of their private life in any public forum, gets online to conduct their business and they end up with their identity stolen because the free anti-virus subscription that came with their PC expired. They’ve never been trained to secure their computer. Sure they see the media hype and commercials about online protection, but they simply do not understand how to apply it for themselves. The technology for protection is there, but they do not understand what they need or how to employ it.

I know, because I am my family’s IT department.  I am frequently at my parent’s home, patching Adobe or Office or some other vulnerable component. I am answering phone calls about the frequent pop-ups from Zone Alarm. And if I cannot answer right away, they’ll just click “Allow” and go about their business.  (They used to click “Deny,” but that just made things not work anymore.)

The “younger” generation seems to understand the technology. That is, they can download songs, keep their iPod and iPhone updated, and play movies on their laptop that is hooked up on a wireless network.  They grew up with technology and are accustomed to it.  They also see the warnings about what happens to people who put too much information on social networking sites, yet they don’t think that saying, “I’m heading off to Starbucks now…” is a potential security or privacy issue. Taken as an isolated statement, there is little risk.  But when you combine this with the other information out there that they have posted, or that the government has posted as part of the freedom of information, you can build a pretty elaborate profile on social habits and personal data.

Part of the solution is building awareness and you see that today with warnings and news stories. The problem is that while people may be aware of the issues, they may not understand how it impacts them. They do not personalize the risks.  And more importantly, they do not know exactly how to turn that awareness into actions which result in their protection.  The government can’t mandate awareness (although they try with all of these breach notification laws).  And we cannot expect people to learn how to protect themselves from the technology like an IT security expert.  Nor should we.

Another part of the solution is the technology itself.  As it shapes our society, so too should our society shape how it is used and how it evolves to properly protect its users.  This is a natural progression that has happened with other technologies.  Automobiles have become much safer than they ever were in the early 1900’s.  They evolved into the seat belted, air-bagged, and radar controlled anti-collision breaking systems that we have today.

I don’t believe there is a simple solution.  Awareness, improved technology, and more government mandates (ugh!) and industry self-regulation are parts of the answer. Ultimately, the simple truth is that all technologies bring risks. The Internet is not now and never will be a place where there should be an expectation of privacy. The government is not going to protect you! They talk the talk, but violate privacy rights in the name of “security for the general good.”  Industry is not going to protect you! They walk the compliance walk, but violate privacy rights in the name of a better product and better profits. If you’re going to use the Internet or the interconnected technologies of today, expect this ethereal right to privacy to continue to be a fading reality. Get over it, deal with it. <irony>Now, excuse me while I go Twitter about my upcoming trip to the RSA security conference.</irony>